sh(1) sh(1)
NAME
sh, jsh, rsh - shell, the standard, job control, and
restricted command interpreter
SYNOPSIS
sh [-acefhiknprstuvx] [args]
jsh [-acefhiknprstuvx] [args]
/usr/lib/rsh [-acefhiknprstuvx] [args]
DESCRIPTION
sh is a command programming language that executes commands
read from a terminal or a file. The shell /sbin/sh is the
only shell that is trusted for administrative use when the
Enhanced Security Utilities are installed and running on your
system.
jsh is an interface to the shell which provides all the
functionality of sh and enables job control (see Job Control,
below). /usr/lib/rsh is a restricted version of the standard
command interpreter sh; it is used to restrict logins to
execution environments whose capabilities are more controlled
than those of the standard shell. See the Invocation section
for the meaning of arguments to the shell.
sh, jsh, and rsh process supplementary code set characters in
command arguments, as values of variables and field
separators, in prompt strings, comments, and pipes, and in
scripts according to the locale specified in the LC_CTYPE
environment variable [see LANG on environ(5)]. Pattern
searches are performed on characters, not bytes, as described
in Filename Generation below.
Definitions
A blank is a tab or a space. A name is a sequence of letters,
digits, or underscores, beginning with a letter or an
underscore. A parameter is a name, a digit, or any of the
following characters: *, @, #, ?, -, $, and !.
Commands
A simple-command is a sequence of non-blank words separated by
blanks. The first word specifies the name of the command to
be executed. Except as specified below, the remaining words
are passed as arguments to the invoked command. The command
name is passed as argument 0 [see exec(2)]. The value of a
simple-command is its exit status if it terminates normally,
or (octal) 200+status if it terminates abnormally; see
Copyright 1994 Novell, Inc. Page 1
sh(1) sh(1)
signal(5) for a list of status values.
A pipeline is a sequence of one or more commands separated by
|. The standard output of each command but the last is
connected by a pipe(2) to the standard input of the next
command. Each command is run as a separate process; the shell
waits for the last command to terminate. The exit status of a
pipeline is the exit status of the last command in the
pipeline.
A list is a sequence of one or more pipelines separated by ;,
&, &&, or ||, and sometimes terminated by ; or &. Of these
four symbols, ; and & have equal precedence, which is lower
than that of && and ||. The symbols && and || also have equal
precedence. A semicolon (;) causes sequential execution of
the preceding pipeline (that is, the shell waits for the
pipeline to finish before executing any commands following the
semicolon); an ampersand (&) causes asynchronous execution of
the preceding pipeline (that is, the shell does not wait for
that pipeline to finish). The symbol && (||) causes the list
following it to be executed only if the preceding pipeline
returns a zero (non-zero) exit status. An arbitrary number of
newlines may appear in a list, instead of semicolons, to
delimit commands.
A command is either a simple-command or one of the following.
Unless otherwise stated, the value returned by a command is
that of the last simple-command executed in the command.
for name [ in word ... ] do list done
Each time a for command is executed, name is set to the
next word taken from the in word list. If in word ...
is omitted, then the for command executes the do list
once for each positional parameter that is set (see
Parameter Substitution, below). Execution ends when
there are no more words in the list.
case word in [pattern [ | pattern] ... ) list ;;] ... esac
A case command executes the list associated with the
first pattern that matches word. The form of the
patterns is the same as that used for file-name
generation (see Filename Generation) except that a
slash, a leading dot, or a dot immediately following a
slash need not be matched explicitly.
if list then list [ elif list then list] ... [ else list] fi
The list following if is executed and, if it returns a
zero exit status, the list following the first then is
Copyright 1994 Novell, Inc. Page 2
sh(1) sh(1)
executed. Otherwise, the list following elif is
executed and, if its value is zero, the list following
the next then is executed. Failing that, the else list
is executed. If no else list or then list is executed,
then the if command returns a zero exit status.
while list do list done
A while command repeatedly executes the while list and,
if the exit status of the last command in the list is
zero, executes the do list; otherwise the loop
terminates. If no commands in the do list are executed,
then the while command returns a zero exit status; until
may be used in place of while to negate the loop
termination test.
(list)
Execute list in a sub-shell.
{ list;}
list is executed in the current (that is, parent) shell.
The { must be followed by a space.
name () { list;}
Define a function which is referenced by name. The body
of the function is the list of commands between { and }.
The list may appear on the same line as the {. If it
does, the { and list must be separated by a space. The
} may not be on the same line as list; it must be on a
newline. Execution of functions is described below (see
Execution). The { and } are unnecessary if the body of
the function is a simple-command as defined above, under
Commands.
The following words are only recognized as the first word of a
command and when not quoted:
if then else elif fi case esac for while until do done { }
Comments
A word beginning with # causes that word and all the following
characters up to a newline to be ignored. Note the exception
when #! shell is used as the first line of a shell script.
See the Execution section of this manual page.
Command Substitution
The shell interprets commands from the string between two
backquotes (``) and the standard output from these commands
may be used as all or part of a word. Trailing newlines from
the standard output are removed.
