ksh - was: Re: csh progermming considered harmful
Shakespeare wrote plays and sonnets which will last an eternity, but on Fri, Dec 14, 2007 at 22:33 , [EMAIL PROTECTED] wrote these truly forgetable lines: > Date: Fri, 14 Dec 2007 21:10:08 + > From: "Frank Shute" <[EMAIL PROTECTED]> > Subject: Re: Apparently, csh programming is considered harmful. > To: Mike Jeays <[EMAIL PROTECTED]> > Cc: FreeBSD Questions > On Thu, Dec 13, 2007 at 08:12:32PM -0500, Mike Jeays wrote: > > On December 13, 2007 08:05:42 pm Chad Perrin wrote: > > > I ran across this today: [much deleted - wjv] > > Bash has all the features one is likely to need for > > interactive use as well, and one could make a good case for it being > > the 'standard' shell now. > > Standard shell for what? Linux maybe but not FreeBSD or any of the > other BSDs for that matter. It being GPL guarantees that quite apart > from it general suckiness. > > I used bash for an interactive shell for about 5 years until I > discovered the goodness of pdksh. About half the size, statically > linked, not full of bugs and better editing features. Plus it's not > GPL. > > I tried replacing /bin/bash with /bin/ksh on a Linux system and it > almost completely broke it. Suggests the Linux folks can't write > boot scripts without bashisms. > > I'm tempted to try doing the same on FreeBSD (replace sh with pdksh) > just for the hell of it and see what happens. I tried the pdksh once and didn't like it. I went back to the genuine ksh [from AT&T] that I had been using for years, and I have it on all the *n*x systems I mainatain. Even though it's bigger then the pdksh [and I always compile my shells statically just in case] I'd be lost without it. Bill -- Bill Vermillion - bv @ wjv . com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Anyone use KSH?
Those work fine for me, just add: set -o emacs to your login file(s). I actually have added to my .profile: if [ "$SHELL" = "/usr/local/bin/ksh" ] ; then if [ -f $HOME/.kshrc ] ; then . $HOME/.kshrc fi fi and have the ksh customizations in: .kshrc -Derek At 10:55 AM 3/12/2007, Sunnz wrote: Just installed Release 6.2 on my workstation, and the first thing I did was installing (pd)ksh since I have been using it before... I found that a few things doesn't work, tab-completion, up/down arrow keys, ctrl-A ctrl-E to go to the beginning/end of a line. Does anyone uses ksh here who knows if this is normal behaviour? -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Anyone use KSH?
On Tue, Mar 13, 2007, Sunnz wrote: >Just installed Release 6.2 on my workstation, and the first thing I >did was installing (pd)ksh since I have been using it before... > >I found that a few things doesn't work, tab-completion, up/down arrow >keys, ctrl-A ctrl-E to go to the beginning/end of a line. My guess is that you're in vi mode by default (set -o vi), and would prefer it to be in emacs mode. Try ``set -o emacs'' to see if it does what you want. Personally I much prefer the vi mode as I've never been able to get my fingers to learn emacs. After using ksh for almost twenty years, I finally switched to bash from ksh several months ago when I found that tab completion works in vi mode on bash, and a simple alias "r='fc -s'" allows me to use the ksh style ``r'' commands to repeat previous commands. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way FAX:(206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 Make no laws whatever concerning speech and, speech will be free; so soon as you make a declaration on paper that speech shall be free, you will have a hundred lawyers proving that ``freedom does not mean abuse, nor liberty license;'' and they will define and define freedom out of existence. - Voltarine de Cleyre (1866-1912) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Anyone use KSH?
Just installed Release 6.2 on my workstation, and the first thing I did was installing (pd)ksh since I have been using it before... I found that a few things doesn't work, tab-completion, up/down arrow keys, ctrl-A ctrl-E to go to the beginning/end of a line. Does anyone uses ksh here who knows if this is normal behaviour? -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Ksh Shell script security question.
