Frequently Asked Questions about Unix - with Answers [Monthly posting]

Frequently Asked Questions about Unix - with Answers [Monthly posting]

Post by Steve Haym » Thu, 04 Jul 1991 05:26:45

[Last changed: $Date: 91/07/02 15:25:53 $ by $Author: sahayman $]

This article contains the answers to some Frequently Asked Questions
often seen in comp.unix.questions.  Please don't ask these questions
again, they've been answered plenty of times already - and please don't
flame someone just because they may not have read this particular
posting.  Thank you.

This article includes answers to:

        0)  Who helped you put this list together?
        1)  How do I remove a file whose name begins with a "-" ?
        2)  How do I remove a file with funny characters in the filename ?
        3)  How do I get a recursive directory listing?
        4)  How do I get the current directory into my prompt?
        5)  How do I read characters from a terminal without requiring the user
              to hit RETURN?
        6)  How do I read characters from the terminal in a shell script?
        7)  How do I check to see if there are characters to be read without
              actually reading?
        8)  How do I find the name of an open file?
        9)  How do I rename "*.foo" to "*.bar", or change file names
              to lowercase?
        10) Why do I get [some strange error message] when I
              "rsh host command" ?
        11) How do I find out the creation time of a file?
        12) How do I use "rsh" without having the rsh hang around
              until the remote command has completed?
        13) How do I truncate a file?
        14) How do I {set an environment variable, change directory} inside a
              program or shell script and have that change affect my
              current shell?
        15) Why doesn't find's "{}" symbol do what I want?
        16) How do I redirect stdout and stderr separately in csh?
        17) How do I set the permissions on a symbolic link?
        18) When someone refers to 'rn(1)' or 'ctime(3)', what does
              the number in parentheses mean?
        19) What does {awk,grep,fgrep,egrep,biff,cat,gecos,nroff,troff,tee,bss}
              stand for?
        20) How does the gateway between "comp.unix.questions" and the
            "info-unix" mailing list work?
        21) How do I "undelete" a file?
        22) How can a process detect if it's running in the background?
        23) How can an executing program determine its own pathname?
        24) How do I tell inside .cshrc if I'm a login shell?
        25) Why doesn't redirecting a loop work as intended?  (Bourne shell)
        26) How do I use popen() to open a process for reading AND writing?
        27) How do I run 'passwd', 'ftp', 'telnet', 'tip' and other interactive
              programs from a shell script or in the background?
        28) How do I sleep() in a C program for less than one second?
        29) How can I get setuid shell scripts to work?
        30) What are some useful Unix or C books?
        31) How do I construct a shell glob-pattern that matches all files
            except "." and ".." ?
        32) How do I find the last argument in a Bourne shell script?
        33) How can I find out which user or process has a file open or is using
            a particular file system (so that I can unmount it?)
        34) How do I keep track of people who are fingering me?
        35) How do I find out the process ID of a program with a particular
            name from inside a shell script or C program?
        36) What's wrong with having '.' in your $PATH ?
        37) What happened to the pronunciation list that used to be
            part of this document?

    If you're looking for the answer to, say, question 14, and want to skip
    everything else, you can search ahead for the regular expression "^14)".  

While these are all legitimate questions, they seem to crop up in
comp.unix.questions on an annual basis, usually followed by plenty
of replies (only some of which are correct) and then a period of
griping about how the same questions keep coming up.  You may also like
to read the monthly article "Answers to Frequently Asked Questions"
in the newsgroup "news.announce.newusers", which will tell you what
"UNIX" stands for.

With the variety of Unix systems in the world, it's hard to guarantee
that these answers will work everywhere.  Read your local manual pages
before trying anything suggested here.  If you have suggestions or
corrections for any of these answers, please send them to to or iuvax!sahayman.

0)  Who helped you put this list together?

I owe a great deal of thanks to dozens of Usenet readers who submitted
questions, answers, corrections and suggestions for this list.  I'd
especially like to thank Maarten Litmaath and Guy Harris, who have both
made many especially valuable contributions.

1)  How do I remove a file whose name begins with a "-" ?

    Figure out some way to name the file so that it doesn't
    begin with a dash.  The simplest answer is to use  

            rm ./-filename

    (assuming "-filename" is in the current directory, of course.)
    This method of avoiding the interpretation of the "-" works
    with other commands too.

    Many commands, particularly those that have been written to use
    the "getopt(3)" argument parsing routine, accept a "--" argument
    which means "this is the last option, anything after this is not
    an option", so your version of rm might handle "rm -- -filename".
    Some versions of rm that don't use getopt() treat a single "-"
    in the same way, so you can also try "rm - -filename".