Copyright 1994 Novell, Inc. Page 3
sh(1) sh(1)
No interpretation is done on the string before the string is
read, except to remove backslashes (\) used to escape other
characters. Backslashes may be used to escape a backquote (`)
or another backslash (\) and are removed before the command
string is read. Escaping backquotes allows nested command
substitution. If the command substitution lies within a pair
of double quotes (" . . . ` . . . ` . . . "), a backslash used
to escape a double quote (\") will be removed; otherwise, it
will be left intact.
If a backslash is used to escape a newline character
(\newline), both the backslash and the newline are removed
(see the later section on Quoting). In addition, backslashes
used to escape dollar signs (\$) are removed. Since no
parameter substitution is done on the command string before it
is read, inserting a backslash to escape a dollar sign has no
effect. Backslashes that precede characters other than \, `,
", newline, and $ are left intact when the command string is
read.
Parameter Substitution
The character $ is used to introduce substitutable parameters.
There are two types of parameters, positional and keyword. If
a parameter is a digit, it is a positional parameter.
Positional parameters may be assigned values by set. Keyword
parameters (also known as variables) may be assigned values by
writing:
name=value [name=value] ...
Pattern-matching is not performed on value. There cannot be a
function and a variable with the same name.
${parameter}
The value, if any, of the parameter is substituted. The
braces are required only when parameter is followed by a
letter, digit, or underscore that is not to be
interpreted as part of its name. If parameter is * or
@, all the positional parameters, starting with $1, are
substituted (separated by spaces). Parameter $0 is set
from argument zero when the shell is invoked.
${parameter:-word}
If parameter is set and is non-null, substitute its
value; otherwise substitute word.
Copyright 1994 Novell, Inc. Page 4
sh(1) sh(1)
${parameter:=word}
If parameter is not set or is null set it to word; the
value of the parameter is substituted. Positional
parameters may not be assigned in this way.
${parameter:?word}
If parameter is set and is non-null, substitute its
value; otherwise, print parameter: word and exit from
the shell. If word is omitted, the message parameter
null or not set is printed.
${parameter:+word}
If parameter is set and is non-null, substitute word;
otherwise substitute nothing.
In the above, word is not evaluated unless it is to be used as
the substituted string, so that, in the following example, pwd
is executed only if d is not set or is null:
echo ${d:-`pwd`}
If the colon (:) is omitted from the above expressions, the
shell only checks whether parameter is set or not.
The following parameters are automatically set by the shell.
* Expands to the positional parameters, beginning
with 1.
@ Expands to the positional parameters, beginning
with 1, except when expanded within double quotes,
in which case each positional parameter expands as
a separate field.
# The number of positional parameters in decimal.
- Flags supplied to the shell on invocation or by
the set command.
? The decimal value returned by the last
synchronously executed command.
$ The process number of this shell. $ reports the
process ID of the parent shell in all shell
constructs, including pipelines, and in
parenthesized sub-shells.
! The process number of the last background command
invoked.
The following parameters are used by the shell. The
parameters in this section are also referred to as environment
variables.
Copyright 1994 Novell, Inc. Page 5
sh(1) sh(1)
HOME The default argument (home directory) for the cd
command, set to the user's login directory by
login(1) from the password file [see passwd(4)].
PATH The search path for commands (see Execution,
below). The user may not change PATH if executing
under /usr/lib/rsh.
CDPATH
The search path for the cd command.
MAIL If this parameter is set to the name of a mail
file and the MAILPATH parameter is not set, the
shell informs the user of the arrival of mail in
the specified file.
MAILCHECK
This parameter specifies how often (in seconds)
the shell will check for the arrival of mail in
the files specified by the MAILPATH or MAIL
parameters. The default value is 600 seconds (10
minutes). If set to 0, the shell will check
before each prompt.
MAILPATH
A colon (:) separated list of filenames. If this
parameter is set, the shell informs the user of
the arrival of mail in any of the specified files.
Each filename can be followed by % and a message
that will be printed when the modification time
changes. The default message is you have mail.
PS1 Primary prompt string, by default $ .
PS2 Secondary prompt string, by default > .
IFS Internal field separators, by default space, tab,
and newline (see Blank Interpretation).
LANG If this parameter is set, the shell will use it to
determine the current locale; see environ(5),
setlocale(3C).
SHACCT
If this parameter is set to the name of a file
writable by the user, the shell will write an
accounting record in the file for each shell
procedure executed.
SHELL When the shell is invoked, it scans the
environment (see Environment, below) for this
name. If it is found and rsh is the filename part
of its value, the shell becomes a restricted
shell.
TIMEOUT
A non-zero value for TIMEOUT causes the shell to
exit after $TIMEOUT seconds of inactivity. The
Copyright 1994 Novell, Inc. Page 6
sh(1) sh(1)
default value is site dependent. The original
whitespace characters (space, tab, and newline)
are always considered internal field separators.
The shell gives default values to PATH, PS1, PS2, MAILCHECK,
and IFS. HOME and MAIL are set by login(1).
Blank Interpretation
After parameter and command substitution, the results of
substitution are scanned for internal field separator
characters (those found in IFS) and split into distinct
arguments where such characters are found. Explicit null
arguments ("" or '') are retained. Implicit null arguments
(those resulting from parameters that have no values) are
removed.