I am am puzzled how to secure this code when this shell script is being executed. ${ORACLE_HOME}/bin/sqlplus -s < Hi Dak, The reason you can see the code in ${RESTOREFILE} is because of the tee command. With `tee -a` you're actually asking to have the code installed in ${RESTOREFILE}. Now, one way to secure this is to set a restrictive umask at the start of the script. For example, setting `umask 0077` will cause your script to generate files which will only be read/write for the user who runs the script. But the files will still have you username/passwd in them. To remove the username/passwd from the files, may I suggest you change your code to include the username/passwd into the sqlplus command. Like this for example: export ORACLE_SID="your_oracle_sid" sqlplus "${USERNAME}/${PASSWORD}" -s <<-EOF | tee -a ${RESTOREFILE}. set heading off set feedback off set pagesize 500 select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY; quit EOF This will still generate a file, but the username/password won't be there. Of course, that means you need to hide your credentials in an encrypted file eslwhere on your machine. You can then setup code that will check the md5 sum of the password file and use something like OpenSSL or GPG to encrypt/decrypt the file. Have fun, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Ksh Shell script security question.( SOLVED)
On 2/15/07, Dan Nelson <[EMAIL PROTECTED]> wrote: In the last episode (Feb 15), Thomas Dickey said: > On Wed, Feb 14, 2007 at 10:57:12PM -0600, Dan Nelson wrote: > > In the last episode (Feb 14), Dak Ghatikachalam said: > > > I am am puzzled how to secure this code when this shell script is > > > being executed. > > > > > > ${ORACLE_HOME}/bin/sqlplus -s < > > EOF > > > > > > When I run this code from shell script in /tmp directory it spews > > > file called /tmp/sh03400.000 in that I have this entire code > > > visible. > > > > I bet if you check the permissions you'll find the file has mode > > 0600, which means only the user running the script can read the > > file (at least that's what a test using the pdksh port does on my > > system). ksh93 does have a problem, though: it opens a file and > > immediately unlinks it, but the file is world-readable for a short > > time. > > Doesn't it (ksh93, etc) pay attention to umask? > If it does, the script should use that feature. It does honor umask, but I think temp files should be created mode 0600 in all cases. A person may have a umask of 022 to allow normal files to be read by group members but still not want them to see here-document contents. They may not even realize that their shell is using tempfiles. Some shells use pipes (bash and ash do; zsh uses an 0600 tempfile that it immediately unlinks; Solaris sh uses an 0600 tempfile). > > Both ksh variants honor the TMPDIR variable, though, so if you create a > > ~/tmp directory, chmod it so only you can access it, then set > > TMPDIR=~/tmp , you will be secure even if you're using ksh93. > > relatively (it's not a given that people haven't opened up ~/tmp) I think if someone has gone to the trouble of creating a private ~/tmp directory, they probably know what they're doing and know the consequences of opening it up. I appreciate all your response. Thanks a lot for insight on unix fundementals The issue I had is solved by doing umask 077 at the start of the script, so what it did was it created the temporary files with read+write for owner of the file , and in my process I also create directories while RMAN backup is being run, so that umask 077 for directory gave rwx for directories while creation This problem I had is solved now, it is secure Thanks Dak -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to " [EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Ksh Shell script security question.
In the last episode (Feb 15), Thomas Dickey said: > On Wed, Feb 14, 2007 at 10:57:12PM -0600, Dan Nelson wrote: > > In the last episode (Feb 14), Dak Ghatikachalam said: > > > I am am puzzled how to secure this code when this shell script is > > > being executed. > > > > > > ${ORACLE_HOME}/bin/sqlplus -s < > > EOF > > > > > > When I run this code from shell script in /tmp directory it spews > > > file called /tmp/sh03400.000 in that I have this entire code > > > visible. > > > > I bet if you check the permissions you'll find the file has mode > > 0600, which means only the user running the script can read the > > file (at least that's what a test using the pdksh port does on my > > system). ksh93 does have a problem, though: it opens a file and > > immediately unlinks it, but the file is world-readable for a short > > time. > > Doesn't it (ksh93, etc) pay attention to umask? > If it does, the script should use that feature. It does honor umask, but I think temp files should be created mode 0600 in all cases. A person may have a umask of 022 to allow normal files to be read by group members but still not want them to see here-document contents. They may not even realize that their shell is using tempfiles. Some shells use pipes (bash and ash do; zsh uses an 0600 tempfile that it immediately unlinks; Solaris sh uses an 0600 tempfile). > > Both ksh variants honor the TMPDIR variable, though, so if you create a > > ~/tmp directory, chmod it so only you can access it, then set > > TMPDIR=~/tmp , you will be secure even if you're using ksh93. > > relatively (it's not a given that people haven't opened up ~/tmp) I think if someone has gone to the trouble of creating a private ~/tmp directory, they probably know what they're doing and know the consequences of opening it up. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Ksh Shell script security question.
