Diffs to the Frequently Asked Questions postings
Steve Hayman
sahayman at iuvax.cs.indiana.edu
Mon Dec 3 15:48:02 AEST 1990
Here are the most recent changes to parts 1 and 2 of the
Frequently Asked Questions articles, which have just been
posted. You can find the full articles elsewhere in
comp.unix.questions. You can also ftp the most recent version from
iuvax.cs.indiana.edu (129.79.254.192), where it's
"pub/Unix-Questions.part1" and "pub/Unix-Questions.part2".
(IUVax also runs a mail server, for those of you unable to ftp.
Send the line "HELP" to "mailserv at iuvax.cs.indiana.edu" to get started.)
*** /tmp/,RCSt1a05989 Sun Dec 2 23:46:44 1990
--- part1 Sun Dec 2 23:46:31 1990
***************
*** 1,6 ****
Subject: Welcome to comp.unix.questions [Monthly posting]
! [Last changed: $Date: 90/11/02 09:52:30 $ by $Author: sahayman $]
Comp.unix.questions is one of the most popular and highest volume
--- 1,6 ----
Subject: Welcome to comp.unix.questions [Monthly posting]
! [Last changed: $Date: 90/12/02 23:46:27 $ by $Author: sahayman $]
Comp.unix.questions is one of the most popular and highest volume
***************
*** 48,58 ****
o Find a good introductory book on Unix. There are plenty of
such books available, and you will save yourself a lot
of trouble by having one handy and consulting it frequently.
!
Please remember that the comp.unix.* newsgroups are read by over 50,000
people around the world, and that posting a question to this group will
cost a lot of time and money by the time your article is distributed to
! Japan, Australia, Western Europe, Israel, and all corners of North America.
Also, some people receive these newsgroups as part of a mailing list
rather than a newsgroup. If you're one of these people, please don't
--- 48,61 ----
o Find a good introductory book on Unix. There are plenty of
such books available, and you will save yourself a lot
of trouble by having one handy and consulting it frequently.
! (Question 28 in part 2 of this list will let you know where
! you can find a list of good Unix and C books.)
!
Please remember that the comp.unix.* newsgroups are read by over 50,000
people around the world, and that posting a question to this group will
cost a lot of time and money by the time your article is distributed to
! Japan, Australia, Europe (including the Soviet Union), Africa, Israel,
! and all corners of North America.
Also, some people receive these newsgroups as part of a mailing list
rather than a newsgroup. If you're one of these people, please don't
*** /tmp/,RCSt1a06005 Sun Dec 2 23:46:49 1990
--- part2 Sun Dec 2 23:46:38 1990
***************
*** 1,12 ****
Subject: Frequently Asked Questions about Unix - with Answers [Monthly posting]
! [Last changed: $Date: 90/11/02 09:52:46 $ by $Author: sahayman $]
This article contains the answers to some Frequently Asked Questions
! often seen in comp.unix.questions and comp.unix.wizards. Please don't
! ask these questions again, they've been answered plenty of times
! already - and please don't flame someone just because they may not have
! read this particular posting. Thank you.
This article includes answers to:
--- 1,12 ----
Subject: Frequently Asked Questions about Unix - with Answers [Monthly posting]
! [Last changed: $Date: 90/12/02 23:46:32 $ by $Author: sahayman $]
This article contains the answers to some Frequently Asked Questions
! often seen in comp.unix.questions. Please don't ask these questions
! again, they've been answered plenty of times already - and please don't
! flame someone just because they may not have read this particular
! posting. Thank you.
This article includes answers to:
***************
*** 30,36 ****
until the remote command has completed?
13) How do I truncate a file?
14) How do I {set an environment variable, change directory} inside a
! shell script and have that change affect my current shell?
15) Why doesn't find's "{}" symbol do what I want?
16) How do I redirect stdout and stderr separately in csh?
17) How do I set the permissions on a symbolic link?
--- 30,37 ----
until the remote command has completed?
13) How do I truncate a file?
14) How do I {set an environment variable, change directory} inside a
! program or shell script and have that change affect my
! current shell?
15) Why doesn't find's "{}" symbol do what I want?
16) How do I redirect stdout and stderr separately in csh?
17) How do I set the permissions on a symbolic link?
***************
*** 46,52 ****
24) How do I tell inside .cshrc if I'm a login shell?
25) Why doesn't redirecting a loop work as intended? (Bourne shell)
26) How do I use popen() to open a process for reading AND writing?
! 27) How do I pronounce "vi" , or "!", or "/*", or ...?
If you're looking for the answer to, say, question 14, and want to skip
--- 47,58 ----
24) How do I tell inside .cshrc if I'm a login shell?
25) Why doesn't redirecting a loop work as intended? (Bourne shell)
26) How do I use popen() to open a process for reading AND writing?
! 27) How do I run 'passwd", 'ftp', 'telnet', 'tip' and other interactive
! programs from a shell script or in the background?
! 28) How do I sleep() in a C program for less than one second?