Input/Output
A command's input and output may be redirected using a special
notation interpreted by the shell. The following may appear
anywhere in a simple-command or may precede or follow a
command and are not passed on as arguments to the invoked
command. Note that parameter and command substitution occurs
before word or digit is used.
<word Use file word as standard input (file descriptor
0).
>word Use file word as standard output (file
descriptor 1). If the file does not exist, it
is created; otherwise, it is truncated to zero
length.
>>word Use file word as standard output. If the file
exists, output is appended to it (by first
seeking to the end-of-file); otherwise, the file
is created.
<<[-]word After parameter and command substitution is done
on word, the shell input is read up to the first
line that literally matches the resulting word,
or to an end-of-file. If, however, - is
appended to <<:
1) leading tabs are stripped from word before
the shell input is read (but after parameter
and command substitution is done on word),
2) leading tabs are stripped from the shell
input as it is read and before each line is
compared with word, and
Copyright 1994 Novell, Inc. Page 7
sh(1) sh(1)
3) shell input is read up to the first line
that literally matches the resulting word,
or to an end-of-file.
If any character of word is quoted (see Quoting
section), no additional processing is done to
the shell input. If no characters of word are
quoted:
1) parameter and command substitution occurs,
2) (escaped) \newlines are removed, and
3) \ must be used to quote the characters \, $,
and `.
The resulting document becomes the standard
input.
<&digit Use the file associated with file descriptor
digit as standard input. Similarly for the
standard output using >&digit.
<&- The standard input is closed. Similarly for the
standard output using >&-.
If any of the above is preceded by a digit, the file
descriptor which will be associated with the file is that
specified by the digit (instead of the default 0 or 1). For
example:
... 2>&1
associates file descriptor 2 with the file currently
associated with file descriptor 1.
The order in which redirections are specified is significant.
The shell evaluates redirections left-to-right. For example:
... 1>xxx 2>&1
first associates file descriptor 1 with file xxx. It
associates file descriptor 2 with the file associated with
file descriptor 1 (that is, xxx). If the order of
redirections were reversed, file descriptor 2 would be
associated with the terminal (assuming file descriptor 1 had
been) and file descriptor 1 would be associated with file xxx.
Using the terminology introduced on the first page, under
Commands, if a command is composed of several simple-commands,
redirection will be evaluated for the entire command before it
is evaluated for each simple-command. That is, the shell
evaluates redirection for the entire list, then each pipeline
within the list, then each command within each pipeline, then
each list within each command.
Copyright 1994 Novell, Inc. Page 8
sh(1) sh(1)
If a command is followed by & the default standard input for
the command is the empty file /dev/null. Otherwise, the
environment for the execution of a command contains the file
descriptors of the invoking shell as modified by input/output
specifications.
Redirection of output is not allowed in the restricted shell.
Filename Generation
Before a command is executed, each command word is scanned for
the characters *, ?, and [. If one of these characters
appears the word is regarded as a pattern. The word is
replaced with alphabetically sorted filenames that match the
pattern. If no filename is found that matches the pattern,
the word is left unchanged. The character . at the start of
a filename or immediately following a /, as well as the
character / itself, must be matched explicitly.
* Matches any string, including supplementary code
set characters and the null string.
? Matches any single character, including
supplementary code set characters.
[...] Matches any one character in the string enclosed
by square brackets, or any one character with a
code value within the range designated using a
minus (-) sign, including supplementary code set
characters. When the characters in the range are
from different code sets, one of the characters
specifying the range is matched. If the first
character following the opening [ is a !, any
character not enclosed is matched, including
supplementary code set characters.
Note that all quoted characters (see below) must be
matched explicitly in a filename.
Quoting
The following characters have a special meaning to the shell
and cause termination of a word unless quoted:
; & ( ) | ^ < > newline space tab
A character may be quoted (that is, made to stand for itself)
by preceding it with a backslash (\) or inserting it between a
pair of quote marks ('' or ""). During processing, the shell
may quote certain characters to prevent them from taking on a
special meaning. Backslashes used to quote a single character
are removed from the word before the command is executed. The
Copyright 1994 Novell, Inc. Page 9
sh(1) sh(1)
pair \newline is removed from a word before command and
parameter substitution.
All characters enclosed between a pair of single quote marks
(''), except a single quote, are quoted by the shell.
Backslash has no special meaning inside a pair of single
quotes. A single quote may be quoted inside a pair of double
quote marks (for example, "'"), but a single quote can not be
quoted inside a pair of single quotes.
Inside a pair of double quote marks (""), parameter and
command substitution occurs and the shell quotes the results
to avoid blank interpretation and filename generation. If $*
is within a pair of double quotes, the positional parameters
are substituted and quoted, separated by quoted spaces ("$1 $2
..."); however, if $@ is within a pair of double quotes, the
positional parameters are substituted and quoted, separated by
unquoted spaces ("$1" "$2" ... ). \ quotes the characters \,
`, ", and $. The pair \newline is removed before parameter
and command substitution. If a backslash precedes characters
other than \, `, ", $, and newline, then the backslash itself
is quoted by the shell.
