sh(1)

NAME

sh, rsh − shell, the standard and restricted command interpreter

SYNOPSIS

sh [ −acefhiknprstuvx ] [ args ]
rsh [ −acefhiknprstuvx ] [ args ]

DESCRIPTION

sh is a command programming language that executes commands read from a terminal or a file. rsh is a restricted version of the standard command interpreter sh; it is used to restrict logins to execution environments whose capabilities are more controlled than those of the standard shell. See “Invocation,” below for the meaning of arguments to the shell.

Definitions

A blank is a tab or a space. A name is a sequence of ASCII letters, digits, or underscores, beginning with a letter or an underscore. A parameter is a name, a digit, or any of the characters ∗, @, #, ?, −, $, and !.

Commands

A simple-command is a sequence of non-blank words separated by blanks. The first word specifies the name of the command to be executed. Except as specified below, the remaining words are passed as arguments to the invoked command. The command name is passed as argument 0 [see exec(2)]. The value of a simple-command is its exit status if it terminates normally, or (octal) 200+status if it terminates abnormally; see signal(2) for a list of status values.

A pipeline is a sequence of one or more commands separated by │. The standard output of each command but the last is connected by a pipe(2) to the standard input of the next command. Each command is run as a separate process; the shell waits for the last command to terminate. The exit status of a pipeline is the exit status of the last command in the pipeline.

A list is a sequence of one or more pipelines separated by ;, &, &&, or ││, and optionally terminated by ; or &. Of these four symbols, ; and & have equal precedence, which is lower than that of && and ││. The symbols && and ││ also have equal precedence. A semicolon (;) causes sequential execution of the preceding pipeline (i.e., the shell waits for the pipeline to finish before executing any commands following the semicolon); an ampersand (&) causes asynchronous execution of the preceding pipeline (i.e., the shell does not wait for that pipeline to finish). The symbol && (││) causes the list following it to be executed only if the preceding pipeline returns a zero (non-zero) exit status. An arbitrary number of new-lines may appear in a list, instead of semicolons, to delimit commands.

A command is either a simple-command or one of the following. Unless otherwise stated, the value returned by a command is that of the last simple-command executed in the command.

for name [ in word ... ] do list done
Each time a for command is executed, name is set to the next word taken from the in word list. If in word ... is omitted, then the for command executes the do list once for each positional parameter that is set (see “Parameter Substitution,” below). Execution ends when there are no more words in the list.

case word in [ pattern [ │ pattern ] ... ) list ;; ] ... esac
A case command executes the list associated with the first pattern that matches word. The form of the patterns is the same as that used for file-name generation (see “File Name Generation”) except that a slash, a leading dot, or a dot immediately following a slash need not be matched explicitly.

if list then list [ elif list then list ] ... [ else list ] fi
The list following if is executed and, if it returns a zero exit status, the list following the first then is executed. Otherwise, the list following elif is executed and, if its value is zero, the list following the next then is executed. Failing that, the else list is executed. If no else list or then list is executed, then the if command returns a zero exit status.

while list do list done
A while command repeatedly executes the while list and, if the exit status of the last command in the list is zero, executes the do list; otherwise the loop terminates. If no commands in the do list are executed, then the while command returns a zero exit status; until may be used in place of while to negate the loop termination test.

(list)
Execute list in a sub-shell.

{ list;}
list is executed in the current (that is, parent) shell. The { must be followed by a space.

name () { list;}
Define a function which is referenced by name. The body of the function is the list of commands between { and }. The { must be followed by a space. Execution of functions is described below (see “Execution”). The { and } are unnecessary if the body of the function is a command as defined above, under “Commands.”

The following words are only recognized as the first word of a command and when not quoted:

if then else elif fi case esac for while until do done { }

Comments

A word beginning with # causes that word and all the following characters up to a new-line to be ignored.

Command Substitution

The shell reads commands from the string between two grave accents (``) and the standard output from these commands may be used as all or part of a word. Trailing new-lines from the standard output are removed.

