UNIX – Find Files that Changed Within Time Window

Every so often us lowly UNIX admins find ourselves needing to search a file system for files that have been created or changed within a certain time window. In other words, those files that are newer than time “X”, but not newer than time “Y”. There are a number of ways to accomplish this, but my preferred method is to create two reference files to indicate the beginning and end of my window and use the “-newer” and “! -newer” flags to search for files that changed within that window.

# touch -amt 200910260000 /tmp/starttime
# touch -amt 200910262359 /tmp/endtime
# find / -type f -newer /tmp/starttime -a ! -newer /tmp/endtime

The guys at virtuelvis.com point out that it is more elegant to accomplish this without creating two files, but their solution does not work with operating systems that use strict POSIX compliant “find” implementations, making it of little use in some cases. For the curious, here is their example:

# find . -type f -newermt 2009-10-26 ! -newermt 2009-10-27

