Terminal.Drill Get the app
ch01/l03

Finding without opening everything

Use `find` predicates to reduce a filesystem problem to a targeted list.

find . -type f -name '*.log' 20 min read, 30 min lab beginner

`find` walks a tree and filters entries by type, name, time, size, permission, and more. It becomes powerful when the search is constrained and the output is handled safely.

In the field

A disk filled overnight. You need recent large log files under one application directory, not a random tour of the server.

Worked command

$ find /var/log -type f -name '*.log' -mtime -1$ find . -type f -size +10M -print$ find . -type f -name '*.txt' -print0
Anti-pattern

Do not run broad filesystem searches from `/` during an incident unless you understand the cost.

Safer pattern

Constrain path first, then type, then name/time/size. Use null-delimited output for automation.

Knowledge check

In `find /var/log -type f -name '*.log' -mtime -1`, what does `-type f` actually do to the result set?

  • A Restricts matches to regular files, excluding directories and symlinks
  • B Limits results to files modified in the last day
  • C Filters to files whose names end in `.log`
  • D Follows symlinks so linked targets are included
Show the answer

Correct: A. Restricts matches to regular files, excluding directories and symlinks

Why

`-type f` keeps only regular files, dropping directories, symlinks, and special files. The day window comes from `-mtime -1` and the name filter from `-name '*.log'`, not from `-type f`.

Practice checklist

  1. Create a throwaway tree with logs and notes.
  2. Find only `.log` files changed today.
  3. Repeat with `-print0` and explain why it exists.

Deliverable evidence

  • A constrained find command.
  • A note explaining why broad searches are risky.
Teaching diagramch01 · mental model
Every path resolves to one absolute location cwd pwd shows it . here .. parent ~ home /abs/target realpath proves it find /var/log -type f -name '*.log' -mtime -1 walks the tree, filters to evidence absolute path = same target from anywhere | relative path = depends on cwd

shows: How `.`, `..`, and `~` resolve from the current directory into a single absolute location, with `pwd`/`realpath` confirming where you actually are and `find` filtering a tree down to evidence.

does not prove: It shows how path tokens resolve in principle; it does not prove your shell's current directory at any moment — only running `pwd` or `realpath` on the live machine proves that.

Memorize this

Commit these to memory, then drill them until recall is automatic.

find -type f-name-mtime-size-print0

Reference

find -print0realpath
Recall practice · Meaning -> flags

cue Feed find's matches to another tool safely when filenames may contain spaces or newlines.

show recall target

-print0

See this drill type Practice recall in the app