Prompting
When used interactively, the shell prompts with the value of
PS1 before reading a command. If at any time a newline is
typed and further input is needed to complete a command, the
secondary prompt (that is, the value of PS2) is issued.
Defaults
The file /etc/default/sh (which does not exist by default) can
contain a value for the parameter TIMEOUT; this integer value
specifies the number of seconds that can elapse without user
activity before a shell will exit. If this value is 0,
undefined, or the file /etc/default/sh does not exist (the
default), the shell will wait for user input until explicitly
terminated.
Environment
The environment [see environ(5)] is a list of name-value pairs
that is passed to an executed program in the same way as a
normal argument list. The shell interacts with the
environment in several ways. On invocation, the shell scans
the environment and creates a parameter for each name found,
giving it the corresponding value. If the user modifies the
value of any of these parameters or creates new parameters,
Copyright 1994 Novell, Inc. Page 10
sh(1) sh(1)
none of these affects the environment unless the export
command is used to bind the shell's parameter to the
environment (see also set -a). A parameter may be removed
from the environment with the unset command. The environment
seen by any executed command is thus composed of any
unmodified name-value pairs originally inherited by the shell,
minus any pairs removed by unset, plus any modifications or
additions, all of which must be noted in export commands.
The environment for any simple-command may be augmented by
prefixing it with one or more assignments to parameters.
Thus:
TERM=450 cmd
and
(export TERM; TERM=450; cmd)
are equivalent as far as the execution of cmd is concerned if
cmd is not a special command (see Special Commands). If cmd
is a special command, then
TERM=450 cmd
will modify the TERM variable in the current shell.
If the -k flag is set, all keyword arguments are placed in the
environment, even if they occur after the command name. The
following first prints a=b c and c:
echo a=b c
set -k
echo a=b c
Signals
When a command is run in the background (cmd &) under sh, it
can receive interrupt (SIGINT) and quit (SIGQUIT) signals but
ignores them by default. [A background process can override
this default behavior via trap or signal. For details, see
the description of trap, below, or signal(2).] When a command
is run in the background under jsh, however, it does not
receive interrupt or quit signals. Otherwise signals have the
values inherited by the shell from its parent, with the
exception of three signals: 11 (SIGSEV), 14 (SIGALARM), and 18
(SIGCHILD).
Execution
Each time a command is executed, the command substitution,
parameter substitution, blank interpretation, input/output
redirection, and filename generation listed above are carried
out. If the command name matches the name of a defined
Copyright 1994 Novell, Inc. Page 11
sh(1) sh(1)
function, the function is executed in the shell process (note
how this differs from the execution of shell procedures). If
the command name does not match the name of a defined
function, but matches one of the special commands listed below
in Special Commands, it is executed in the shell process. The
positional parameters $1, $2, .... are set to the arguments
of the function. If the command name matches neither a
special command nor the name of a defined function, a new
process is created and an attempt is made to execute the
command via exec(2).
The shell parameter PATH defines the search path for the
directory containing the command. Alternative directory names
are separated by a colon (:). The default path is /usr/bin:.
The current directory is specified by a null path name, which
can appear immediately after the equal sign, between two colon
delimiters anywhere in the path list, or at the end of the
path list. If the command name contains a / the search path
is not used; such commands will not be executed by the
restricted shell. Otherwise, each directory in the path is
searched for an executable file. If the file has execute
permission but is not an a.out file, it is assumed to be a
file containing shell commands. A sub-shell is spawned to
read it. A parenthesized command is also executed in a sub-
shell.
For shell script files, in order for the set user ID on
execution and/or the set group ID on execution mode to be
effective, the first line of the file must be
#! /sbin/sh
The location in the search path where a command was found is
remembered by the shell (to help avoid unnecessary execs
later). If the command was found in a relative directory, its
location must be re-determined whenever the current directory
changes. The shell forgets all remembered locations whenever
the PATH variable is changed or the hash -r command is
executed (see below).
Special Commands
Input/output redirection is now permitted for these commands.
File descriptor 1 is the default output location. When job
control is enabled, additional special commands are added to
the shell's environment (see Job Control).
Copyright 1994 Novell, Inc. Page 12
sh(1) sh(1)
: No effect; the command does nothing. A zero exit code
is returned.
. file
Read and execute commands from file and return. The
search path specified by PATH is used to find the
directory containing file.
break [n]
Exit from the enclosing for or while loop, if any. If n
is specified, break n levels.
continue [n]
Resume the next iteration of the enclosing for or while
loop. If n is specified, resume at the n-th enclosing
loop.
cd [arg]
Change the current directory to arg. The shell
parameter HOME is the default arg. The shell parameter
CDPATH defines the search path for the directory
containing arg. Alternative directory names are
separated by a colon (:). The default path is <null>
(specifying the current directory). Note that the
current directory is specified by a null path name,
which can appear immediately after the equal sign or
between the colon delimiters anywhere else in the path
list. If arg begins with a / the search path is not
used. Otherwise, each directory in the path is searched
for arg. The cd command may not be executed by
/usr/lib/rsh.
echo [arg ... ]
Echo arguments. See echo(1) for usage and description.
eval [arg ... ]
The arguments are read as input to the shell and the
resulting command(s) executed.
exec [arg ... ]
The command specified by the arguments is executed in
place of this shell without creating a new process.