On Wed, Feb 14, 2007 at 10:57:12PM -0600, Dan Nelson wrote: > In the last episode (Feb 14), Dak Ghatikachalam said: > > I am am puzzled how to secure this code when this shell script is > > being executed. > > > > ${ORACLE_HOME}/bin/sqlplus -s < >connect system/ugo8990d > >set heading off > >set feedback off > >set pagesize 500 > >select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY; > >quit > > EOF > > > > When I run this code from shell script in /tmp directory it spews > > file called /tmp/sh03400.000 in that I have this entire code visible. > > I bet if you check the permissions you'll find the file has mode 0600, > which means only the user running the script can read the file (at > least that's what a test using the pdksh port does on my system). > ksh93 does have a problem, though: it opens a file and immediately > unlinks it, but the file is world-readable for a short time. Doesn't it (ksh93, etc) pay attention to umask? If it does, the script should use that feature. > > Both ksh variants honor the TMPDIR variable, though, so if you create a > ~/tmp directory, chmod it so only you can access it, then set > TMPDIR=~/tmp , you will be secure even if you're using ksh93. relatively (it's not a given that people haven't opened up ~/tmp) -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net pgpKiemVJGeeu.pgp Description: PGP signature
Re: Ksh Shell script security question.
In the last episode (Feb 14), Dak Ghatikachalam said: > I am am puzzled how to secure this code when this shell script is > being executed. > > ${ORACLE_HOME}/bin/sqlplus -s <connect system/ugo8990d >set heading off >set feedback off >set pagesize 500 >select 'SCN_TO_USE | '||max(next_change#) from V\$LOG_HISTORY; >quit > EOF > > When I run this code from shell script in /tmp directory it spews > file called /tmp/sh03400.000 in that I have this entire code visible. I bet if you check the permissions you'll find the file has mode 0600, which means only the user running the script can read the file (at least that's what a test using the pdksh port does on my system). ksh93 does have a problem, though: it opens a file and immediately unlinks it, but the file is world-readable for a short time. Both ksh variants honor the TMPDIR variable, though, so if you create a ~/tmp directory, chmod it so only you can access it, then set TMPDIR=~/tmp , you will be secure even if you're using ksh93. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Ksh Shell script security question.
Hi Freebsd I am am puzzled how to secure this code when this shell script is being executed. ${ORACLE_HOME}/bin/sqlplus -s
problem with ksh finding console columns and lines
Hi guys, I am having problem with finding $COLUMNS and $LINES from ksh. Couldn't find any workable example on google. Any help or direction will be appreciated. Thanks a lot. Lei ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: ksh
Thanks that did it. It seems weird that ksh would use .shrc as its startup file, especially when it says bourne shell startup file inside of it. On Thu, Jul 08, 2004 at 08:53:59PM +0300, Tero Koskinen <[EMAIL PROTECTED]> wrote: > On Thu, 8 Jul 2004 09:44:11 -0700 > Chris Sechiatano <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > I installed ksh on my 5.2.1 system. In my .profile I have: > > > > set -o vi > > set -o vi-tabcomplete > > > > However, the 'set -o vi' doesn't seem to work. When I log in, ksh is still > > in emacs mode. > > > > Anybody know how to make it work? > > Check your "$HOME/.shrc". By default there is line 'set -o emacs' and ksh > executes that file after $HOME/.profile. > > I was bitten by the same problem and it took me a week to figure out what > was going on, especially since on OpenBSD/NetBSD similar $HOME/.profile > worked perfectly (I had no $HOME/.shrc there). > > -- > Tero Koskinen - http://iki.fi/tero.koskinen/ > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" -- Chris Sechiatano [EMAIL PROTECTED] www.chris-s.com PGP Key 0x0021EFA0 pgpNHtObZn995.pgp Description: PGP signature
Re: ksh
