Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Unix - Frequently Asked Questions (2/7) [Frequent posting]
Section - What's wrong with having '.' in your $PATH ?

( Part1 - Part2 - Part3 - Part4 - Part5 - Part6 - Part7 - Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Forum ]


Top Document: Unix - Frequently Asked Questions (2/7) [Frequent posting]
Previous Document: How do I find the last argument in a Bourne shell script?
Next Document: How do I ring the terminal bell during a shell script?
See reader questions & answers on this topic! - Help others by sharing your knowledge

2.13) What's wrong with having '.' in your $PATH ?

      A bit of background: the PATH environment variable is a list of
      directories separated by colons.  When you type a command name
      without giving an explicit path (e.g. you type "ls", rather than
      "/bin/ls") your shell searches each directory in the PATH list in
      order, looking for an executable file by that name, and the shell
      will run the first matching program it finds.

      One of the directories in the PATH list can be the current
      directory "." .  It is also permissible to use an empty directory
      name in the PATH list to indicate the current directory.  Both of
      these are equivalent

      for csh users:

        setenv PATH :/usr/ucb:/bin:/usr/bin
        setenv PATH .:/usr/ucb:/bin:/usr/bin

      for sh or ksh users

        PATH=:/usr/ucb:/bin:/usr/bin export PATH
        PATH=.:/usr/ucb:/bin:/usr/bin export PATH

      Having "." somewhere in the PATH is convenient - you can type
      "a.out" instead of "./a.out" to run programs in the current
      directory.  But there's a catch.

      Consider what happens in the case  where "." is the first entry
      in the PATH.  Suppose your current directory is a publically-
      writable one, such as "/tmp".  If there just happens to be a
      program named "/tmp/ls" left there by some other user, and you
      type "ls" (intending, of course, to run the normal "/bin/ls"
      program), your shell will instead run "./ls", the other user's
      program.  Needless to say, the results of running an unknown
      program like this might surprise you.

      It's slightly better to have "." at the end of the PATH:

        setenv PATH /usr/ucb:/bin:/usr/bin:.

      Now if you're in /tmp and you type "ls", the shell will
      search /usr/ucb, /bin and /usr/bin for a program named
      "ls" before it gets around to looking in ".", and there
      is less risk of inadvertently running some other user's
      "ls" program.  This isn't 100% secure though - if you're
      a clumsy typist and some day type "sl -l" instead of "ls -l",
      you run the risk of running "./sl", if there is one.
      Some "clever" programmer could anticipate common typing
      mistakes and leave programs by those names scattered
      throughout public directories.  Beware.

      Many seasoned Unix users get by just fine without having
      "." in the PATH at all:

        setenv PATH /usr/ucb:/bin:/usr/bin

      If you do this, you'll need to type "./program" instead
      of "program" to run programs in the current directory, but
      the increase in security is probably worth it.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Top Document: Unix - Frequently Asked Questions (2/7) [Frequent posting]
Previous Document: How do I find the last argument in a Bourne shell script?
Next Document: How do I ring the terminal bell during a shell script?

Part1 - Part2 - Part3 - Part4 - Part5 - Part6 - Part7 - Single Page

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
tmatimar@isgtec.com (Ted Timar)





Last Update March 27 2014 @ 02:12 PM