! 29) How can I get setuid shell scripts to work?
! 30) What are some useful Unix or C books?
! 31) How do I pronounce "vi" , or "!", or "/*", or ...?
If you're looking for the answer to, say, question 14, and want to skip
***************
*** 235,240 ****
--- 241,257 ----
so you can do
set prompt='%~ '
+
+ BASH (FSF's "Bourne Again SHell")
+
+ \w in $PS1 gives the full pathname of the current directory,
+ with ~ expansion for $HOME; \W gives the basename of
+ the current directory. So, in addition to the above sh and
+ ksh solutions, you could use
+
+ PS1='\w $ '
+ or
+ PS1='\W $ '
5) How do I read characters from a terminal without requiring the user
to hit RETURN?
***************
*** 547,559 ****
truncation to length zero with creat() or open(..., O_TRUNC).
14) How do I {set an environment variable, change directory} inside a
! shell script and have that change affect my current shell?
! You can't, unless you use a special command to run the script in
! the context of the current shell rather than in a child program.
! The process environment (including environment variables and
! current directory) is inherited by child programs but cannot be
! passed back to parent programs.
For instance, if you have a C shell script named "myscript":
--- 564,586 ----
truncation to length zero with creat() or open(..., O_TRUNC).
14) How do I {set an environment variable, change directory} inside a
! program or shell script and have that change affect my
! current shell?
!
! In general, you can't, at least not without making special
! arrangements. When a child process is created, it inherits a copy
! of its parent's variables (and current directory). The child can
! change these values all it wants but the changes won't affect the
! parent shell, since the child is changing a copy of the
! original data.
!
! Some special arrangements are possible. Your child process could
! write out the changed variables, if the parent was prepared to read
! the output and interpret it as commands to set its own variables.
! Also, shells can arrange to run other shell scripts in the context
! of the current shell, rather than in a child process, so that
! changes will affect the original shell.
For instance, if you have a C shell script named "myscript":
***************
*** 835,840 ****
--- 862,871 ----
There should be no difference in content between the
mailing list and the newsgroup.
+ [Note: The newsgroup "comp.unix.wizards" was recently
+ deleted, but the "Unix-Wizards" mailing list still exists.
+ I'm not really sure how this is all going to sort itself out.]
+
To get on or off either of these lists, send mail to
Info-Unix-Request at brl.mil or Unix-Wizards-Request at brl.mil .
Be sure to use the '-Request'. Don't expect an immediate response.
***************
*** 1115,1121 ****
since that requires cooperation from the processes it is inappropriate
for a popen()-like library function.
! 27) How do I pronounce "vi" , or "!", or "/*", or ...?
You can start a very long and pointless discussion by wondering
about this topic on the net. Some people say "vye", some say
--- 1146,1370 ----
since that requires cooperation from the processes it is inappropriate
for a popen()-like library function.
! 27) How do I run 'passwd", 'ftp', 'telnet', 'tip' and other interactive
! programs from a shell script or in the background?
!
! The shell itself cannot interact with interactive tty-based programs
! like these. Fortunately some programs have been written to manage
! the connection to a pseudo-tty so that you can run these sorts
! of programs in a script.
!
! 'expect' is a one such program, which you can ftp pub/expect.shar.Z
! from durer.cme.nist.gov.
!
! The following expect script is an example of a non-interactive
! version of passwd(1).
!
! # username is passed as 1st arg, password as 2nd
! set password [index $argv 2]
! spawn passwd [index $argv 1]
! expect "*password:"
! send "$password\r"
! expect "*password:"
! send "$password\r"
! expect eof
!
! Another solution is provided by the 'pty' program, which runs a
! program under a pty session and was posted to comp.sources.unix,
! volume 23, issue 31.
!
! 28) How do I sleep() in a C program for less than one second?
!
! The first thing you need to be aware of is that all you can specify is a
! MINIMUM amount of delay; the actual delay will depend on scheduling
! issues such as system load, and could be arbitrarily large if you're
! unlucky.
!
! There is no standard library function that you can count on in all
! environments for "napping" (the usual name for short sleeps). The
! following code is adapted from Doug Gwyn's System V emulation
! support for 4BSD and exploits the 4BSD select() system call. On
! System V you might be able to use poll() in a similar way.
!
! /*
! nap -- support routine for 4.2BSD system call emulations
!
! last edit: 29-Oct-1984 D A Gwyn
! */
!
! extern int select();
!
!
! int
! nap( usec ) /* returns 0 if ok, else -1 */
! long usec; /* delay in microseconds */
! {
! static struct /* `timeval' */
! {
! long tv_sec; /* seconds */
! long tv_usec; /* microsecs */
! } delay; /* _select() timeout */
!
! delay.tv_sec = usec / 1000000L;
! delay.tv_usec = usec % 1000000L;
!
! return select( 0, (long *)0, (long *)0, (long *)0, &delay );
! }
!
!
! 29) How can I get setuid shell scripts to work?
!
