Chapter 10. Korn Shell Administration
System administrators use the shell as part of their job of setting up a system-wide environment for all users. In this chapter, we discuss the Korn shell's features that relate to this task from two perspectives: customization that is available to all users and system security. We assume that you already know the basics of Unix system administration.
As a prelude to system-wide customization, we want to emphasize something about the Korn shell that doesn't apply to most other shells: you can install it as if it were the standard Bourne shell, i.e., as /bin/sh. Just save the real Bourne shell as another filename, such as /bin/bsh, in case anyone actually needs it for anything (which is doubtful), then rename (or link) your Korn shell as /bin/sh.
Many installations have done this with absolutely no ill effects. Not only does this make the Korn shell your system's standard login shell, but it also makes most existing Bourne shell scripts run faster, and it has security advantages that we'll see later in this chapter.
As we will see in Appendix A, the Korn shell is backward-compatible with the Bourne shell except that it doesn't support ^ as a synonym for the pipe character |. Unless you have an ancient Unix system, or you have some very, very old shell scripts, you needn't worry about this.
But if you want to be absolutely sure, simply search through all shell scripts in all directories in your PATH. An easy way to do this is to use the file(1) command, which we saw in Chapter 5 and Chapter 9. file prints "executable shell script" when given the name of one. (The exact message varies from system to system; make sure that yours prints this message when given the name of a shell script. If not, just substitute the message your file command prints for "shell script" in the following example.) Here is a script that looks for ^ in shell scripts in every directory in your PATH:
dirs=$(print -- $PATH | sed -e 's/^:/.:/' -e 's/::/:.:/' -e s'/:$/:./' -e 's/:/ /g') for d in $dirs do print "checking $d:" cd "$d" scripts=$(file * | grep 'shell script' | cut -d: -f1) grep -l '\^' $scripts /dev/null done
The first statement of this script pulls $PATH apart into separate directories, including handling the several cases of empty separators which signify the current directory. The sed(1) program is a stream editor that performs editing operations on its input, and prints the changed contents on its output. The result is assigned to dirs, which is then used as the item list in the for loop. For each directory, it cds there and finds all shell scripts by piping the file command into grep and then, to extract the filename only, into cut. Then it searches each script for the ^ character. The -l option to grep simply lists all filenames that match the pattern, without printing the matching lines. The grep command has /dev/null on the end of the list of files in case $scripts happens to be empty. If you're adventurous, you could do all the work on one line:
grep -l '\^' $(file * | grep 'shell script' | cut -d: -f1) /dev/null
If you run this script, you will probably find several occurrences of ^, but these should be used within regular expressions in grep, sed, or awk commands, not as pipe characters. Assuming this is the case, it is safe for you to install the Korn shell as /bin/sh.
Copyright © 2003 O'Reilly & Associates. All rights reserved.