|
|
/usr/bin/command [-v | -V] command_name
The command command causes the shell to treat the given command_name as a simple command, suppressing the shell function lookup that is described on the ksh(1) manual page.
If the command_name is the same as the name of one of the shell's special built-in utilities, the special properties in the enumerated list at the beginning of will not occur. In every other respect, if command_name is not the name of a shell function, the effect of the command line will be the same as if the command_name were specified without command.
The command utility also provides information concerning how a command name will be interpreted by the shell; see ``Flags''.
Utilities, regular built-in utilities, command_names including a slash character, and any implementation-provided functions that are found using the PATH variable, will be written as absolute pathnames.
Shell functions, special built-in utilities, regular built-in utilities not associated with a PATH search, and shell reserved words will be written as just their names.
An alias will be written as a command line that represents its alias definition. Otherwise, no output will be written and the exit status will reflect that the name was not found.
Utilities, regular built-in utilities, and any implementation-provided functions that are found using the PATH variable, will be identified as such and include the absolute pathname in the string.
Other shell functions will be identified as functions.
Aliases will be identified as aliases and their definitions will be included in the string.
Special built-in utilities will be identified as special built-in utilities. Regular built-in utilities not associated with a PATH search will be identified as regular built-in utilities.
Shell reserved words will be identified as reserved words.
In all other cases, the following exit values are returned:
If there is no error in the command utility, and the command_name utility is found and executed, the exit status of command is that of the command_name specified.
The value 126 was chosen in a similar manner to indicate that the utility could be found, but not invoked.
The distinction between exit codes 126 and 127 is based on KornShell practice that uses 127 when all attempts to exec the utility fail with ENOENT, and uses 126 when any attempt to exec the utility fails for any other reason.
There are some advantages to suppressing the special characteristics
of special built-ins on occasion. For example:
command exec > unwritable-file
will not cause a non-interactive script to abort, so that the output status can be checked by the script.
Since the -v and -V options of command produce output
in relation to the current shell execution environment,
if command is called in a subshell or separate utility execution
environment, such as one of the following:
(PATH=foo command -v)
nohup command -v
it will not necessarily produce correct results. For example, when called with nohup or an exec function, in a separate utility execution environment, most implementations will not be able to identify aliases, functions or special built-ins.
Two types of regular built-ins could be encountered on a system and
these are described separately by command.
If a standard utility is implemented as a regular built-in
(such as true), the command:
command -v true
yields /bin/true as its output. Other implementation-provided utilities that exist only as built-ins and have no pathname associated with them produce output identified as (regular) built-ins. Applications encountering these will not be able to count on execing them, using them with nohup, overriding them with a different PATH, and so forth.
Start off a ``secure shell script'' in which the script avoids being spoofed by its parent:
# Set IFS to its default value. IFS=' ' # The preceding value should be <space><tab><newline>. # Unset all possible aliases. ias -a # Note that unalias is escaped to prevent an alias # being used for unalias. # Ensure command is not a user function. unset -f command # Put on a reliable PATH prefix. PATH="$(command -p getconf _CS_PATH):$PATH" # Remainder of script follows. . . .At this point, given correct permissions on the directories called by PATH, the script has the ability to ensure that any utility it calls is the intended one. It is being very cautious because it assumes that implementation extensions may be present that would allow user functions to exist when it is invoked. For example, the ENV variable precedes the invocation of the script with a user startup script. Such a script could define functions to spoof the application.