Input/output arguments may appear and, if no other
arguments are given, cause the shell input/output to be
modified.
exit [n]
Causes a shell to exit with the exit status specified by
n. If n is omitted the exit status is that of the last
command executed (an end-of-file will also cause the
shell to exit.)
export [name ... ]
The given names are marked for automatic export to the
environment of subsequently executed commands. If no
Copyright 1994 Novell, Inc. Page 13
sh(1) sh(1)
arguments are given, variable names that have been
marked for export during the current shell's execution
are listed. (Variable names exported from a parent
shell are listed only if they have been exported again
during the current shell's execution.) Function names
are not exported.
getopts
Use in shell scripts to support command syntax standards
[see intro(1)]; it parses positional parameters and
checks for legal options. See getopts(1) for usage and
description.
hash [ -r] [name ... ]
For each name, the location in the search path of the
command specified by name is determined and remembered
by the shell. The -r option causes the shell to forget
all remembered locations. If no arguments are given,
hits and cost information about remembered commands is
presented. Hits is the number of times a command has
been invoked by the shell process. Cost is a measure of
the work required to locate a command in the search
path. If a command is found in a relative directory in
the search path, after changing to that directory, the
stored location of that command is recalculated.
Commands for which this will be done are indicated by an
asterisk (*) adjacent to the hits information. Cost
will be incremented when the recalculation is done.
mldmode
mldmode -r [string]
mldmode -v [string]
This command is available only if the Enhanced Security
Utilities are installed. With no arguments, the current
multilevel directory (MLD) mode is reported. If -r
alone is specified, the MLD mode of the interactive
shell is changed to real mode. If -v alone is
specified, the MLD mode of the interactive shell is
changed to virtual mode. If the -r or -v option is
followed by a string specifying a command, that command
alone is executed in the specified MLD mode. The
default mode upon login is virtual mode.
newgrp [arg ]
Equivalent to exec newgrp arg. See newgrp(1M) for usage
and description.
priv [ +|-priv_name . . . ] set_name [ . . . ]
For each set_name, priv sets or displays the privileges
contained in that privilege set. set_name may be either
max for the maximum privilege set or work for the
Copyright 1994 Novell, Inc. Page 14
sh(1) sh(1)
working set. priv_name is the name of a privilege. If
priv_names are supplied, priv scans the list and turns
off thoses privileges that are preceded by a minus sign
and turns on those that are preceded by a plus sign in
each of the sets listed. If no priv_names are supplied,
the priv command prints the current list of privileges
for each of the requested sets.
The values for priv_name are:
allprivs Represents all possible privileges.
audit Required to manipulate the security audit
mechanisms.
auditwr Required to write miscellaneous audit
records to the audit trail.
compat Overrides specific restrictions that are
imposed solely for the confinement of covert
channels.
core Required to dump a core image of a process
that is either privileged, setuid, or
setgid. This privilege is not required to
dump the core image of a process that does
not meet the above conditions.
dacread Overrides Discretionary Access Control (DAC)
restrictions but only for operations that do
not alter objects (that is, read and execute
permissions). See ``Access Permissions''
below.
dacwrite Overrides Discretionary Access Control
restrictions but only for operations that
alter objects (that is, write permission).
See ``Access Permissions'' below.
dev Required to set or get device security
attributes to change the device level when
it is in private state, and to access a
device when it is in private state. This
privilege is also used for special ioctl for
window management and to download trusted
software to a terminal driver.
driver Provides compatibility with device drivers
developed by third party vendors. It is
used when a sensitive operation needs to be
limited to a privileged process.
filesys Required for privileged operations on a file
system that have relatively low sensitivity,
including the creation of links to
directories, setting the effective root
directory, and making special files.
Copyright 1994 Novell, Inc. Page 15
sh(1) sh(1)
fsysrange Override file system range restrictions.
loadmod Required to perform selective operations
associated with loadable modules.
macread Overrides Mandatory Access Control (MAC)
restrictions but only for certain operations
that do not alter objects. See ``Access
Permissions'' below.
macwrite Overrides Mandatory Access Control
restrictions that involve the alteration of
objects or other MAC-related attributes.
See ``Access Permissions'' below.
macupgrade Allows processes to upgrade (change the
existing level to a new dominating level)
files.
mount Mount or unmount a file system or set and
get the ceiling level of a file system.
multidir Required for creation of multilevel
directories.
owner Required to change the attributes of a file
(that is, information kept in the file's
inode) that is not owned by the effective
uid of the calling process. See ``Access
Permissions'' below.
plock Required to lock a process in memory.
setflevel Required to change the security level of
objects (for block or character special
files that are in the public state only),
subject to some restrictions.
setplevel Required to change the security level of a
process (including the process's own level),
subject to some restrictions.
setspriv Administrative privilege required to set the
inheritable and fixed privileges on files.
