Contents:
Installing the Korn Shell as the Standard Shell
Environment Customization
System Security Features
System administrators use the shell as part of their job of setting up a system-wide environment for all users. In this chapter, we'll discuss the Korn shell's features that relate to this task from two perspectives: customization that is available to all users and system security. We assume that you already know the basics of UNIX system administration. [1]
[1] A good source of information on system administration is Essential System Administration, a Nutshell Handbook from O'Reilly & Associates, Inc., by AEleen Frisch.
As a prelude to system-wide customization, we want to emphasize something about the Korn shell that doesn't apply to most other shells: you can install it as if it were the standard Bourne shell, i.e., as /bin/sh. Just save the real Bourne shell as another filename, such as /bin/bsh, in case anyone actually needs it for anything (which is doubtful), then rename your Korn shell as /bin/sh.
Many installations have done this with absolutely no ill effects. Not only does this make the Korn shell your system's standard login shell, but it also makes most existing Bourne shell scripts run faster, and it has security advantages that we'll see later in this chapter.
As we will see in Appendix A, Related Shells, the Korn shell is backward-compatible with the Bourne shell except that it doesn't support ^ as a synonym for the pipe character |. Unless you have an ancient UNIX system, or you have some very, very old shell scripts, you needn't worry about this.
But if you want to be absolutely sure, simply search through all shell scripts in all directories in your PATH. An easy way to do this is to use the file command, which we saw in Chapter 5, Flow Control and Chapter 9, Debugging Shell Programs. file prints "executable shell script" when given the name of one. [2] Here is a script that looks for ^ in shell scripts in every directory in your PATH:
[2] The exact message varies from system to system; make sure that yours prints this message when given the name of a shell script. If not, just substitute the message your file command prints for "shell script" in the code below.
IFS=: for d in $PATH; do print checking $d: cd $d scripts=$(file * | grep 'shell script' | cut -d: -f1) for f in $scripts; do grep '' $f /dev/null done done
The first line of this script make it possible to use $PATH as an item list in the for loop. For each directory, it cds there and finds all shell scripts by piping the file command into grep and then, to extract the filename only, into cut. Then for each shell script, it searches for the ^ character. [3]
[3] The inclusion of /dev/null in the grep command is a kludge that forces grep to print the names of files that contain a match, even if there is only one such file in a given directory.
If you run this script, you will probably find several occurrences of ^-but these should be used within regular expressions in grep, sed, or awk commands, not as pipe characters. Assuming this is the case, it is safe for you to install the Korn shell as /bin/sh.