No interpretation is done on the string before the string is read, except to remove backslashes (\) used to escape other characters. Backslashes may be used to escape a grave accent (`) or another backslash (\) and are removed before the command string is read. Escaping grave accents allows nested command substitution. If the command substitution lies within a pair of double quotes (" ...` ...` ... "), a backslash used to escape a double quote (\") will be removed; otherwise, it will be left intact.

If a backslash is used to escape a new-line character (\new-line), both the backslash and the new-line are removed (see the later section on “Quoting”). In addition, backslashes used to escape dollar signs (\$) are removed. Since no parameter substitution is done on the command string before it is read, inserting a backslash to escape a dollar sign has no effect. Backslashes that precede characters other than \, `, ", new-line, and $ are left intact when the command string is read.

Parameter Substitution

The character $ is used to introduce substitutable parameters. There are two types of parameters, positional and keyword. If parameter is a digit, it is a positional parameter. Positional parameters may be assigned values by set. Keyword parameters (also known as variables) may be assigned values by writing:

name=value [ name=value ] ...

Pattern-matching is not performed on value. There cannot be a function and a variable with the same name.

${parameter}
The value, if any, of the parameter is substituted. The braces are required only when parameter is followed by a letter, digit, or underscore that is not to be interpreted as part of its name. If parameter is ∗ or @, all the positional parameters, starting with $1, are substituted (separated by spaces). Parameter $0 is set from argument zero when the shell is invoked.

${parameter:−word}
If parameter is set and is non-null, substitute its value; otherwise substitute word.

${parameter:=word}
If parameter is not set or is null set it to word; the value of the parameter is substituted. Positional parameters may not be assigned in this way.

${parameter:?word}
If parameter is set and is non-null, substitute its value; otherwise, print word and exit from the shell. If word is omitted, the message “parameter null or not set” is printed.

${parameter:+word}
If parameter is set and is non-null, substitute word; otherwise substitute nothing.

In the above, word is not evaluated unless it is to be used as the substituted string, so that, in the following example, pwd is executed only if d is not set or is null:

echo ${d:−`pwd`}

If the colon (:) is omitted from the above expressions, the shell only checks whether parameter is set or not.

The following parameters are automatically set by the shell.

# The number of positional parameters in decimal.

− Flags supplied to the shell on invocation or by the set command.

? The decimal value returned by the last synchronously executed command.

$ The process number of this shell.

! The process number of the last background command invoked.

The following parameters are used by the shell. The parameters in this section are also referred to as environment variables.

HOME
The default argument (home directory) for the cd command, set to the user’s login directory by login(1) from the password file [see passwd(4)].

PATH
The search path for commands (see “Execution,” below). The user may not change PATH if executing under rsh.

CDPATH
The search path for the cd command.

MAIL
If this parameter is set to the name of a mail file and the MAILPATH parameter is not set, the shell informs the user of the arrival of mail in the specified file.

MAILCHECK
This parameter specifies how often (in seconds) the shell will check for the arrival of mail in the files specified by the MAILPATH or MAIL parameters. The default value is 600 seconds (10 minutes). If set to 0, the shell will check before each prompt.

MAILPATH
A colon (:) separated list of file names. If this parameter is set, the shell informs the user of the arrival of mail in any of the specified files. Each file name can be followed by % and a message that will be printed when the modification time changes. The default message is you have mail.

PS1 Primary prompt string, by default “$ ”.

PS2 Secondary prompt string, by default “> ”.

IFS Internal field separators, normally space, tab, and new-line (see “Blank Interpretation”).

LANG
If this parameter is set, the shell will use it to determine the current locale; see environ(5), setlocale(3C).

SHACCT
If this parameter is set to the name of a file writable by the user, the shell will write an accounting record in the file for each shell procedure executed.

SHELL
When the shell is invoked, it scans the environment (see “Environment,” below) for this name. If it is found and rsh is the file name part of its value, the shell becomes a restricted shell.

TIMEOUT
If the terminal is left unattended for longer than TIMEOUT seconds the shell will terminate. If set to 0, the feature is disabled. The default value is 0. For CX/SX systems the feature may not be disabled. The default value is 3600 seconds (1 hour). The default is used if TIMEOUT is set either to 0 or to anything greater than the default.

