Featured resource
2025 Tech Upskilling Playbook
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Check it out
  • Lab
    • Libraries: If you want this lab, consider one of these libraries.
    • Cloud
Google Cloud Platform icon
Labs

Finding Files and File Contents

In this lab, we'll use the `find` command and its options to find all sorts of files on our system. Once we have found certain files, we'll use the execute function on them to run commands that will further display useful information about those files. Then, we'll use the `grep` command to show the contents of files, display additional context for what is found, show what lines those instances occur on, and more.

Google Cloud Platform icon
Lab platform
Lab Info
Level
Beginner
Last updated
Sep 01, 2025
Duration
45m

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
Table of Contents
  1. Challenge

    Use the `find` Command to Search for Files

    Run find:

    find
    

    See how many files it finds there:

    find | wc -l
    

    Run find on /home and its subdirectory contents:

    find /home
    

    See how many files are there:

    find /home | wc -l
    

    Search the /etc directory for files whose names include .conf (the -name flag means it will be case sensitive):

    find /etc -name *.conf 2> /dev/null
    

    See how many files are returned:

    find /etc -name *.conf 2> /dev/null | wc -l
    

    Now, run a similar search, but this time, the -iname flag makes it case insensitive:

    find /etc -iname *.conf 2> /dev/null | wc -l
    

    Look for everything in the directory:

    find /etc -iname *.* 2> /dev/null | wc -l
    

    Instead, add quotation marks to the command:

    find /etc -iname "*.*" 2> /dev/null | wc -l
    

    Let's say you made a backup. Let's run touch on it:

    touch lastbackup
    

    See what the timestamps are on it:

    ls -l lastbackup
    

    See more info about it:

    stat lastbackup
    

    Run touch on a range of files:

    touch file{1..10}
    
    

    Run ls.

    Compare the dates and times of lastbackup and the files we just looked at:

    ls -l lastbackup file*
    

    Find what files have changed since a particular backup or event:

    find /home -newer lastbackup 2> /dev/null
    

    Take a look at files that are 128k or larger:

    find /etc -size +128k 2> /dev/null
    

    Run a similar search, but this time we'll get more information:

    find /etc -size +128k -exec ls -l {} \; 2> /dev/null
    

    Change the size specification:

    find /etc -size +512k -exec ls -l {} \; 2> /dev/null
    

    Run the following to see the sizes in bytes:

    find /etc -size +512k -exec ls -lh {} \; 2> /dev/null
    

    Run touch on file99:

    touch file99
    

    Run ls -l:

    ls -l file99
    

    Create a hard link to file99:

    ln file99 hardlink2file99
    

    Run ls -l again:

    ls -l *file99
    

    This time, we'll see both files.

    Run ls -li:

    ls -li *file99
    

    We'll see they share the same inode number.

    Run a search:

    find /home -samefile file99 -exec ls -li {} \; 2> /dev/null
    
  2. Challenge

    Find File Contents and Display the Results Using the `grep` Command

    Run the ps aux command, pipe it to grep, and look for ssh:

    ps aux | grep ssh
    

    We should see we get a few entries.

    Find out more about ssh:

    pstree -a | grep ssh
    

    Get the process number of sshd:

    pstree -ap | grep sshd
    

    Insert the process number you received in the previous command output:

    pstree -ap <sshd_PROCESS_NUMBER>
    

    This will give us a tree of everything, and their process IDs, running through sshd.

    Use grep to search for a user in multiple files:

    grep cloud_user /etc/passwd /etc/group /etc/shadow
    

    Search for zip in /usr/share/doc/packages:

    grep -i zip /usr/share/doc/packages
    

    It won't work because it's a directory.

    Try this instead:

    grep -ir zip /usr/share/doc/packages
    

    -ir tells it to look recursively from wherever we're pointing it to. This time, we'll see a ton of files.

    Get a count of the files:

    grep -ir zip /usr/share/doc/packages | wc -l
    

    There should be thousands (somewhere around 3800).

    Search specifically for zip on its own as a word:

    grep -irw zip /usr/share/doc/packages | wc -l
    

    This time, there are still a lot (close to 2000), but not as many.

    Search for ZIP:

    grep -rw ZIP /usr/share/doc/packages | wc -l
    

    There should be even fewer this time (in the 150 range).

    Run the following to search for src:

    grep -rw ZIP /usr/share/doc/packages | grep src
    

    Get even more information:

    grep -rwn ZIP /usr/share/doc/packages | grep -n src
    

    Open one of the files in the list:

    vim /usr/share/doc/packages/p7zip/DOC/src-history.txt +174
    

    Quit the file with :q.

    Find the accounts that are on your system:

    lastlog
    

    Search forward with to find the accounts that have never logged in:

    lastlog | grep "Never"
    

    This time, cloud_user won't be on the list, as we've logged in.

    Invert the search to see everything that doesn't have "Never" in it:

    lastlog | grep -v "Never"
    
About the author

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.

Get started with Pluralsight