This privilege overrides access and
ownership restrictions.
setuid Required in order to set the real and
effective user and group IDs of a process.
setupriv Privilege required for an otherwise
unprivileged process to set the inheritable
and fixed privileges on a file. This
privilege does not override access or
ownership restrictions.
sysops Required to perform several general system
operations that have only minor security
implications.
Copyright 1994 Novell, Inc. Page 16
sh(1) sh(1)
tshar Required to raise the priority of a time
sharing process or to set the user priority
limit to a value greater than 0.
rtime Required by processes that do real-time
operations.
Access Permissions:
Access permissions are associated with the priv_name
entries.
Access checking is performed whenever a subject (such as
a process) tries to access an object (such as a file or
directory). Permission to access an object is granted
or denied on the basis of mode bits.
The mode bits are known as Discretionary Access Control
(DAC). Mandatory Access Control (MAC) privileges are
defined; however, they may not be supported on the
system you are using.
The standard file access permission bit checks are
performed to determine if the process requesting access
to the object has permission to access it in the manner
(read, write, and/or execute/search) requested. Each
access mode requested is checked separately using the
following algorithm:
If the effective user ID of the process is equal to the
user ID of the owner of the file, and the requested
access mode bit is set in the ``owner'' bits of the
mode, access is granted; otherwise access checking
continues.
If the effective group ID (or any of the supplementary
group IDs of the process) matches the owning group of
the file and the requested access mode bit is set in the
``group'' bits of the mode, access is granted;
otherwise, access checking continues.
If the above checks fail, and the requested access mode
bit is set in the ``other'' bits of the mode, access is
granted; otherwise, access is denied (EACCES is
returned).
These checks are performed on every component of the
pathname, including the object itself. If any of the
checks fail, the privileges of the calling process are
examined to determine if the calling process has the
appropriate privilege for the mode requested (dacread
for read and execute/search access, dacwrite for write
access).
Example:
Copyright 1994 Novell, Inc. Page 17
sh(1) sh(1)
This example adds owner and audit privileges and deletes
dacread privilege from the working set:
priv +owner +audit -dacread work
pwd Print the current working directory. See pwd(1) for
usage and description.
read [-r] name ...
One line is read from the standard input and, using the
internal field separator, IFS, to delimit word
boundaries, the first word is assigned to the first
name, the second word to the second name, etc., with
leftover words assigned to the last name. If -r is not
specified, lines can be continued using \newline and
characters other than newline can be quoted by preceding
them with a backslash. These backslashes are removed
before words are assigned to names, and no
interpretation is done on the character that follows the
backslash. If -r is specified, backslashes are treated
as normal characters, so are not removed from the input,
nor do they affect the next character. The return code
is 0, unless an end-of-file is encountered.
readonly [name ... ]
The given names are marked readonly and the values of
the these names may not be changed by subsequent
assignment. If no arguments are given, a list of all
readonly names is printed.
return [n]
Causes a function to exit with the return value
specified by n. If n is omitted, the return status is
that of the last command executed.
set [ --aefhkntuvx [arg ... ] ]
-a Mark variables which are modified or created for
export.
-e Exit immediately if a command exits with a non-
zero exit status.
-f Disable filename generation
-h Locate and remember function commands as functions
are defined (function commands are normally
located when the function is executed).
-k All keyword arguments are placed in the
environment for a command, not just those that
precede the command name.
-n Read commands but do not execute them.
-t Exit after reading and executing one command.
-u Treat unset variables as an error when
substituting.
Copyright 1994 Novell, Inc. Page 18
sh(1) sh(1)
-v Print shell input lines as they are read.
-x Print commands and their arguments as they are
executed.
-- Do not change any of the flags; useful in setting
$1 to -.
Using + rather than - causes these flags to be turned
off. These flags can also be used upon invocation
of the shell. The current set of flags may be
found in $-. The remaining arguments are
positional parameters and are assigned, in order,
to $1, $2, .... If no arguments are given the
values of all names are printed.
shift [n]
The positional parameters from $n+1 ... are
renamed $1 ... . If n is not given, it is assumed
to be 1.
test
Evaluate conditional expressions. See test(1) for
usage and description.
times
Print the accumulated user and system times for
processes run from the shell.
trap [arg] [n] ...
The command arg is to be read and executed when
the shell receives, n, numeric or symbolic
signal(s). (Note that arg is scanned once when
the trap is set and once when the trap is taken.)
Trap commands are executed in order of signal
number or corresponding symbolic names. Any
attempt to set a trap on a signal that was ignored
on entry to the current shell is ineffective. An
error results when an attempt is made to trap on
any of the following three signals: (1) signal 11
(SIGSEV-segmentation fault); (2) signal 14
(SIGALRM-alarm clock); and (3) signal 18
(SIGCHILD-child status changed). If arg is absent
all trap(s) n are reset to their original values.
If arg is the null string this signal is ignored
by the shell and by the commands it invokes. If n
is 0 the command arg is executed on exit from the
shell. The trap command with no arguments prints
a list of commands associated with each signal
number.
type [name ... ]
For each name, indicate how it would be
interpreted if used as a command name.