2)  How do I remove a file with funny characters in the filename ?

    If the 'funny character' is a '/', skip to the last part of
    this answer.  If the funny character is something else,
    such as a ' ' or control character or character with
    the 8th bit set, keep reading.

    The classic answers are

        rm -i some*pattern*that*matches*only*the*file*you*want

        which asks you whether you want to remove each file matching
        the indicated pattern;  depending on your shell, this may
        not work if the filename has a character with the 8th bit set
        (the shell may strip that off);


        rm -ri .

        which asks you whether to remove each file in the directory.
        Answer "y" to the problem file and "n" to everything else.
        Unfortunately this doesn't work with many versions of rm.
        Also unfortunately, this will walk through every subdirectory
        of ".", so you might want to "chmod a-x" those directories
        temporarily to make them unsearchable.

        Always take a deep breath and think about what you're doing
        and double check what you typed when you use rm's "-r" flag
        or a wildcard on the command line;


        find . -type f ... -ok rm '{}' \;

    where "..." is a group of predicates that uniquely identify the
    file.  One possibility is to figure out the inode number
    of the problem file (use "ls -i .") and then use

        find . -inum 12345 -ok rm '{}' \;

        find . -inum 12345 -ok mv '{}' new-file-name \;

    "-ok" is a safety check - it will prompt you for confirmation of the
    command it's about to execute.  You can use "-exec" instead to avoid
    the prompting, if you want to live dangerously, or if you suspect
    that the filename may contain a funny character sequence that will mess
    up your screen when printed.

    What if the filename has a '/' in it?

    These files really are special cases, and can only be created
    by buggy kernel code (typically by implementations of NFS
    that don't filter out illegal characters in file names from
    remote machines.)  The first thing to do is to try to
    understand exactly why this problem is so strange.

    Recall that Unix directories are simply pairs of
    filenames and inode numbers.  A directory essentially
    contains information like this:

        filename  inode

        file1     12345
        file2.c   12349
        file3     12347

    Theoretically, '/' and '\0' are the only two characters that
    cannot appear in a filename - '/' because it's used to separate
    directories and files, and '\0' because it terminates a filename.

    Unfortunately some implementations of NFS will blithely create
    filenames with embedded slashes in response to requests from remote
    machines.  For instance, this could happen when someone on a Mac or
    other non-Unix machine decides to create a remote NFS file on
    your Unix machine with the date in the filename.  Your Unix
    directory then has this in it:

        filename  inode

        91/02/07  12357

    No amount of messing around with 'find' or 'rm' as described above
    will delete this file, since those utilities and all other Unix
    programs, are forced to interpret the '/' in the normal way.

    Any ordinary program will eventually try to do unlink("91/02/07"),
    which as far as the kernel is concerned means "unlink the file 07
    in the subdirectory 02 of directory 91", but that's not what we
    have - we have a *FILE* named "91/02/07" in the current directory.
    This is a subtle but crucial distinction.

    What can you do in this case?  
    The first thing to try is to return to the Mac that created this
    crummy entry, and see if you can convince it and your local NFS
    daemon to rename the file to something without slashes.

    If that doesn't work or isn't possible, you'll need help from your
    system manager, who will have to try the one of the following.
    Use "ls -i" to find the inode number of this bogus file, then
    unmount the file system and use "clri" to clear the inode, and
    "fsck" the file system with your fingers crossed.  This destroys
    the information in the file.  If you want to keep it, you can try:

        create a new directory in the same parent directory as the one
        containing the bad file name;

        move everything you can (i.e. everything but the file with
        the bad name) from the old directory to the new one;

        do "ls -id" on the directory containing the file with the
        bad name to get its inumber;

        umount the file system;

        "clri" the directory containing the file with the bad name;

        "fsck" the file system.

    Then, to find the file,

        remount the file system;

        rename the directory you created to have the name of
        the old directory (since the old directory should have
        been blown away by "fsck")

        move the file out of "lost+found" into the directory
        with a better name.

    Alternatively, you can patch the directory the hard way
    by crawling around in the raw file system.
    Use "fsdb", if you have it.

3)  How do I get a recursive directory listing?

    One of the following may do what you want:

        ls -R                   (not all versions of "ls" have -R)
        find . -print           (should work everywhere)
        du -a .                 (shows you both the name and size)

    If you're looking for a wildcard pattern that will match
    all ".c" files in this directory and below, you won't find one,
    but you can use

        % some-command `find . -name '*.c' -print`

    "find" is a powerful program.  Learn about it.

4)  How do I get the current directory into my prompt?

