“which” Command

This tool returns the path to the file or link that should be executed. This can be used to determine if specific program, like python, curl etc. is present or not.

which python - This will return location of executable if present, and gives no output if not.

“find” Command

find <location> <option>

find / -type f -name *.conf -user root -size +20k -newermt 2020-03-03 -exec ls -al {} \\; 2>/dev/null

Command Breakdown

Option	Description
`-type f`	Hereby, we define the type of the searched object. In this case, '`f`' stands for '`file`'.
`-name *.conf`	With '`-name`', we indicate the name of the file we are looking for. The asterisk (`*`) stands for 'all' files with the '`.conf`' extension.
`-user root`	This option filters all files whose owner is the root user.
`-size +20k`	We can then filter all the located files and specify that we only want to see the files that are larger than 20 KiB.
`-newermt 2020-03-03`	Only files newer than the specified date will be presented.
`-exec ls -al {} \\;`	This option executes the specified command, using the curly brackets as placeholders for each result. The backslash escapes the next character from being interpreted by the shell because otherwise, the semicolon would terminate the command and not reach the redirection.
`2>/dev/null`	This is a `STDERR` redirection to the '`null device`', which we will come back to in the next section. This redirection ensures that no errors are displayed in the terminal. This redirection must `not` be an option of the 'find' command.

“locate” Command

locate works with a local database that contains all information about existing files and folders. We can update this database with the following command. sudo updatedb .

It doesn’t have the the filters like find command. It is always worth considering which command to use.

File Descriptor and Redirector

A file descriptor (FD) in Unix/Linux operating systems is a reference, maintained by the kernel, that allows the system to manage Input/Output (I/O) operations.

In Windows-based operating systems, this is known as a file handle.

By default, the first three file descriptors in Linux are:

Data Stream for Input
- STDIN – 0 Here the 0 is FD value for standard input.
Data Stream for Output
- STDOUT – 1 Here the 1 is FD value for standard output.
Data Stream for Output that relates to an error occurring.
- STDERR – 2 Here the 2 is FD value for standard error.

These file descriptor are like special codes that separates the input, output and the errors.

$ find /etc/ -name shadow
/etc/shadow
find: ‘/etc/vpnc’: Permission denied
find: ‘/etc/redis’: Permission denied
find: ‘/etc/ssl/private’: Permission denied
find: ‘/etc/credstore’: Permission denied
find: ‘/etc/polkit-1/rules.d’: Permission denied
find: ‘/etc/openvas/gnupg’: Permission denied
find: ‘/etc/ipsec.d/private’: Permission denied
find: ‘/etc/credstore.encrypted’: Permission denied