Copyright 1994 Novell, Inc. Page 19
sh(1) sh(1)
ulimit [ -[HS][a | cdfnstv] ]
ulimit [ -[HS][c | d | f | n | s | t | v] ] limit
ulimit prints or sets hard or soft resource
limits. These limits are described in
getrlimit(2).
If limit is not present, ulimit prints the
specified limits. Any number of limits may be
printed at one time. The -a option prints all
limits.
If limit is present, ulimit sets the specified
limit to limit. The string unlimited requests the
largest valid limit. Limits may be set for only
one resource at a time. Any user may set a soft
limit to any value below the hard limit. Any user
may lower a hard limit. Only a privileged user
may raise a hard limit.
The -H option specifies a hard limit. The -S
option specifies a soft limit. If neither option
is specified, ulimit will set both limits and
print the soft limit.
The following options specify the resource whose
limits are to be printed or set. If no option is
specified, the file size limit is printed or set.
-c maximum core file size (in 512-byte blocks)
-d maximum size of data segment or heap (in
kbytes)
-f maximum file size (in 512-byte blocks)
-n maximum file descriptor plus 1
-s maximum size of stack segment (in kbytes)
-t maximum CPU time (in seconds)
-v maximum size of virtual memory (in kbytes)
umask [ -S ] [mask]
The user file-creation mask is set by mask. If mask is
omitted, the current value of the mask is printed. If
-S is specified, the mask is printed in symbolic form,
otherwise it is printed in octal form. See umask(1) for
further details.
unset [name ... ]
For each name, remove the corresponding variable or
function value. The variables PATH, PS1, PS2,
MAILCHECK, and IFS cannot be unset.
wait [pid ... ]
Wait for your background processes whose process IDs are
the values of pid and return the termination status of
the final pid. If pid is omitted, all your shell's
currently active background processes are waited for and
Copyright 1994 Novell, Inc. Page 20
sh(1) sh(1)
the return code will be zero. See wait(1) for further
details.
Invocation
If the shell is invoked through exec(2) and the first
character of argument zero is -, commands are initially read
from /etc/profile and from $HOME/.profile, if such files
exist. Thereafter, commands are read as described below,
which is also the case when the shell is invoked as
/usr/bin/sh. The flags below are interpreted by the shell on
invocation only. Note that unless the -c or -s flag is
specified, the first argument is assumed to be the name of a
file containing commands, and the remaining arguments are
passed as positional parameters to that command file:
-c string If the -c flag is present commands are read from
string.
-i If the -i flag is present or if the shell input and
output are attached to a terminal, this shell is
interactive. In this case SIGTERM is ignored (so
that kill 0 does not kill an interactive shell) and
SIGINT is caught and ignored (so that wait is
interruptible). In all cases, SIGQUIT is ignored by
the shell.
-p If the -p flag is present, the shell will not set
the effective user and group IDs to the real user
and group IDs. If the -p flag is not present, the
shell will set the effective user ID to the real
user ID if the effective user ID is <100, and the
shell will set the effective group ID to the real
group ID if the effective group ID is <100 and not
equal to 1.
-r If the -r flag is present the shell is a restricted
shell.
-s If the -s flag is present or if no arguments remain,
commands are read from the standard input. Any
remaining arguments specify the positional
parameters. Shell output (except for special
commands) is written to file descriptor 2.
The remaining flags and arguments are described under the set
command above.
Job Control (jsh)
When the shell is invoked as jsh, job control is enabled in
addition to all of the functionality described previously for
Copyright 1994 Novell, Inc. Page 21
sh(1) sh(1)
sh. Typically job control is enabled for the interactive
shell only. Non-interactive shells typically do not benefit
from the added functionality of job control.
With job control enabled every command or pipeline the user
enters at the terminal is called a job. All jobs exist in one
of the following states: foreground, background or stopped.
These terms are defined as follows: 1) a job in the foreground
has read and write access to the controlling terminal; 2) a
job in the background is denied read access and has
conditional write access to the controlling terminal [see
stty(1)]; 3) a stopped job is a job that has been placed in a
suspended state, usually as a result of a SIGTSTP signal [see
signal(5)]. Jobs in the foreground can be stopped by
interrupt (SIGINT) or quit (SIGQUIT) signals from the
keyboard; background jobs cannot be stopped by these signals.
Every job that the shell starts is assigned a positive
integer, called a job number that is tracked by the shell and
is used as an identifier for a specific job. Additionally,
the shell keeps track of the current and previous jobs. The
current job is the most recent job to be started or restarted.
The previous job is the first non-current job.
The acceptable syntax for a Job Identifier is of the form:
%jobid
where jobid may be specified in any of the following formats:
% or + for the current job
- for the previous job
?<string> specify the job for which the command line
uniquely contains string.
n for job number n, where n is a job number
pref where pref is a unique prefix of the command
name (for example, if the command ls -l foo
were running in the background, it could be
referred to as %ls); pref cannot contain
blanks unless it is quoted.
When job control is enabled, the following commands are added
to the user's environment to manipulate jobs:
Copyright 1994 Novell, Inc. Page 22
sh(1) sh(1)
bg [%jobid ...]