The shell gives default values to PATH, PS1, PS2, MAILCHECK, TIMEOUT, and IFS. HOME and MAIL are set by login(1).

Blank Interpretation

After parameter and command substitution, the results of substitution are scanned for internal field separator characters (those found in IFS) and split into distinct arguments where such characters are found. Explicit null arguments ("" or ´´) are retained. Implicit null arguments (those resulting from parameters that have no values) are removed.

Input/Output

A command’s input and output may be redirected using a special notation interpreted by the shell. The following may appear anywhere in a simple-command or may precede or follow a command and are not passed on as arguments to the invoked command. Note that parameter and command substitution occurs before word or digit is used.

<word Use file word as standard input (file descriptor 0).

>word Use file word as standard output (file descriptor 1). If the file does not exist, it is created; otherwise, it is truncated to zero length.

>>word Use file word as standard output. If the file exists, output is appended to it (by first seeking to the end-of-file); otherwise, the file is created.

<<[−]word After parameter and command substitution is done on word, the shell input is read up to the first line that literally matches the resulting word, or to an end-of-file. If, however, − is appended to <<:

1) leading tabs are stripped from word before the shell input is read (but after parameter and command substitution is done on word),

2) leading tabs are stripped from the shell input as it is read and before each line is compared with word, and

3) shell input is read up to the first line that literally matches the resulting word, or to an end-of-file.

If any character of word is quoted (see “Quoting,” later), no additional processing is done to the shell input. If no characters of word are quoted:

1) parameter and command substitution occurs,

2) (escaped) \new-lines are removed, and

3) \ must be used to quote the characters \, $, and `.

The resulting document becomes the standard input.

<&digit Use the file associated with file descriptor digit as standard input. Similarly for the standard output using >&digit.

<&− The standard input is closed. Similarly for the standard output using >&−.

If any of the above is preceded by a digit, the file descriptor which will be associated with the file is that specified by the digit (instead of the default 0 or 1). For example:

... 2>&1

associates file descriptor 2 with the file currently associated with file descriptor 1.

The order in which redirections are specified is significant. The shell evaluates redirections left-to-right. For example:

... 1>xxx 2>&1

first associates file descriptor 1 with file xxx. It associates file descriptor 2 with the file associated with file descriptor 1 (i.e., xxx). If the order of redirections were reversed, file descriptor 2 would be associated with the terminal (assuming file descriptor 1 had been) and file descriptor 1 would be associated with file xxx.

Using the terminology introduced on the first page, under “Commands,” if a command is composed of several simple commands, redirection will be evaluated for the entire command before it is evaluated for each simple command. That is, the shell evaluates redirection for the entire list, then each pipeline within the list, then each command within each pipeline, then each list within each command.

If a command is followed by & the default standard input for the command is the empty file /dev/null. Otherwise, the environment for the execution of a command contains the file descriptors of the invoking shell as modified by input/output specifications.

Redirection of output is not allowed in the restricted shell.

File Name Generation

Before a command is executed, each command word is scanned for the characters ∗, ?, and [. If one of these characters appears the word is regarded as a pattern. The word is replaced with alphabetically sorted file names that match the pattern. If no file name is found that matches the pattern, the word is left unchanged. The character . at the start of a file name or immediately following a /, as well as the character / itself, must be matched explicitly.

∗ Matches any string, including the null string.

? Matches any single character.

[...] Matches any one of the enclosed characters. A pair of characters separated by − matches any character lexically between the pair, inclusive. If the first character following the opening [ is a !, any character not enclosed is matched.

Note that all quoted characters (see below) must be matched explicitly in a filename.

Quoting

The following characters have a special meaning to the shell and cause termination of a word unless quoted:

; & ( ) │ ^ < > new-line space tab

A character may be quoted (i.e., made to stand for itself) by preceding it with a backslash (\) or inserting it between a pair of quote marks (´´ or ""). During processing, the shell may quote certain characters to prevent them from taking on a special meaning. Backslashes used to quote a single character are removed from the word before the command is executed. The pair \new-line is removed from a word before command and parameter substitution.

All characters enclosed between a pair of single quote marks (´´), except a single quote, are quoted by the shell. Backslash has no special meaning inside a pair of single quotes. A single quote may be quoted inside a pair of double quote marks (for example, "´"), but a single quote cannot be quoted inside a pair of single quotes.

Inside a pair of double quote marks (""), parameter and command substitution occurs and the shell quotes the results to avoid blank interpretation and file name generation. If $∗ is within a pair of double quotes, the positional parameters are substituted and quoted, separated by quoted spaces ("$1 $2 ..."); however, if $@ is within a pair of double quotes, the positional parameters are substituted and quoted, separated by unquoted spaces ("$1" "$2" ... ). \ quotes the characters \, `, ", and $. The pair \new-line is removed before parameter and command substitution. If a backslash precedes characters other than \, `, ", $, and new-line, then the backslash itself is quoted by the shell.

Prompting

When used interactively, the shell prompts with the value of PS1 before reading a command. If at any time a new-line is typed and further input is needed to complete a command, the secondary prompt (i.e., the value of PS2) is issued.

Environment

The environment [see environ(5)] is a list of name-value pairs that is passed to an executed program in the same way as a normal argument list. The shell interacts with the environment in several ways. On invocation, the shell scans the environment and creates a parameter for each name found, giving it the corresponding value. If the user modifies the value of any of these parameters or creates new parameters, none of these affects the environment unless the export command is used to bind the shell’s parameter to the environment (see also set −a). A parameter may be removed from the environment with the unset command. The environment seen by any executed command is thus composed of any unmodified name-value pairs originally inherited by the shell, minus any pairs removed by unset, plus any modifications or additions, all of which must be noted in export commands.

The environment for any simple-command may be augmented by prefixing it with one or more assignments to parameters. Thus:

TERM=450 cmd and
(export TERM; TERM=450; cmd)

are equivalent as far as the execution of cmd is concerned if cmd is not a Special Command. If cmd is a Special Command, then

TERM=450 cmd

will modify the TERM variable in the current shell.

If the −k flag is set, all keyword arguments are placed in the environment, even if they occur after the command name. The following first prints a=b c and c:

echo a=b c
set −k
echo a=b c

Signals

The INTERRUPT and QUIT signals for an invoked command are ignored if the command is followed by &; otherwise signals have the values inherited by the shell from its parent, with the exception of signal 11 (memory fault; but see also the trap command below).

Execution

Each time a command is executed, the command substitution, parameter substitution, blank interpretation, input/output redirection, and filename generation listed above are carried out. If the command name matches the name of a defined function, the function is executed in the shell process (note how this differs from the execution of shell procedures). If the command name does not match the name of a defined function, but matches one of the Special Commands listed below, it is executed in the shell process. The positional parameters $1, $2, .... are set to the arguments of the function. If the command name matches neither a Special Command nor the name of a defined function, a new process is created and an attempt is made to execute the command via exec(2).

The shell parameter PATH defines the search path for the directory containing the command. Alternative directory names are separated by a colon (:). The default path is /usr/bin. The current directory is specified by a null path name, which can appear immediately after the equal sign, between two colon delimiters anywhere in the path list, or at the end of the path list. If the command name contains a / the search path is not used; such commands will not be executed by the restricted shell. Otherwise, each directory in the path is searched for an executable file. If the file has execute permission but is not an a.out file, it is assumed to be a file containing shell commands. A sub-shell is spawned to read it. A parenthesized command is also executed in a sub-shell.

The location in the search path where a command was found is remembered by the shell (to help avoid unnecessary execs later). If the command was found in a relative directory, its location must be re-determined whenever the current directory changes. The shell forgets all remembered locations whenever the PATH variable is changed or the hash -r command is executed (see below).

Special Commands

Input/output redirection is now permitted for these commands. File descriptor 1 is the default output location.

: No effect; the command does nothing. A zero exit code is returned.

. file Read and execute commands from file and return. The search path specified by PATH is used to find the directory containing file.

break [ n ]
Exit from the enclosing for or while loop, if any. If n is specified, break n levels.

continue [ n ]
Resume the next iteration of the enclosing for or while loop. If n is specified, resume at the n-th enclosing loop.

cd [ arg ]
Change the current directory to arg. The shell parameter HOME is the default arg. The shell parameter CDPATH defines the search path for the directory containing arg. Alternative directory names are separated by a colon (:). The default path is <null> (specifying the current directory). Note that the current directory is specified by a null path name, which can appear immediately after the equal sign or between the colon delimiters anywhere else in the path list. If arg begins with a / the search path is not used. Otherwise, each directory in the path is searched for arg. The cd command may not be executed by rsh. See cd(1).

echo [ arg ... ]
Echo arguments. See echo(1) for usage and description.

eval [ arg ... ]
The arguments are read as input to the shell and the resulting command(s) executed.

exec [ arg ... ]
The command specified by the arguments is executed in place of this shell without creating a new process. Input/output arguments may appear and, if no other arguments are given, cause the shell input/output to be modified.

exit [ n ]
Causes a shell to exit with the exit status specified by n. If n is omitted the exit status is that of the last command executed (an end-of-file will also cause the shell to exit.)

export [ name ... ]
The given names are marked for automatic export to the environment of subsequently executed commands. If no arguments are given, variable names that have been marked for export during the current shell’s execution are listed. (Variable names exported from a parent shell are listed only if they have been exported again during the current shell’s execution.) Function names are not exported.

getopts
Use in shell scripts to support command syntax standards [see intro(1)]; it parses positional parameters and checks for legal options. See getopts(1) for usage and description.

hash [ −r ] [ name ... ]
For each name, the location in the search path of the command specified by name is determined and remembered by the shell. The -r option causes the shell to forget all remembered locations. If no arguments are given, information about remembered commands is presented. Hits is the number of times a command has been invoked by the shell process. Cost is a measure of the work required to locate a command in the search path. If a command is found in a "relative" directory in the search path, after changing to that directory, the stored location of that command is recalculated. Commands for which this will be done are indicated by an asterisk (∗) adjacent to the hits information. Cost will be incremented when the recalculation is done.

kill [ -signo ] pid ...

kill -l
Send a signal to processes. See kill(1) for usage and description.

newgrp [ arg ]
Equivalent to exec newgrp arg. See newgrp(1) for usage and description.

pwd Print the current working directory. See pwd(1) for usage and description.

read name ...
One line is read from the standard input and, using the internal field separator, IFS (normally space or tab), to delimit word boundaries, the first word is assigned to the first name, the second word to the second name, etc., with leftover words assigned to the last name. Lines can be continued using \new-line. Characters other than new-line can be quoted by preceding them with a backslash. These backslashes are removed before words are assigned to names, and no interpretation is done on the character that follows the backslash. The return code is 0, unless an end-of-file is encountered.

readonly [ name ... ]
The given names are marked readonly and the values of the these names may not be changed by subsequent assignment. If no arguments are given, a list of all readonly names is printed.

return [ n ]
Causes a function to exit with the return value specified by n. If n is omitted, the return status is that of the last command executed.

set [ −−aefhknptuvx [ arg ... ] ]

−a Mark variables which are modified or created for export.

−e Exit immediately if a command exits with a non-zero exit status.

−f Disable file name generation

−h Locate and remember function commands as functions are defined (function commands are normally located when the function is executed).

−k All keyword arguments are placed in the environment for a command, not just those that precede the command name.

−n Read commands but do not execute them.

−p Reset IFS to space, blank and newline.

−t Exit after reading and executing one command.

−u Treat unset variables as an error when substituting.

−v Print shell input lines as they are read.

−x Print commands and their arguments as they are executed.

−− Do not change any of the flags; useful in setting $1 to −.

