Discover to which package a file belongs to

Sometimes you want to know the related package of a file, before installation, or when it is already there. This is of great help during system hardening or general system cleanups. In this article we have a look at several ways to determine the relationships between files and the package they belong to. We have gathered this information for multiple Linux distributions.

Most options used in this article have also a long format option. When using options in shell scripts, it can be a good idea to use these full names, as they are typically more clear on their purpose.

Arch Linux

pacman -Qo binaryname

Shows the related package and the binary path for installed packages.

Show files provided by the package

Another option is using the pkgfile command.

pkgfile -l packagename

Note: most likely this tool needs to be installed first: pacman -S pkgfile && pkgfile -u

CentOS, Fedora, RHEL

Show files for RPM packages

The rpm command can be used to query information about RPM packages, including those that are installed or RPM files.

rpm -qlp /path/to/file.rpm

These options translate to the following actions below.

OptionLong formatRelated action
-l--listList files in package
-p--packageDefine the related package to use for the action
-q--queryPerform a query action

Show files for packages in available repositories

If you use dnf, then you can query files from the packages that are in your repositories. The package itself does not have to be installed.

dnf repoquery -q -l packagename

Use the -q option with dnf to show only the relevant output.

Query related packages from repository packages with DNF

Show files for an installed package

To show what files are provided by an installed package, use the rpm command.

rpm -ql package

If you have the file name, you can turn this around and find the related package.

rpm -qf /bin/ps

The output will provide the package and its version.

Screenshot of querying a file and its related package with rpm tool

To just see the package name, use the –queryformat option.

rpm -qf /bin/ps --queryformat '%{NAME}'

With yum you can do a similar request to see the related package.

yum whatprovides /bin/ps

And with DNF there is the provides argument.

dnf provides /bin/ps

This will give you possibly multiple hits, as a file can be part of packages from different repositories.

Show related packages from installed file or binary with DNF

This data is less easy to parse due to the different types of lines.

Debian and Ubuntu

If you want to find the related package of a binary (or file), we first have to know the full path. If you know the binary, then use the which command to discover where it is stored. Using the find command is another option, but may be less efficient. With the dpkg package management tool we can find the related package.

dpkg -S /usr/sbin/atd | awk -F: '{print $1}'

Without the awk command, the output will look like this.

Determine file and its related-package on Debian and Ubuntu

Show files installed by package

If you already know the package name, you can quickly look up the files that are installed by a Debian package.

dpkg -L package

Let’s do the same for the at package and see what it exactly installs (and where).

Show files installed by a Debian package

Gentoo

The first option is using equery, which is part of the package app-portage/gentoolkit.

equery files <installed package>

The package itself should be installed.

Next alternative is qlist, which is part of app-portage/portage-utils

qlist name-of-installed-package

OpenSUSE

Systems running the distributions from SuSE can use the zypper tool to find the link between a file and a package.

zypper what-provides /bin/ps

Got more useful commands to share? Let it know!

Relevant commands in this article

Like to learn more about the commands that were used in this article? Have a look, for some there is also a cheat sheet available.

  • awk
  • dnf
  • pacman
  • rpm
  • yum

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon