Reputation: 7785
run UNIX programs from the working directory?
In order to run UNIX programs from my current directory, I included this in my ~/.profile (I'm using Mac OS 10.9):
export PATH="./:$PATH"
Anything wrong with this approach? It seems obvious, so why isn't it included by default? And, is there any better way to do it?
Upvotes: 1
Views: 116
Answers (3)
Reputation: 124804
Don't do it.
Adding . to $PATH is a security risk, that's why it's not like that by default. Consider the paths listed in $PATH as "trusted locations". You can run the programs and scripts in them without typing their absolute paths.
If you add . to $PATH, then you may run things by accident. For example I often run the netstat command to check statistics. I'm so used to it, I type only until "nets" and press tab, and I know it will be auto-completed to "netstat" so I very quickly press enter. If I had . on my $PATH, and there was a malicious script named "netst" in the current directory, then I might accidentally run it when I mean to run netstat as usual, pressing enter too fast to realize that tab auto-completed to netst instead of netstat.
This is just one example, I could easily think of more. Having . on $PATH is a security risk, that's why it's never there by default in any system. Appending . to the end is better than prepending it, but it's really best to not do it at all. Typing the ./ in front of programs should not be too much of a hassle, and you have the peace of mind of knowing exactly what you're running.
I think the conclusions in the duplicate questions are too soft:
- https://superuser.com/questions/156582/why-is-not-in-the-path-by-default
- https://unix.stackexchange.com/questions/65700/is-it-safe-to-add-to-my-path-how-come
Nobody should ever do this. The convenience this gives is ridiculously small compared to the dangers.
Upvotes: 4
Reputation: 241931
The dangers of putting . in your $PATH are easy to find in other SO answers, so I'll just concentrate on "is there a better way to do [it]?". If "[it]" is "run my scripts without annoying punctuation," then the better way is to put all of your scripts in a directory called, for example, ~/bin, and add that to your $PATH.
You still need to be careful about what you put into that directory, and you will still have to avoid reusing names of built-ins as executables (test and time are popular bad names), but it doesn't open you up to random exploits or unexpected consequences of typing ls from the wrong directory.
Upvotes: 1
Reputation: 40061
That's a good way to do it if you need it.
One reason it's not included by default is that malicious packages (of any kind, like tgz) can contains programs named the same as system commands that will remove things, start viruses or small daemons for future DDoS attacks.
What if a pack contains a program called emacs or vi? That besides showing the directory or change working directory also does something else?
So before putting that in your path consider what you will download.
Personally I'm happy with running ./local_program instead of putting it on the path.
Upvotes: 1
Related Questions
- How do I run a program with a different working directory from current, from Linux shell?
- How can i run a linux executable from any directory in terminal?
- Shell Scripts in Mac OS X run from home directory?
- How can I run .sh file on MAC from other directory
- Run .command–file in the folder it's located?
- running an executable in its own working directory
- Mac OSX - Start Shell & Working Directories
- Change output path of program in bash
- How to execute a program by name on command-line without typing current directory?
- bash: Run another program in the current directory while running from path