    It depends which shell you are using.  It's easy with some shells,
    hard or impossible with others.

    C Shell (csh):
        Put this in your .cshrc - customize the prompt variable
        the way you want.

            alias setprompt 'set prompt="${cwd}% "'
            setprompt           # to set the initial prompt
            alias cd 'chdir \!* && setprompt'

        If you use pushd and popd, you'll also need

            alias pushd 'pushd \!* && setprompt'
            alias popd  'popd  \!* && setprompt'

        Some C shells don't keep a $cwd variable - you can use
        `pwd` instead.

        If you just want the last component of the current directory
        in your prompt ("mail% " instead of "/usr/spool/mail% ")
        you can use

            alias setprompt 'set prompt="$cwd:t% "'

        Some older csh's get the meaning of && and || reversed.
        Try doing:

            false && echo bug

        If it prints "bug", you need to switch && and || (and get
        a better version of csh.)

    Bourne Shell (sh):

        If you have a newer version of the Bourne Shell (SVR2 or newer)
        you can use a shell function to make your own command, "xcd" say:

            xcd() { cd $* ; PS1="`pwd` $ "; }

        If you have an older Bourne shell, it's complicated but not impossible.
        Here's one way.  Add this to your .profile file:

                LOGIN_SHELL=$$ export LOGIN_SHELL
                CMDFILE=/tmp/cd.$$ export CMDFILE
                # 16 is SIGURG, pick some signal that isn't likely to be used
                PROMPTSIG=16 export PROMPTSIG
                trap '. $CMDFILE' $PROMPTSIG

        and then put this executable script (without the indentation!),
        let's call it "xcd", somewhere in your PATH

                : xcd directory - change directory and set prompt
                : by signalling the login shell to read a command file
                cat >${CMDFILE?"not set"} <<EOF
                cd $1
                PS1="\`pwd\`$ "
                kill -${PROMPTSIG?"not set"} ${LOGIN_SHELL?"not set"}

        Now change directories with "xcd /some/dir".

    Korn Shell (ksh):

        Put this in your .profile file:
                PS1='$PWD $ '

        If you just want the last component of the directory, use
                PS1='${PWD##*/} $ '

    T C shell (tcsh)

        Tcsh is a popular enhanced version of csh with some extra
        builtin variables (and many other features):

            %~          the current directory, using ~ for $HOME
            %d or %/    the full pathname of the current directory
            %c or %.    the trailing component of the current directory

        so you can do

            set prompt='%~ '

    BASH (FSF's "Bourne Again SHell")

        \w in $PS1 gives the full pathname of the current directory,
        with ~ expansion for $HOME;  \W gives the basename of
        the current directory.  So, in addition to the above sh and
        ksh solutions, you could use

            PS1='\w $ '
            PS1='\W $ '

5)  How do I read characters from a terminal without requiring the user
    to hit RETURN?

    Check out cbreak mode in BSD, ~ICANON mode in SysV.

    If you don't want to tackle setting the terminal parameters
    yourself (using the "ioctl(2)" system call) you can let the stty
    program do the work - but this is slow and inefficient, and you
    should change the code to do it right some time:

    #include <stdio.h>
            int c;

            printf("Hit any character to continue\n");
             * ioctl() would be better here; only lazy
             * programmers do it this way:
            system("/bin/stty cbreak");        /* or "stty raw" */
            c = getchar();
            system("/bin/stty -cbreak");
            printf("Thank you for typing %c.\n", c);


    You might like to check out the documentation for the "curses"
    library of portable screen functions.  Often if you're interested
    in single-character I/O like this, you're also interested in doing
    some sort of screen display control, and the curses library
    provides various portable routines for both functions.

6)  How do I read characters from the terminal in a shell script?

    In sh, use read.  It is most common to use a loop like

            while read line

    In csh, use $< like this:

            while ( 1 )
                set line = "$<"
                if ( "$line" == "" ) break

    Unfortunately csh has no way of distinguishing between
    a blank line and an end-of-file.

    If you're using sh and want to read a *single* character from
    the terminal, you can try something like

            echo -n "Enter a character: "
            stty cbreak         # or  stty raw
            readchar=`dd if=/dev/tty bs=1 count=1 2>/dev/null`
            stty -cbreak

            echo "Thank you for typing a $readchar ."

7)  How do I check to see if there are characters to be read without
    actually reading?

    Certain versions of UNIX provide ways to check whether
    characters are currently available to be read from a file
    descriptor.  In BSD, you can use select(2).  You can also use
    the FIONREAD ioctl (see tty(4)), which returns the number of
    characters waiting to be read, but only works on terminals,
    pipes and sockets.  In System V Release 3, you can use poll(2),
    but that only works on streams.  In Xenix - and therefore
    Unix SysV r3.2 and later - the rdchk() system call reports
    whether a read() call on a given file descriptor will block.

