home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Book HomeBook TitleSearch this book

Chapter 10. Korn Shell Administration

System administrators use the shell as part of their job of setting up a system-wide environment for all users. In this chapter, we discuss the Korn shell's features that relate to this task from two perspectives: customization that is available to all users and system security. We assume that you already know the basics of Unix system administration.[136]

[136] A good source of information on system administration is Essential System Administration by Æleen Frisch. It is published by O'Reilly & Associates.

10.1. Installing the Korn Shell as the Standard Shell

As a prelude to system-wide customization, we want to emphasize something about the Korn shell that doesn't apply to most other shells: you can install it as if it were the standard Bourne shell, i.e., as /bin/sh. Just save the real Bourne shell as another filename, such as /bin/bsh, in case anyone actually needs it for anything (which is doubtful), then rename (or link) your Korn shell as /bin/sh.

Many installations have done this with absolutely no ill effects. Not only does this make the Korn shell your system's standard login shell, but it also makes most existing Bourne shell scripts run faster, and it has security advantages that we'll see later in this chapter.

As we will see in Appendix A, the Korn shell is backward-compatible with the Bourne shell except that it doesn't support ^ as a synonym for the pipe character |. Unless you have an ancient Unix system, or you have some very, very old shell scripts, you needn't worry about this.

But if you want to be absolutely sure, simply search through all shell scripts in all directories in your PATH. An easy way to do this is to use the file(1) command, which we saw in Chapter 5 and Chapter 9. file prints "executable shell script" when given the name of one. (The exact message varies from system to system; make sure that yours prints this message when given the name of a shell script. If not, just substitute the message your file command prints for "shell script" in the following example.) Here is a script that looks for ^ in shell scripts in every directory in your PATH:[137]

[137] This script will fail if your PATH has directories whose names contain spaces. Consider fixing this problem as an advanced exercise for the reader.

dirs=$(print -- $PATH |
	sed -e 's/^:/.:/' -e 's/::/:.:/' -e s'/:$/:./' -e 's/:/ /g')
for d in $dirs
do
	print "checking $d:"
	cd "$d"
	scripts=$(file * | grep 'shell script' | cut -d: -f1)
	grep -l '\^' $scripts /dev/null
done

The first statement of this script pulls $PATH apart into separate directories, including handling the several cases of empty separators which signify the current directory. The sed(1) program is a stream editor that performs editing operations on its input, and prints the changed contents on its output. The result is assigned to dirs, which is then used as the item list in the for loop. For each directory, it cds there and finds all shell scripts by piping the file command into grep and then, to extract the filename only, into cut. Then it searches each script for the ^ character. The -l option to grep simply lists all filenames that match the pattern, without printing the matching lines. The grep command has /dev/null on the end of the list of files in case $scripts happens to be empty. If you're adventurous, you could do all the work on one line:

grep -l '\^' $(file * | grep 'shell script' | cut -d: -f1) /dev/null

If you run this script, you will probably find several occurrences of ^, but these should be used within regular expressions in grep, sed, or awk commands, not as pipe characters. Assuming this is the case, it is safe for you to install the Korn shell as /bin/sh.



Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.