Next: Multiple Files, Up: Run Commands
Here is how to run a command on one file at a time.
Execute command; true if zero status is returned.
find
takes all arguments after ‘-exec’ to be part of the command until an argument consisting of ‘;’ is reached. It replaces the string ‘{}’ by the current file name being processed everywhere it occurs in the command. Both of these constructions need to be escaped (with a ‘\’) or quoted to protect them from expansion by the shell. The command is executed in the directory in whichfind
was run.For example, to compare each C header file in or below the current directory with the file /tmp/master:
find . -name '*.h' -execdir diff -u '{}' /tmp/master ';'
If you use ‘-execdir’, you must ensure that the ‘$PATH’ variable contains only absolute directory names. Having an empty element in ‘$PATH’ or explicitly including ‘.’ (or any other non-absolute name) is insecure. GNU find will refuse to run if you use ‘-execdir’ and it thinks your ‘$PATH’ setting is insecure. For example:
Another similar option, ‘-exec’ is supported, but is less secure. See Security Considerations, for a discussion of the security problems surrounding ‘-exec’.
This insecure variant of the ‘-execdir’ action is specified by POSIX. The main difference is that the command is executed in the directory from which
find
was invoked, meaning that ‘{}’ is expanded to a relative path starting with the name of one of the starting directories, rather than just the basename of the matched file.While some implementations of
find
replace the ‘{}’ only where it appears on its own in an argument, GNUfind
replaces ‘{}’ wherever it appears.