Skip to main content

What is Find?

find is a POSIX utility that walks a directory tree in real-time and evaluates expressions against every object it encounters. It has been available on Unix systems since 1971.

Mental model: find is not a search tool — it is a filter pipeline over the filesystem. It walks every inode, applies your conditions, and executes an action on matches.

How find Traverses the Filesystem

Directory tree
└── /var/log/
    ├── nginx/         ← find enters here
    │   ├── access.log ← evaluates all conditions → action if true
    │   └── error.log  ← evaluates all conditions → action if true
    └── syslog         ← evaluates all conditions → action if true

For every file encountered, find evaluates your expression left to right and stops at the first false condition. This is called short-circuit evaluation — and it is the key to writing efficient find commands.

ToolReadsAccuracySpeed
findLive filesystem inodes100% currentMedium (I/O)
locateNightly databaseStale by up to 24hInstant
fdLive filesystem (parallel)100% currentFast

Use find when you need 100% accuracy and metadata filtering (permissions, ownership, SUID bits) that only the live inode provides.

What find Can Filter On

# Name and extension
find /etc -name "*.conf"

# File type (regular file, directory, symlink, socket)
find /var/run -type s          # sockets only

# Size
find / -size +1G               # larger than 1 GB

# Age
find /tmp -mtime +7            # older than 7 days

# Owner and permissions
find /home -user alice -perm /0002  # alice's world-writable files

# Then act on results
find /tmp -mtime +7 -delete    # delete them all
find /etc -name "*.bak" -exec rm {} +  # batch delete

When to Use find vs. Alternatives

ScenarioBest Tool
Delete files older than 30 daysfind (-mtime, -delete)
Find a source code functionrg or fd
Check if a file exists right nowfind
Audit SUID binaries on a serverfind (-perm /4000)
Search code across a git reporg
Rename 500 files matching a patternfind + -exec rename