! [ This is a long answer, but it's a complicated and frequently-asked
! question. Thanks to Maarten Litmaath for this answer, and
! for the "indir" program mentioned below. ]
!
! Let us first assume you are on a UNIX variant (e.g. 4.3BSD or SunOS)
! that knows about so-called `executable shell scripts'. Such a script
! must start with a line like:
!
! #!/bin/sh
!
! The script is called `executable' because just like a real (binary)
! executable it starts with a so-called `magic number' indicating the
! type of the executable. In our case this number is `#!' and the OS
! takes the rest of the first line as the interpreter for the script,
! possibly followed by 1 initial option like:
!
! #!/bin/sed -f
!
! Suppose this script is called `foo', then if you type:
!
! foo arg1 arg2 arg3
!
! the OS will rearrange things as though you had typed:
!
! /bin/sed -f foo arg1 arg2 arg3
!
! There is one difference though: if the setuid permission bit for
! `foo' is set, it will be honored in the first form of the command;
! if you really type the second form, the OS will honor the permission
! bits of /bin/sed, which is not setuid, of course.
!
! ----------
!
! OK, but what if my shell script does NOT start with such a `#!' line?
!
! Well, if the shell (or anybody else) tries to execute it, the OS will
! return an error indication, as the file does not start with a valid
! magic number. Upon receiving this indication the shell ASSUMES the
! file to be a shell script and gives it another try:
!
! /bin/sh shell_script arguments
!
! But we have already seen that a setuid bit on `shell_script' will NOT
! be honored in this case!
!
! ----------
!
! Right, but what about the security risks of setuid shell scripts?
!
! Well, suppose the script is called `/etc/setuid_script', starting
! with:
!
! #!/bin/sh
!
! Now let us see what happens if we issue the following commands:
!
! $ cd /tmp
! $ ln /etc/setuid_script -i
! $ PATH=.
! $ -i
!
! We know the last command will be rearranged to:
!
! /bin/sh -i
!
! But this command will give us an interactive shell, setuid to the
! owner of the script!
! Fortunately this security hole can easily be closed by making the
! first line:
!
! #!/bin/sh -
!
! The `-' signals the end of the option list: the next argument `-i'
! will be taken as the name of the file to read commands from, just
! like it should!
!
! ---------
!
! There are more serious problems though:
!
! $ cd /tmp
! $ ln /etc/setuid_script temp
! $ nice -20 temp &
! $ mv my_script temp
!
! The third command will be rearranged to:
!
! nice -20 /bin/sh - temp
!
! As this command runs so slowly, the fourth command might be able to
! replace the original `temp' with `my_script' BEFORE `temp' is opened
! by the shell!
! There are 4 ways to fix this security hole:
!
! 1) let the OS start setuid scripts in a different, secure way
! - System V R4 and 4.4BSD use the /dev/fd driver to pass the
! interpreter a file descriptor for the script
!
! 2) let the script be interpreted indirectly, through a frontend
! that makes sure everything is all right before starting the
! real interpreter - if you use the `indir' program from
! comp.sources.unix the setuid script will look like this:
!
! #!/bin/indir -u
! #?/bin/sh /etc/setuid_script
!
! 3) make a `binary wrapper': a real executable that is setuid and
! whose only task is to execute the interpreter with the name of
! the script as an argument
!
! 4) make a general `setuid script server' that tries to locate the
! requested `service' in a database of valid scripts and upon
! success will start the right interpreter with the right
! arguments.
!
! ---------
!
! Now that we have made sure the right file gets interpreted, are there
! any risks left?
!
! Certainly! For shell scripts you must not forget to set the PATH
! variable to a safe path explicitly. Can you figure out why?
! Also there is the IFS variable that might cause trouble if not set
! properly. Other environment variables might turn out to compromise
! security as well, e.g. SHELL...
! Furthermore you must make sure the commands in the script do not
! allow interactive shell escapes!
! Then there is the umask which may have been set to something
! strange...
!
! Etcetera. You should realise that a setuid script `inherits' all the
! bugs and security risks of the commands that it calls!
!
! All in all we get the impression setuid shell scripts are quite a
! risky business! You may be better off writing a C program instead!
!
! 30) What are some useful Unix or C books?
!
! Mitch Wright (mitch at hq.af.mil) maintains a useful list of Unix and
! C books, with descriptions and some mini-reviews. There are currently
! 77 titles on his list.
!
! You can obtain a copy of this list by anonymous ftp from
! iuvax.cs.indiana.edu (129.79.254.192), where it's
! "pub/Unix-C-Booklist". If you can't use anonymous ftp, email the
! line "help" to "mailserv at iuvax.cs.indiana.edu" for instructions on
! retrieving things via email.
!
! Send additions or suggestions to mitch at hq.af.mil .
!
! 31) How do I pronounce "vi" , or "!", or "/*", or ...?
You can start a very long and pointless discussion by wondering
about this topic on the net. Some people say "vye", some say
More information about the Comp.unix.questions
mailing list