On Thu, 8 Jul 2004 09:44:11 -0700 Chris Sechiatano <[EMAIL PROTECTED]> wrote: > Hi, > > I installed ksh on my 5.2.1 system. In my .profile I have: > > set -o vi > set -o vi-tabcomplete > > However, the 'set -o vi' doesn't seem to work. When I log in, ksh is still > in emacs mode. > > Anybody know how to make it work? Check your "$HOME/.shrc". By default there is line 'set -o emacs' and ksh executes that file after $HOME/.profile. I was bitten by the same problem and it took me a week to figure out what was going on, especially since on OpenBSD/NetBSD similar $HOME/.profile worked perfectly (I had no $HOME/.shrc there). -- Tero Koskinen - http://iki.fi/tero.koskinen/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
ksh
Hi, I installed ksh on my 5.2.1 system. In my .profile I have: set -o vi set -o vi-tabcomplete However, the 'set -o vi' doesn't seem to work. When I log in, ksh is still in emacs mode. Anybody know how to make it work? Thanks -- Chris Sechiatano [EMAIL PROTECTED] PGP Key 0x0021EFA0 pgpu0fhYRxIdd.pgp Description: PGP signature
Re: Shell history in FreeBSD ksh (or ksh93)
stan <[EMAIL PROTECTED]> writes: > I've now got a 4.7 STABLE machine, and I'm trying to get this to work with > either it's ksh, or ksh93 (which I thought would be the same as the ATT&T > version, since it's code is now free). [...] "No cost", lest anyone misunderstand. The ksh93 license has lots of strings. > Where should I start looking? What environment variables control this, and > what should the be set to? I run the ksh from "ports/shells/pdksh" in emacs mode, but I just now used the "set -o vi" command and editing seems to work as you explained. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Shell history in FreeBSD ksh (or ksh93)
I've been using ksh with the "vi" keybindings for several years now (changed from csh). I've even been able to get this working on former FreeBSD machines, by downloading the ksh from the ATT&T site. I've now got a 4.7 STABLE machine, and I'm trying to get this to work with either it's ksh, or ksh93 (which I thought would be the same as the ATT&T version, since it's code is now free). But so far I've not been able to get this to work. To be specific, what I want is to be able to press [ESC} and be in the ex (line mode) editor on the command history. I dragged over a set of . files from a working FreeBSD machine, that has the ATT&T version, but it's still not working on this machine. It's been _way_ too long since I set this up to remember how I got it working. Where should I start looking? What environment variables control this, and what should the be set to? Thanks for help on this. -- "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." -- Benjamin Franklin To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: perl / ksh help
> > > hi, > > I know some one has already done this and I need a little help. I have > two identical directories on two seperate machines. The files were > moved over fromm machine a to machine b. Everything is working > properly on machine b but all of the permissions were lost. > > I've done the following: > > (machine a)# find ./ -ls -print > perm.list > > Gave me the file listing and permisions > > (machine a)# cat perm.list | awk '{print $4," ",$11}' > newperm.list > > This removed garbage like date owners etc that I didn't need. > > Now I'm stuck with a file that looks like this: > > -rw-r--r-- ./data/dir/data/getme.bin.old > -rw-rw-rw- ./data/dir/data/stp.501 > drwxrwxrwx ./data/dir/data/realgoodgold > -rwsr-xr-x ./data/dir/exe/help If you have the directory on mach a with the perms you want, then why don't you just tar that dir up with the '-p' flag to preserve permissions. Then make the directory where you want it and untar it all, again using '-p' on the other machine . It should do what I think you might be saying here. on mach a: cd /dir-you-want-to-move tar cvpf ../stuff.tar * move tar file to mach b on mach b: mkdir /where-you-want-stuff-to-go cd /where-you-want-stuff-to-go tar xvpf ./stuff.tar voila! jerry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
perl / ksh help