Using + rather than − causes these flags to be turned off. These flags can also be used upon invocation of the shell. The current set of flags may be found in $−. The remaining arguments are positional parameters and are assigned, in order, to $1, $2, .... If no arguments are given the values of all names are printed.

shift [ n ]
The positional parameters from $n+1 ... are renamed $1 ... . If n is not given, it is assumed to be 1.

test
Evaluate conditional expressions. See test(1) for usage and description.

times
Print the accumulated user and system times for processes run from the shell.

trap [ arg ] [ n ] ...
The command arg is to be read and executed when the shell receives numeric or symbolic signal(s) (n). (Note that arg is scanned once when the trap is set and once when the trap is taken.) Trap commands are executed in order of signal number. Any attempt to set a trap on a signal that was ignored on entry to the current shell is ineffective. An attempt to trap on signal 11 (memory fault) produces an error. If arg is absent all trap(s) n are reset to their original values. If arg is the null string this signal is ignored by the shell and by the commands it invokes. If n is 0 the command arg is executed on exit from the shell. The trap command with no arguments prints a list of commands associated with each signal number.

type [ name ... ]
For each name, indicate how it would be interpreted if used as a command name.

ulimit [ −[HS][a │ cdfnst] ]

ulimit [ −[HS][c │ d │ f │ n │ s │ t] ] limit
ulimit prints or sets hard or soft resource limits. These limits are described in getrlimit(2).

If limit is not present, ulimit prints the specified limits. Any number of limits may be printed at one time. The −a option prints all limits.

If limit is present, ulimit sets the specified limit to limit. The string unlimited requests the largest valid limit. Limits may be set for only one resource at a time. Any user may set a soft limit to any value below the hard limit. Any user may lower a hard limit. Only a super-user may raise a hard limit; see su(1).

The −H option specifies a hard limit. The −S option specifies a soft limit. If neither option is specified, ulimit will set both limits and print the soft limit.

The following options specify the resource whose limits are to be printed or set. If no option is specified, the file size limit is printed or set.

−c maximum core file size (in 512-byte blocks)

−d maximum size of data segment or heap (in kbytes)

−f maximum file size (in 512-byte blocks)

−n maximum file descriptor + 1

−s maximum size of stack segment (in kbytes)

−t maximum CPU time (in seconds)

umask [ nnn ]
The user file-creation mask is set to nnn [see umask(1)]. If nnn is omitted, the current value of the mask is printed.

att

ucb

universe [ universe ]
For commands att and ucb, set the current universe to the indicated value. For the universe command, set the current universe to universe (which must be one of “att” or “ucb”) or, if universe is not provided, display the name of the current universe. The universe influences the user’s view of the file system and certain commands’ characteristics; see universe(1).

unset [ name ... ]
For each name, remove the corresponding variable or function value. The variables PATH, PS1, PS2, MAILCHECK, TIMEOUT, and IFS cannot be unset.

wait [ n ]
Wait for your background process whose process id is n and report its termination status. If n is omitted, all your shell’s currently active background processes are waited for and the return code will be zero. See wait(1).

Invocation

If the shell is invoked through exec(2) and the first character of argument zero is −, commands are initially read from /etc/profile and from $HOME/.profile, if such files exist. Thereafter, commands are read as described below, which is also the case when the shell is invoked as /usr/bin/sh. The flags below are interpreted by the shell on invocation only. Note that unless the −c or −s flag is specified, the first argument is assumed to be the name of a file containing commands, and the remaining arguments are passed as positional parameters to that command file:

−c string If the −c flag is present commands are read from string.

−i If the −i flag is present or if the shell input and output are attached to a terminal, this shell is interactive. In this case TERMINATE is ignored (so that kill 0 does not kill an interactive shell) and INTERRUPT is caught and ignored (so that wait is interruptible). In all cases, QUIT is ignored by the shell.

−p If the −p flag is present, the shell will not set the effective user and group IDs to the real user and group IDs. See “Security Features” below for further details.

−r If the −r flag is present the shell is a restricted shell.

−s If the −s flag is present or if no arguments remain, commands are read from the standard input. Any remaining arguments specify the positional parameters. Shell output (except for Special Commands) is written to file descriptor 2.

The remaining flags and arguments are described under the set command above.