    There is no way to check whether characters are available to be
    read from a FILE pointer.  (You could poke around inside stdio data
    structures to see if the input buffer is nonempty, but that wouldn't
    work since you'd have no way of knowing what will happen the next
    time you try to fill the buffer.)

    Sometimes people ask this question with the intention of writing
            if (characters available from fd)
                    read(fd, buf, sizeof buf);
    in order to get the effect of a nonblocking read.  This is not the
    best way to do this, because it is possible that characters will
    be available when you test for availability, but will no longer
    be available when you call read.  Instead, set the O_NDELAY flag
    (which is also called FNDELAY under BSD) using the F_SETFL option
    of fcntl(2).  Older systems (Version 7, 4.1 BSD) don't have O_NDELAY;
    on these systems the closest you can get to a nonblocking read is
    to use alarm(2) to time out the read.

8)  How do I find the name of an open file?

    In general, this is too difficult.  The file descriptor may
    be attached to a pipe or pty, in which case it has no name.
    It may be attached to a file that has been removed.  It may
    have multiple names, due to either hard or symbolic links.

    If you really need to do this, and be sure you think long
    and hard about it and have decided that you have no choice,
    you can use find with the -inum and possibly -xdev option,
    or you can use ncheck, or you can recreate the functionality
    of one of these within your program.  Just realize that
    searching a 600 megabyte filesystem for a file that may not
    even exist is going to take some time.

9) How do I rename "*.foo" to "*.bar", or change file names to lowercase?

    Why doesn't "mv *.foo *.bar" work?  Think about how the shell
    expands wildcards.   "*.foo" and "*.bar" are expanded before the mv
    command ever sees the arguments.  Depending on your shell, this
    can fail in a couple of ways.  CSH prints "No match." because
    it can't match "*.bar".  SH executes "mv *.bar",
    which will only succeed if you happen to have a single
    directory named "*.bar", which is very unlikely and almost
    certainly not what you had in mind.

    Depending on your shell, you can do it with a loop to "mv" each
    file individually.  If your system has "basename", you can use:

    C Shell:
        foreach f ( *.foo )
            set base=`basename $f .foo`
            mv $f $

    Bourne Shell:
        for f in *.foo; do
            base=`basename $f .foo`
            mv $f $

    Some shells have their own variable substitution features, so instead
    of using "basename", you can use simpler loops like:

    C Shell:

        foreach f ( *.foo )
            mv $f $

    Korn Shell:

        for f in *.foo; do
            mv $f ${f%foo}bar

    If you don't have "basename" or want to do something like
    renaming foo.* to bar.*, you can use something like "sed" to
    strip apart the original file name in other ways, but
    the general looping idea is the same.  You can also convert
    file names into "mv" commands with 'sed', and hand the commands
    off to "sh" for execution.  Try

        ls -d *.foo | sed -e 's/.*/mv & &/' -e 's/foo$/bar/' | sh

    A program by Vladimir Lanin called "mmv" that does this job nicely
    was posted to comp.sources.unix (Volume 21, issues 87 and 88) in
    April 1990.  It lets you use

        mmv '*.foo' ''

    Shell loops like the above can also be used to translate
    file names from upper to lower case or vice versa.  You could use
    something like this to rename uppercase files to lowercase:

        C Shell:
            foreach f ( * )
                mv $f `echo $f | tr '[A-Z]' '[a-z]'`
        Bourne Shell:
            for f in *; do
                mv $f `echo $f | tr '[A-Z]' '[a-z]'`
        Korn Shell:
            typeset -l l
            for f in *; do
                mv $f $l

    If you wanted to be really thorough and handle files with
    `funny' names (embedded blanks or whatever) you'd need to use

        Bourne Shell:

            for f in *; do
              g=`expr "xxx$f" : 'xxx\(.*\)' | tr '[A-Z]' '[a-z]'`
              mv "$f" "$g"

    The `expr' command will always print the filename, even if it equals
    `-n' or if it contains a System V escape sequence like `\c'.

    Some versions of "tr" require the [ and ], some don't.  It happens
    to be harmless to include them in this particular example; versions of
    tr that don't want the [] will conveniently think they are supposed
    to translate '[' to '[' and ']' to ']'.

    If you have the "perl" language installed, you may find this rename
    script by Larry Wall very useful.  It can be used to accomplish a
    wide variety of filename changes.