hi, I know some one has already done this and I need a little help. I have two identical directories on two seperate machines. The files were moved over fromm machine a to machine b. Everything is working properly on machine b but all of the permissions were lost. I've done the following: (machine a)# find ./ -ls -print > perm.list Gave me the file listing and permisions (machine a)# cat perm.list | awk '{print $4," ",$11}' > newperm.list This removed garbage like date owners etc that I didn't need. Now I'm stuck with a file that looks like this: -rw-r--r-- ./data/dir/data/getme.bin.old -rw-rw-rw- ./data/dir/data/stp.501 drwxrwxrwx ./data/dir/data/realgoodgold -rwsr-xr-x ./data/dir/exe/help At this point I'm thinking great, now all I need is to create a perl or shell script that converts the -rw-r--r--, etc into some sort of numerical value and then do soemthing like this for chmod $1 $2 done .using perl or ksh. However I can't figure out how to do the conversion correctly. Please will one of you perl / ksh experts please help me out. SEcondly I have a perl script that calls: use GIFgraph::lines The maker is now saying to call GD::Graph instead of GIFgraph (http://www.cpan.org/modules/by-module/GIFgraph/GIFgraph-1.20.readme). I need to re-engineer the script is there a tutorial on GD:Graph some where? Thanks To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: perl / ksh help
On Fri, Oct 25, 2002 at 04:43:15AM +0200, rootjrs wrote: > I know some one has already done this and I need a little help. I have > two identical directories on two seperate machines. The files were > moved over fromm machine a to machine b. Everything is working > properly on machine b but all of the permissions were lost. > > I've done the following: > > (machine a)# find ./ -ls -print > perm.list > > Gave me the file listing and permisions > > (machine a)# cat perm.list | awk '{print $4," ",$11}' > newperm.list > > This removed garbage like date owners etc that I didn't need. > > Now I'm stuck with a file that looks like this: > > -rw-r--r-- ./data/dir/data/getme.bin.old > -rw-rw-rw- ./data/dir/data/stp.501 > drwxrwxrwx ./data/dir/data/realgoodgold > -rwsr-xr-x ./data/dir/exe/help > > At this point I'm thinking great, now all I need is to create a perl or > shell script that converts the -rw-r--r--, etc into some sort of numerical value and >then > do soemthing like this > > for > chmod $1 $2 > done > > .using perl or ksh. However I can't figure out how to do the > conversion correctly. Please will one of you perl / ksh experts please > help me out. Instead of beating your brains out writing scripts to do this, simply install ports/net/rsync. Then synchronizing the file systems on the two boxes is simple. From the machine with the original copy of the data: rsync -avx --delete /path/to/data/dir/ other.machine.com:/path/to/data/dir/ This will copy the data from the original filesystem to the second one using the minimum amount of network traffic possible. Nb. the trailing slashes on those paths are important. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
perl / ksh help
hi, I know some one has already done this and I need a little help. I have two identical directories on two seperate machines. The files were moved over fromm machine a to machine b. Everything is working properly on machine b but all of the permissions were lost. I've done the following: (machine a)# find ./ -ls -print > perm.list Gave me the file listing and permisions (machine a)# cat perm.list | awk '{print $4," ",$11}' > newperm.list This removed garbage like date owners etc that I didn't need. Now I'm stuck with a file that looks like this: -rw-r--r-- ./data/dir/data/getme.bin.old -rw-rw-rw- ./data/dir/data/stp.501 drwxrwxrwx ./data/dir/data/realgoodgold -rwsr-xr-x ./data/dir/exe/help At this point I'm thinking great, now all I need is to create a perl or shell script that converts the -rw-r--r--, etc into some sort of numerical value and then do soemthing like this for chmod $1 $2 done .using perl or ksh. However I can't figure out how to do the conversion correctly. Please will one of you perl / ksh experts please help me out. SEcondly I have a perl script that calls: use GIFgraph::lines The maker is now saying to call GD::Graph instead of GIFgraph (http://www.cpan.org/modules/by-module/GIFgraph/GIFgraph-1.20.readme). I need to re-engineer the script is there a tutorial on GD:Graph some where? Thanks To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message