The find program is a very powerful system administration tool. This command is used by the updatedb script as well as various /etc/crontab scripts when installed on your system. The command requires a bit of studying due to the complexity of the syntax of some of the switches. You'll need to know it well, in order to run find in the background or via scripts or crontab without user interaction. Running it this way is necessary, because on a large system, find can take some time to complete execution.
To use find from the command line, type:
find / -nouser
This is a very simple example. find begins at the root (/) directory and searches recursively through all the subdirectories for files that don't belong to any user listed in the /etc/passwd file. This search can take a long time to finish, so you might want to run the command in the background:
find / -nouser > $HOME/myfile &
This command is similar to the one above but will redirect the output to myfile in your home directory and execute in the background. If you run find as any user except root on the entire directory tree, expect to see “permission denied” errors for directories you aren't permitted to read. If you think you'll forget to read the file, you can give the following one-line command (it will wrap to column width here):
find / -nouser > $HOME/myfile; if [-s $HOME/myfile]; then /bin/mail -s "Unknown UIDs" root < $HOME/myfile; fi; rm $HOME/myfile &
This series of commands adds a few small details. Following creation of myfile, the command then checks to see if myfile both exists and is not empty (zero length). If it contains data (non-zero length), the file is mailed to root with the subject line of “Unknown UIDs”. The fi ends the “if-then” condition and the file, regardless of size, is deleted. Note that I use the ; (semicolon) character to separate commands. If you put this on a command line, it must be all one line. If you put this in a script, you can use enter in place of the ; and you don't need to include the & (ampersand). You will use the ampersand when you call the script. Also, you will need to include the following line (as the very first line) of the script:
#!/bin/sh
Then, to make the file executable, type chmod 755, and you can call the script from cron or the command line. Alternately, just include the find statement above in a properly formated crontab line, and it will execute periodically automatically and mail you if any files exist that don't belong to a recognized user.