        # rename script examples from lwall:
        #       rename 's/\.orig$//' *.orig
        #       rename 'y/A-Z/a-z/ unless /^Make/' *
        #       rename '$_ .= ".bad"' *.f
        #       rename 'print "$_: "; s/foo/bar/ if <stdin> =~ /^y/i' *

        $op = shift;
        for (@ARGV) {
            $was = $_;
            eval $op;
            die $@ if $@;
            rename($was,$_) unless $was eq $_;

10) Why do I get [some strange error message] when I "rsh host command" ?

    (We're talking about the remote shell program "rsh" or sometimes "remsh";
     on some machines, there is a restricted shell called "rsh", which
     is a different thing.)

    If your remote account uses the C shell, the remote host will
    fire up a C shell to execute 'command' for you, and that shell
    will read your remote .cshrc file.  Perhaps your .cshrc contains
    a "stty", "biff" or some other command that isn't appropriate
    for a non-interactive shell.  The unexpected output or error
    message from these commands can screw up your rsh in odd ways.

    Fortunately, the fix is simple.  There are, quite possibly, a whole
    *bunch* of operations in your ".cshrc" (e.g., "set history=N") that are
    simply not worth doing except in interactive shells.  What you do is
    surround them in your ".cshrc" with:

            if ( $?prompt ) then

    and, since in a non-interactive shell "prompt" won't be set, the
    operations in question will only be done in interactive shells.

    You may also wish to move some commands to your .login file; if
    those commands only need to be done when a login session starts up
    (checking for new mail, unread news and so on) it's better
    to have them in the .login file.

11) How do I find out the creation time of a file?

    You can't - it isn't stored anywhere.  Files have a last-modified
    time (shown by "ls -l"), a last-accessed time (shown by "ls -lu")
    and an inode change time (shown by "ls -lc"). The latter is often
    referred to as the "creation time" - even in some man pages -  but
    that's wrong; it's also set by such operations as mv, ln,
    chmod, chown and chgrp.

    The man page for "stat(2)" discusses this.

12) How do I use "rsh" without having the rsh hang around until the
    remote command has completed?

    (See note in question 10 about what "rsh" we're talking about.)

    The obvious answers fail:
            rsh machine command &
    or      rsh machine 'command &'

    For instance, try doing   rsh machine 'sleep 60 &'
    and you'll see that the 'rsh' won't exit right away.
    It will wait 60 seconds until the remote 'sleep' command
    finishes, even though that command was started in the
    background on the remote machine.  So how do you get
    the 'rsh' to exit immediately after the 'sleep' is started?

    The solution - if you use csh on the remote machine:

            rsh machine -n 'command >&/dev/null </dev/null &'

    If you use sh on the remote machine:

            rsh machine -n 'command >/dev/null 2>&1 </dev/null &'

    Why?  "-n" attaches rsh's stdin to /dev/null so you could run the
    complete rsh command in the background on the LOCAL machine.
    Thus "-n" is equivalent to another specific "< /dev/null".
    Furthermore, the input/output redirections on the REMOTE machine
    (inside the single quotes) ensure that rsh thinks the session can
    be terminated (there's no data flow any more.)

    Note: The file that you redirect to/from on the remote machine
    doesn't have to be /dev/null; any ordinary file will do.

    In many cases, various parts of these complicated commands
    aren't necessary.

13) How do I truncate a file?

    The BSD function ftruncate() sets the length of a file.  Xenix -
    and therefore SysV r3.2 and later - has the chsize() system call.
    For other systems, the only kind of truncation you can do is
    truncation to length zero with creat() or open(..., O_TRUNC).

14) How do I {set an environment variable, change directory} inside a
      program or shell script and have that change affect my
      current shell?

    In general, you can't, at least not without making special
    arrangements.  When a child process is created, it inherits a copy
    of its parent's variables (and current directory).  The child can
    change these values all it wants but the changes won't affect the
    parent shell, since the child is changing a copy of the
    original data.

    Some special arrangements are possible.  Your child process could
    write out the changed variables, if the parent was prepared to read
    the output and interpret it as commands to set its own variables.

    Also, shells can arrange to run other shell scripts in the context
    of the current shell, rather than in a child process, so that
    changes will affect the original shell.

    For instance, if you have a C shell script named "myscript":

        cd /very/long/path
        setenv PATH /something:/something-else

    or the equivalent Bourne or Korn shell script

        cd /very/long/path
        PATH=/something:/something-else export PATH

    and try to run "myscript" from your shell, your shell will fork and run
    the shell script in a subprocess.  The subprocess is also
    running the shell; when it sees the "cd" command it changes
    *its* current directory, and when it sees the "setenv" command
    it changes *its* environment, but neither has any effect on the current
    directory of the shell at which you're typing (your login shell,
    let's say).

