Find which package owns a file

How to find which package owns a file in each shell

dpkg -S /usr/bin/curl

dpkg -S /usr/bin/curl

dpkg -S /usr/bin/curl

winget list --query "C:\Program Files\curl\bin\curl.exe"

winget list --query "C:\Program Files\curl\bin\curl.exe"

Equivalents listed for Bash, Zsh, Fish, PowerShell, cmd.exe.

Gotchas & notes

• **`dpkg -S` vs `dpkg -L` — inverse operations on the same index.** `dpkg -S /usr/bin/curl` answers "which package installed THIS file?" (file → package); `dpkg -L curl` answers "which files did THIS package install?" (package → files). Both read the same `/var/lib/dpkg/info/*.list` files maintained by dpkg. Equivalents: `rpm -qf` ↔ `rpm -ql` (Fedora/RHEL); `pacman -Qo` ↔ `pacman -Ql` (Arch); `brew list --formula <pkg>` lists files for a formula but Homebrew has NO `find-owner-of-file` — see workaround below. The `-S` flag is mnemonic for "Search the file-list database"; `-L` is "List the package contents".
• **Homebrew has no native owner-lookup — use `brew list --verbose` + grep.** Unlike apt/dnf/pacman, Homebrew does not index files by path. The portable trick: `brew list --verbose --formula | grep /usr/local/bin/curl` (Intel macOS path) or `… | grep /opt/homebrew/bin/curl` (Apple Silicon). For "which formula installs this binary?" without shell tricks: read `/usr/local/Cellar/*/bin/<binary>` symlinks — Homebrew lays out `/<prefix>/Cellar/<formula>/<version>/bin/<binary>` and symlinks them into `/<prefix>/bin/`. So `ls -l /usr/local/bin/curl` reveals the formula via the symlink target. For casks (GUI apps): `brew list --cask` lists all installed casks; cask files land in `/Applications/` and `~/Library/`.
• **Search the package database for files NOT YET installed (apt-file, dnf provides).** "Which package would provide `/usr/bin/foo` if I were to install it?" is a different question, handled by `apt-file search /usr/bin/foo` (Debian/Ubuntu — requires `sudo apt install apt-file && sudo apt-file update` once to populate the contents cache; the cache is a few hundred MB), `dnf provides /usr/bin/foo` (Fedora — searches the live repo metadata, no separate cache step needed), `pacman -F /usr/bin/foo` (Arch — requires `sudo pacman -Fy` first to fetch the file-list databases). The inverse — `apt-file list <pkg>` — lists files in a package even before installing. Useful when you hit "command not found: foo" and want to know which package to `apt install`.
• **Windows: no unified file→package index, but the registry helps.** Every MSI install writes to `HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\<GUID>` with `InstallLocation`, `DisplayName`, `Publisher`. Walking that key for a path match is the closest registry-native answer. PowerShell idiom: `Get-ItemProperty "HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" | Where-Object { $_.InstallLocation -like "*curl*" } | Select DisplayName, InstallLocation`. For .exe files NOT installed by an MSI (portable apps, manual extracts, `choco install` with `--params`): there is no record. Sysinternals `sigcheck.exe -i <file>` is the fallback — reads the binary's embedded code-signing identity, which often names the publisher even when the registry has nothing.
• **A path inside a path: handling symlinks and `/usr/local/`.** `dpkg -S` and `rpm -qf` search by EXACT file path as recorded in their database. If you query a symlink (`/usr/bin/python` → `/usr/bin/python3.11`), they look up the symlink itself — but the symlink is usually NOT in any package (it was created by `update-alternatives` on Debian or `alternatives` on RHEL). To find the OWNER OF THE TARGET: `dpkg -S "$(readlink -f /usr/bin/python)"`. For `/usr/local/bin/<foo>`: NOTHING owns it under dpkg/rpm because `/usr/local` is by FHS convention reserved for the sysadmin / manual installs — package managers DO NOT install there. If a binary in `/usr/local/bin` is a mystery, it was installed by `make install`, a `curl | bash` script, or a manual `cp` — check `~/.bash_history` or look for a `Makefile` in your home directory.