Solaris 10 "find" command options

I need an exact syntax for find command that will list out all files in a Solaris 10 x86
server which will exclude:

a) Fifo files (when issued with "ls -l fifo" it shows as prwxr-xr-x), socket files, soft+hard links
    & character device files (ie those found in /dev, /devices)

b) files with size above 50MB

Reason is I need to pass this list of files to an app to do scanning but this app can't
handle Fifo, socket & "special" files as it will go into a loop.  Also files bigger than
50MB will take too long to scan
sunhuxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

woolmilkporcCommented:
find / -type f -size -52428800c

"-type f" finds only regular files, i.e. no block special files, character special files, directories, doors, symbolic links, fifo (named pipes), or sockets.
It will find hard links, however, because a source file and its corresponding hard link(s) cannot be distinguished.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sunhuxAuthor Commented:
I'm using Bash shell (if that makes any difference).

Those odd files in /proc & named pipes to be excluded as well.

I was browsing the link below:
http://www.thegeekstuff.com/2009/03/15-practical-linux-find-command-examples/

But I can't get the complete command, think it's something like:

exclude socket files?
# find / -not -type s -size -50M ...

or would the following find of normal files do?
# find . -type f -size -50M ...


Was also browsing the following but can't find anything for file type Fifo & device files:
http://www.thegeekstuff.com/2009/06/15-practical-unix-linux-find-command-examples-part-2/
0
sunhuxAuthor Commented:
Thanks, just saw your reply.

If I'm doing weekly scan & the following week (ie 7 days later), I don't want
to scan files that I've scanned 7 days ago, would a combination of
-ctime & -mtime help achieve this?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

sunhuxAuthor Commented:
Wud the following "last accessed time" help achieve this & what's the exact syntax?
-amin n File was last accessed n minutes ago
-atime n File was last accessed n*24 hours ago
0
woolmilkporcCommented:
If you mean "find" when saying  "scan" - this does not modify any file information except for "atime", so you would indeed have to rely on this "atime" (access time), but any file access (including read access) would modify this time stamp, so it can in no way be considered reliable.
I fear there's no method satisfying your last requirement.

Anyway, the syntax for "last accessed more than 7 days ago" is

-atime +7

/proc is a pseudo filesystem, but the files therein behave just as regular files would.

"fifo" and "named pipe" mean the same.
0
sunhuxAuthor Commented:
Ok, understand there could be other processes/tasks/users accessing the files other than
my AV scanner but at least it will cut down the number of files to be scanned in subsequent
scan.

Hmm, come to think of it, if it is files which has been infected within the last 7 days, then
-atime +7  will have missed scanning it, unless I use a combination of
a) exclude files are not 'accessed'  last 7 days
b) but was modified/created within last 7 days
Rather conflicting requirements between the 2
0
woolmilkporcCommented:
Creating/modifying a file always updates the "access" timestamp, so these requirements are indeed a bit "conflicting".

"-atime -7"

gives a list of files accessed within the last 7 days, and

" \( -atime -7 -o -mtime -7" \) "

gives a list of files accessed or modified within the last 7 days, which is exactly the same as just "-atime -7".

"-atime" always shows a superset of "-ctime" and/or "-mtime"

You're right, however, the list of files will be cut down when using such a filter.

Please keep in mind - there might be malicious software which is able to infect a file bypassing the filesystem mechanism,
so none of the timestamps will be updated...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.