    In order to get your login shell to execute the script (without forking)
    you have to use the "." command (for the Bourne or Korn shells)
    or the "source" command (for the C shell).  I.e. you type

        . myscript

    to the Bourne or Korn shells, or

        source myscript

    to the C shell.

    If all you are trying to do is change directory or set an
    environment variable, it will probably be simpler to use a
    C shell alias or Bourne/Korn shell function.  See the "how do
    I get the current directory into my prompt" section
    of this article for some examples.

15) Why doesn't find's "{}" symbol do what I want?

    "find" has a -exec option that will execute a particular
    command on all the selected files. Find will replace any "{}"
    it sees with the name of the file currently under consideration.

    So, some day you might try to use "find" to run a command on every
    file, one directory at a time.  You might try this:

        find /path -type d -exec command {}/\* \;

    hoping that find will execute, in turn

        command directory1/*
        command directory2/*

    Unfortunately, find only expands the "{}" token when it appears
    by itself.  Find will leave anything else like "{}/*" alone, so
    instead of doing what you want, it will do

        command {}/*
        command {}/*

    once for each directory.  This might be a bug, it might be a feature,
    but we're stuck with the current behaviour.

    So how do you get around this?  One way would be to write a
    trivial little shell script, let's say "./doit", that
    consists of

        command "$1"/*

    You could then use

        find /path -type d -exec ./doit {} \;

    Or if you want to avoid the "./doit" shell script, you can use

        find /path -type d -exec sh -c 'command $0/*' {} \;

    (This works because within the 'command' of "sh -c 'command' A B C ...",
     $0 expands to A, $1 to B, and so on.)

    or you can use the construct-a-command-with-sed trick

        find /path -type d -print | sed 's:.*:command &/*:' | sh

    If all you're trying to do is cut down on the number of times
    that "command" is executed, you should see if your system
    has the "xargs" command.  Xargs reads arguments one line at a time
    from the standard input and assembles as many of them as will fit into
    one command line.  You could use

        find /path -print | xargs command

    which would result in one or more executions of

        command file1 file2 file3 file4 dir1/file1 dir1/file2

    Unfortunately this is not a perfectly robust or secure solution.
    Xargs expects its input lines to be terminated with newlines, so it
    will be confused by files with odd characters such as newlines
    in their names.

16) How do I redirect stdout and stderr separately in csh?

    In csh, you can redirect stdout with ">", or stdout and stderr
    together with ">&" but there is no direct way to redirect
    stderr only.  The best you can do is

        ( command >stdout_file ) >&stderr_file

    which runs "command" in a subshell;  stdout is redirected inside
    the subshell to stdout_file, and both stdout and stderr from the
    subshell are redirected to stderr_file, but by this point stdout
    has already been redirected so only stderr actually winds up in

    Sometimes it's easier to let sh do the work for you.

        sh -c 'command >stdout_file 2>stderr_file'

17) How do I set the permissions on a symbolic link?

    Permissions on a symbolic link don't really mean anything.  The
    only permissions that count are the permissions on the file that
    the link points to.

18) When someone refers to 'rn(1)' or 'ctime(3)', what does
    the number in parentheses mean?

    It looks like some sort of function call, but it isn't.
    These numbers refer to the section of the "Unix manual" where
    the appropriate documentation can be found.  You could type
    "man 3 ctime" to look up the manual page for "ctime" in section 3
    of the manual.

    The traditional manual sections are:

        1       User-level  commands
        2       System calls
        3       Library functions
        4       Devices and device drivers
        5       File formats
        6       Games
        7       Various miscellaneous stuff - macro packages etc.
        8       System maintenance and operation commands

    Some Unix versions use non-numeric section names.  For instance,
    Xenix uses "C" for commands and "S" for functions.

    Each section has an introduction, which you can read with "man # intro"
    where # is the section number.

    Sometimes the number is necessary to differentiate between a
    command and a library routine or system call of the same name.  For
    instance, your system may have "time(1)", a manual page about the
    'time' command for timing programs, and also "time(3)", a manual
    page about the 'time' subroutine for determining the current time.
    You can use "man 1 time" or "man 3 time" to specify which "time"
    man page you're interested in.

    You'll often find other sections for local programs or
    even subsections of the sections above - Ultrix has
    sections 3m, 3n, 3x and 3yp among others.