Restricted Shell (rsh) Only

rsh is used to set up login names and execution environments whose capabilities are more controlled than those of the standard shell. The actions of rsh are identical to those of sh, except that the following are disallowed:

changing directory [see cd(1)],
setting the value of $PATH,
specifying path or command names containing /,
redirecting output (> and >>).

The restrictions above are enforced after .profile is interpreted.

A restricted shell can be invoked in one of the following ways: (1) rsh is the file name part of the last entry in the /etc/passwd file [see passwd(4)]; (2) the environment variable SHELL exists and rsh is the file name part of its value; (3) the shell is invoked and rsh is the file name part of argument 0; (4) the shell is invoked with the −r option.

When a command to be executed is found to be a shell procedure, rsh invokes sh to execute it. Thus, it is possible to provide to the end-user shell procedures that have access to the full power of the standard shell, while imposing a limited menu of commands; this scheme assumes that the end-user does not have write and execute permissions in the same directory.

The net effect of these rules is that the writer of the [see profile(4)] has complete control over user actions by performing guaranteed setup actions and leaving the user in an appropriate directory (probably not the login directory).

The system administrator often sets up a directory of commands (i.e., /usr/rbin) that can be safely invoked by a restricted shell. Some systems also provide a restricted editor, red.

SECURITY FEATURES

When executing on a CX/SX system, the shell has a number of features to enhance security. These features are in effect only on a CX/SX system.

A feature was added was to reduce the propagation of effective user ID (uid) or effective group ID (gid) to child processes. The reason for this feature was to reduce the risk associated with trusted processes that make use of the shell while operating with special permissions.

For this reason, the shell upon invocation will reset the effective uid and effective gid to the real user and group ID. This effectively blocks a broad class of IFS and PATH attacks against DAC policy. This feature can be disabled, for testing and compatibility reasons, by invoking the shell with a −p argument (see “Invocation”, above).

A major vulnerability while operating as superuser is the inadvertent execution of a Trojan Horse program or a program infected with a computer virus. CX/SX has implemented a policy that helps prevent such an attack. The exec(2) system call will only execute commands, while operating with effective superuser permission, if the command is labeled as part of the system or Trusted Computing Base (TCB). Further, the shell will allow superuser to execute only system or TCB shell script files.

System files are those files that have a security label of “system” (Level 0). Normal users are not cleared to operate at the system level and cannot create level 0 files nor downgrade a file to that level. Thus a Trojan Horse is more difficult for superuser to inadvertently run because the shell will refuse to execute it. The shell will also refuse to execute shell scripts while operating effectively as superuser unless the script is labeled at level 0.

Another vulnerability on some systems is that users will, on occasion, leave their terminals unattended. The shell will terminate (i.e. log the user out) if a command is not entered within the prescribed number of seconds after issuing the PS1 prompt. See the discussion of TIMEOUT in “Parameter Substitution”, above.

EXIT STATUS

Errors detected by the shell, such as syntax errors, cause the shell to return a non-zero exit status. If the shell is being used non-interactively execution of the shell file is abandoned. Otherwise, the shell returns the exit status of the last command executed (see also the exit command above).

FILES

/etc/profile
$HOME/.profile
/tmp/sh∗
/dev/null

NOTES

Words used for filenames in input/output redirection are not interpreted for filename generation (see “File Name Generation,” above). For example, cat file1 >a∗ will create a file named a∗.

Because commands in pipelines are run as separate processes, variables set in a pipeline have no effect on the parent shell.

If you get the error message cannot fork, too many processes, try using the wait(1) command to clean up your background processes. If this doesn’t help, the system process table is probably full or you have too many active foreground processes. (There is a limit to the number of process ids associated with your login, and to the number the system can keep track of.)

Only the last process in a pipeline can be waited for.

If a command is executed, and a command with the same name is installed in a directory in the search path before the directory where the original command was found, the shell will continue to exec the original command. Use the hash command to correct this situation.

If you move the current directory or one above it, pwd may not give the correct response. Use the cd command with a full path name to correct this situation.

CX/UX User’s Reference Manual

Museum

Related Articles