Search code examples
touchmv

Using find vs. locate vs. whereis

I am doing Chapter 1 exercises from Linux Basics for Hackers (Starch Press):

Create a new directory called hackerdirectory and create a new file in that directory named hackedfile. Now copy that file to your /root directory and then rename it secretfile.

So I did mkdir hackerdirectory then cd hackerdirectory then touch hackedfile then sudo mv hackedfile /root

My understanding is that /root is the top home directory but when I cd .. back to home and ls -l, it's not there:

drwxrwxr-x 23 nobu nobu    4096 Jul  9 18:24  anaconda3
-rw-r--r--  1 nobu nobu    4243 May  3 02:10  backblue.gif
-rw-rw-r--  1 nobu nobu   25120 Mar 23 07:02  CERTIFICATE
drwxrwxr-x  3 nobu nobu    4096 Mar 30 05:01  client-configs
-rw-rw-r--  1 nobu nobu     412 May  3 03:18  cookies.txt
-rw-------  1 root root 8560640 Apr 11 09:59  core
drwxr-xr-x  3 nobu nobu    4096 Sep 11 20:34  ctf
drwxr-xr-x 18 nobu nobu    4096 Sep 13 12:33  Desktop
drwxr-xr-x  4 nobu nobu    4096 Sep  8 18:59  Diamondhead
drwxrwxr-x  6 nobu nobu    4096 Sep 15 16:42  Documents
drwxr-xr-x 27 nobu nobu   12288 Sep 17 14:28  Downloads
-rw-r--r--  1 nobu nobu    8980 Mar 20 06:44  examples.desktop
-rw-r--r--  1 nobu nobu     828 May  3 02:10  fade.gif
drwxrwxr-x  4 nobu nobu    4096 Jun 27 02:38  fullstack
drwxrwxr-x 11 nobu nobu    4096 Jul 12 16:21  gym
drwxr-xr-x  2 nobu nobu    4096 Sep 17 15:37  hackerdirectory
drwx------  2 nobu nobu    4096 May  3 03:18  hts-cache
-rw-rw-r--  1 nobu nobu    2101 May  3 03:18  hts-log.txt
drwxr-xr-x  6 nobu nobu    4096 Sep  4 23:27  locust_k8s
drwxr-xr-x 10 nobu nobu    4096 Aug 28 11:44  mecab-ipadic-neologd
drwxr-xr-x  2 nobu nobu    4096 Mar 20 06:52  Music
drwxr-xr-x 14 nobu nobu    4096 Aug 24 14:10  myapp
drwx------  3 nobu nobu    4096 Mar 30 03:28  openvpn-ca
drwxr-xr-x  4 nobu nobu    4096 Aug 19 19:47  Pictures
drwxr-xr-x  2 nobu nobu    4096 Mar 20 06:52  Public
drwxr-xr-x  3 nobu nobu    4096 Aug 15 12:34  repos
drwxr-xr-x  6 nobu nobu    4096 Sep  4 23:23  snap
drwxr-xr-x  2 nobu nobu    4096 Mar 20 06:52  Templates
-rw-rw-r--  1 nobu nobu 5477405 Jul  5 08:17  tf
-rwxrwxr-x  1 nobu nobu 4474932 Oct 24  2017  unetbootin-linux-latest
drwxr-xr-x  3 nobu nobu    4096 Apr 27 11:56  Videos
drwx------  3 nobu nobu    4096 Jun 27 02:46 'VirtualBox VMs'
drwxrwxr-x  5 nobu nobu    4096 May  3 02:36  websites
drwxrwxr-x  2 nobu nobu    4096 Jul  9 21:15  work

Now I did:

nobu@nobu-ThinkPad-T420:~$ locate hackedfile
nobu@nobu-ThinkPad-T420:~$ whereis hackedfile
hackedfile:

What does this mean? I've tried sudo su then ls but still can't see it.

Edit: So I found it per the commands below but can't get rid of it.

nobu@nobu-ThinkPad-T420:~$ sudo find /root -type f -name hackedfile
/root/hackedfile
nobu@nobu-ThinkPad-T420:~$ sudo rm /root/hackedfile
nobu@nobu-ThinkPad-T420:~$ sudo find /root -type f -name hackedfile
nobu@nobu-ThinkPad-T420:~$ whereis hackedfile
hackedfile:

Edit (not listed)

nobu@nobu-ThinkPad-T420:~$ sudo ls -al /root 
total 64
drwx------ 12 root root 4096 Sep 17 16:23 .
drwxr-xr-x 28 root root 4096 Sep  9 12:45 ..
drwx------  2 root root 4096 Jul 10 07:31 .aptitude
-rw-------  1 root root 1124 Sep 17 16:30 .bash_history
-rw-r--r--  1 root root 3106 Oct 23  2015 .bashrc
drwx------  4 root root 4096 Apr 11 05:47 .cache
drwx------  7 root root 4096 Apr 11 15:54 .config
drwx------  3 root root 4096 Mar 22 02:47 .dbus
drwx------  3 root root 4096 Apr 11 12:23 .gnupg
drwxr-xr-x  4 root root 4096 Aug 17 09:20 .java
drwxr-xr-x  3 root root 4096 Apr  1 08:12 .local
drwxr-xr-x  2 root root 4096 Mar 30 02:55 .nano
drwxr-xr-x  2 root root 4096 Aug 21 11:13 .oracle_jre_usage
-rw-r--r--  1 root root  148 Aug 18  2015 .profile
drwx------  2 root root 4096 Sep  4 22:58 .ssh
-rw-r--r--  1 root root  220 Aug  8 14:02 .wget-hsts

Edit (when sudo su)

root@nobu-ThinkPad-T420:/home/nobu# whereis hackedfile
hackedfile:

So when I do command whereis, it shows the file. So is it really deleted?

But now when I try: sudo find /root -type f -name hackedfile I get:

nobu@nobu-ThinkPad-T420:~$ sudo find /root -type f -name hackedfile
nobu@nobu-ThinkPad-T420:~$

And thus it seems to be gone except doing `whereis' still shows it with the colon.

Edit:

Beware that whereis returns whatever you were looking for say filename: and then lists the PATH of location after colon.

So here is how to use find:

find

That's from my textbook listed above.

Solution

  • Try pwd to see where you are in the file system. You will probably find the file using sudo ls -al /root