19) What does {awk,grep,fgrep,egrep,biff,cat,gecos,nroff,troff,tee,bss,rc}
    stand for?

    awk = "Aho Weinberger and Kernighan"

        This language was named by its authors, Al Aho, Peter Weinberger and
        Brian Kernighan.

    grep = "Global Regular Expression Print"

        grep comes from the ed command to print all lines matching a
        certain pattern


        where "re" is a "regular expression".

    fgrep = "Fixed GREP".

        fgrep searches for fixed strings only.  The "f" does not
        stand for "fast" - in fact, "fgrep foobar *.c" is usually slower
        than "egrep foobar *.c"  (Yes, this is kind of surprising. Try it.)

        Fgrep still has its uses though, and may be useful when searching
        a file for a larger number of strings than egrep can handle.

    egrep = "Extended GREP"

        egrep uses fancier regular expressions than grep.
        Many people use egrep all the time, since it has some more
        sophisticated internal algorithms than grep or fgrep,
        and is usually the fastest of the three programs.

    cat = "CATenate"

        catenate is an obscure word meaning "to connect in a series",
        which is what the "cat" command does to one or more files.
        Not to be confused with C/A/T, the Computer Aided Typesetter.

    gecos = "General Electric Comprehensive Operating System"

        When GE's large systems division was sold to Honeywell,
        Honeywell dropped the "E" from "GECOS".

        Unix's password file has a "pw_gecos" field.  The name is
        a real holdover from the early days.  Dennis Ritchie
        has reported:

            "Sometimes we sent printer output or batch jobs
             to the GCOS machine.  The gcos field in the
             password file was a place to stash the information
             for the $IDENT card.  Not elegant."

    nroff = "New ROFF"
    troff = "Typesetter new ROFF"

        These are descendants of "roff", which was a re-implementation
        of the Multics "runoff" program (a program that you'd use to
        "run off" a good copy of a document).

    tee = T

        From plumbing terminology for a T-shaped pipe splitter.

    bss = "Block Started by Symbol"

        Dennis Ritchie says:

            Actually the acronym (in the sense we took it up; it may
            have other credible etymologies) is "Block Started by Symbol."
            It was a pseudo-op in FAP (Fortran Assembly [-er?] Program), an
            assembler for the IBM 704-709-7090-7094 machines.  It defined
            its label and set aside space for a given number of words.
            There was another pseudo-op, BES, "Block Ended by Symbol"
            that did the same except that the label was defined by
            the last assigned word + 1.  (On these machines Fortran
            arrays were stored backwards in storage and were 1-origin.)

            The usage is reasonably appropriate, because just as with
            standard Unix loaders, the space assigned didn't have to
            be punched literally into the object deck but was represented
            by a count somewhere.

    biff = "BIFF"

        This command, which turns on asynchronous mail notification,
        was actually named after a dog at Berkeley.

            I can confirm the origin of biff, if you're interested.  Biff
            was Heidi Stettner's dog, back when Heidi (and I, and Bill Joy)
            were all grad students at U.C. Berkeley and the early versions
            of BSD were being developed.   Biff was popular among the
            residents of Evans Hall, and was known for barking at the
            mailman, hence the name of the command.

        Confirmation courtesy of Eric Cooper, Carnegie Mellon

    rc (as in ".cshrc" or "/etc/rc") = "RunCom"

        "rc" derives from "runcom", from the MIT CTSS system, ca. 1965.

            'There was a facility that would execute a bunch of commands
            stored in a file; it was called "runcom" for "run commands",
            and the file began to be called "a runcom."

            "rc" in Unix is a fossil from that usage.'

        Brian Kernighan & Dennis Ritchie, as told to Vicki Brown

        "rc" is also the name of the shell from the new Plan 9
        operating system.

    Don Libes' book "Life with Unix" contains lots more of these

20) How does the gateway between "comp.unix.questions" and the
    "info-unix" mailing list work?

    "Info-Unix" and "Unix-Wizards" are mailing list versions of
    comp.unix.questions and comp.unix.wizards respectively.
    There should be no difference in content between the
    mailing list and the newsgroup.  

        [Note: The newsgroup "comp.unix.wizards" was recently deleted,
        and even more recently resurrected; the "Unix-Wizards" mailing
        list still exists.  I'm not really sure how this is all going
        to sort itself out.]

    To get on or off either of these lists, send mail to or .
    Be sure to use the '-Request'.  Don't expect an immediate response.

    Here are the gory details, courtesy of the list's maintainer, Bob Reschly.