Resumes the execution of a stopped job in the
background. If %jobid is omitted the current job is
assumed.
fg [%jobid ...]
Resumes the execution of a stopped job in the
foreground, also moves an executing background job into
the foreground. If %jobid is omitted the current job is
assumed.
jobs [-p|-l] [%jobid . . .]
jobs -x command [arguments]
Reports all jobs that are stopped or executing in the
background. If %jobid is omitted, all jobs that are
stopped or running in the background will be reported.
The following options will modify/enhance the output of
jobs:
-l Report the process group ID and working directory
of the jobs.
-p Report only the process group ID of the jobs.
-x Replace any jobid found in command or arguments
with the corresponding process group ID, and then
execute command passing it arguments.
kill [-s signal] %jobid ...
kill -l [status]
kill [-signal] %jobid ...
Builtin version of kill to provide the functionality of
the kill(1) command for processes identified with a
jobid. See kill(1) for the other functionality.
stop %jobid ...
Stops the execution of a background job(s).
suspend
Stops the execution of the current shell (but not if it
is the login shell).
wait [%jobid ...]
wait builtin accepts a job identifier. If %jobid is
omitted wait behaves as described above under Special
Copyright 1994 Novell, Inc. Page 23
sh(1) sh(1)
Commands.
Restricted Shell (/usr/lib/rsh) Only
/usr/lib/rsh is used to set up login names and execution
environments whose capabilities are more controlled than those
of the standard shell. The actions of /usr/lib/rsh are
identical to those of sh, except that the following are dis-
allowed:
changing directory [see cd(1)]
setting the value of $PATH
specifying path or command names containing /
redirecting output (> and >>)
The restrictions above are enforced after .profile is
interpreted.
A restricted shell can be invoked in one of the following
ways: (1) rsh is the filename part of the last entry in the
/etc/passwd file [see passwd(4)]; (2) the environment variable
SHELL exists and rsh is the filename part of its value; (3)
the shell is invoked and rsh is the filename part of argument
0; (4) the shell is invoked with the -r option.
When a command to be executed is found to be a shell
procedure, /usr/lib/rsh invokes sh to execute it. Thus, it is
possible to provide to the end-user shell procedures that have
access to the full power of the standard shell, while imposing
a limited menu of commands; this scheme assumes that the end-
user does not have write and execute permissions in the same
directory.
The net effect of these rules is that the writer of the [see
profile(4)] has complete control over user actions by
performing guaranteed setup actions and leaving the user in an
appropriate directory (probably not the login directory).
The system administrator often sets up a directory of commands
(for example, /usr/rbin) that can be safely invoked by a
restricted shell. Some systems also provide a restricted
editor, red.
Copyright 1994 Novell, Inc. Page 24
sh(1) sh(1)
EXIT STATUS
Errors detected by the shell, such as syntax errors, cause the
shell to return a non-zero exit status. If the shell is being
used non-interactively execution of the shell file is
abandoned. Otherwise, the shell returns the exit status of
the last command executed (see also the exit command above).
jsh Only
If the shell is invoked as jsh and an attempt is made to exit
the shell while there are stopped jobs, the shell issues one
warning:
there are stopped jobs
This is the only message. If another exit attempt is made,
and there are still stopped jobs they will be sent a SIGHUP
signal from the kernel and the shell is exited.
FILES
/etc/profile
$HOME/.profile
/tmp/sh*
/dev/null
/usr/lib/locale/locale/LC_MESSAGES/uxcore.abi
language-specific message file [See LANG on environ(5).]
REFERENCES
cd(1), dup(2), echo(1), environ(5), exec(2), fork(2),
getopts(1), getrlimit(2), intro(1), intro(2), login(1),
newgrp(1M), pipe(2), profile(4), pwd(1), setlocale(3C),
signal(5), stty(1), test(1), ulimit(2), umask(1), wait(1)
NOTICES
Words used for filenames in input/output redirection are not
interpreted for filename generation (see ``Filename
Generation'', above). For example,
cat file1 >a*
will create a file named a*.
Because commands in pipelines are run as separate processes,
variables set in a pipeline have no effect on the parent
shell.
If you get the error message
Copyright 1994 Novell, Inc. Page 25
sh(1) sh(1)
UX:sh:ERROR:cannot fork, too many processes
try using the wait(1) command to clean up your background
processes. If this doesn't help, the system process table is
probably full or you have too many active foreground
processes. (There is a limit to the number of process ids
associated with your login, and to the number the system can
keep track of.)
Only the last process in a pipeline can be waited for.
If a command is executed, and a command with the same name is
installed in a directory in the search path before the
directory where the original command was found, the shell will
continue to exec the original command. Use the hash command
to correct this situation. Prior to Release 4, the rsh
command invoked the restricted shell. This restricted shell
command is /usr/lib/rsh and it can be executed by using the
full pathname. Beginning with Release 4, the rsh command is
the remote shell [see rsh(1)].
POSIX.2 states that assignments are performed from the
beginning of the command text to the end. Therefore, the
order of evaluation for variable assignments is changed to use
left to right expansion rules.
Copyright 1994 Novell, Inc. Page 26