    ==== postings to info-UNIX and UNIX-wizards lists ====

       Anything submitted to the list is posted; I do not moderate incoming
    traffic -- BRL functions as a reflector.  Postings submitted by Internet
    subscribers should be addressed to the list address (info-UNIX or UNIX-
    wizards);  the '-request' addresses are for correspondence with the list
    maintainer [me].  Postings submitted by USENET readers should be
    addressed to the appropriate news group (comp.unix.questions or

       For Internet subscribers, received traffic will be of two types;
    individual messages, and digests.  Traffic which comes to BRL from the
    Internet and BITNET (via the BITNET-Internet gateway) is immediately
    resent to all addressees on the mailing list.  Traffic originating on
    USENET is gathered up into digests which are sent to all list members

       BITNET traffic is much like Internet traffic.  The main difference is
    that I maintain only one address for traffic destined to all BITNET
    subscribers. That address points to a list exploder which then sends
    copies to individual BITNET subscribers.  This way only one copy of a
    given message has to cross the BITNET-Internet gateway in either

       USENET subscribers see only individual messages.  All messages
    originating on the Internet side are forwarded to our USENET machine.
    They are then posted to the appropriate newsgroup.  Unfortunately,
    for gatewayed messages, the sender becomes "news@brl-adm".  This is
    currently an unavoidable side-effect of the software which performs the
    gateway function.

       As for readership, USENET has an extremely large readership - I would
    guess several thousand hosts and tens of thousands of readers.  The
    master list maintained here at BRL runs about two hundred fifty entries
    with roughly ten percent of those being local redistribution lists.
    I don't have a good feel for the size of the BITNET redistribution, but
    I would guess it is roughly the same size and composition as the master
    list.  Traffic runs 150K to 400K bytes per list per week on average.

21) How do I "undelete" a file?

    Someday, you are going to accidentally type something like "rm * .foo",
    and find you just deleted "*" instead of "*.foo".  Consider it a rite
    of passage.

    Of course, any decent systems administrator should be doing regular
    backups.  Check with your sysadmin to see if a recent backup copy
    of your file is available.  But if it isn't, read on.

    For all intents and purposes, when you delete a file with "rm" it is
    gone.  Once you "rm" a file, the system totally forgets which blocks
    scattered around the disk comprised your file.  Even worse, the blocks
    from the file you just deleted are going to be the first ones taken
    and scribbled upon when the system needs more disk space.  However,
    never say never.  It is theoretically possible *if* you shut down
    the system immediately after the "rm" to recover portions of the data.
    However, you had better have a very wizardly type person at hand with
    hours or days to spare to get it all back.

    Your first reaction when you "rm" a file by mistake is why not make
    a shell alias or procedure which changes "rm" to move files into a
    trash bin rather than delete them?  That way you can recover them if
    you make a mistake, and periodically clean out your trash bin.  Two
    points:  first, this is generally accepted as a *bad* idea.  You will
    become dependent upon this behaviour of "rm", and you will find
    yourself someday on a normal system where "rm" is really "rm", and
    you will get yourself in trouble.  Second, you will eventually find
    that the hassle of dealing with the disk space and time involved in
    maintaining the trash bin, it might be easier just to be a bit more
    careful with "rm".  For starters, you should look up the "-i" option
    to "rm" in your manual.

    If you are still undaunted, then here is a possible simple answer.  You
    can create yourself a "can" command which moves files into a
    trashcan directory. In csh(1) you can place the following commands
    in the ".login" file in your home directory:

        alias can       'mv \!* ~/.trashcan'       # junk file(s) to trashcan
        alias mtcan     'rm -f ~/.trashcan/*'      # irretrievably empty trash
        if ( ! -d ~/.trashcan ) mkdir ~/.trashcan  # ensure trashcan exists

    You might also want to put a:

        rm -f ~/.trashcan/*

    in the ".logout" file in your home directory to automatically empty
    the trash when you log out.  (sh and ksh versions are left as an
    exercise for the reader.)

    MIT's Project Athena has produced a comprehensive
    delete/undelete/expunge/purge package, which can serve as a
    complete replacement for rm which allows file recovery.  This
    package was posted to comp.sources.misc (volume 17, issue 023-026)

22) How can a process detect if it's running in the background?

    First of all: do you want to know if you're running in the background,
    or if you're running interactively? If you're deciding whether or
    not you should print prompts and the like, that's probably a better
    criterion. Check if standard input is a terminal:

            sh: if [ -t 0 ]; then ... fi
            C: if(isatty(0)) { ... }

    In general, you can't tell if you're running in the background.
    The fundamental problem is that different shells and different
    versions of UNIX have different notions of what "foreground" and
    "background" mean - and on the most common type of system with a
    better-defined notion of what they mean, programs can be moved
    arbitrarily between foreground and background!

    UNIX systems without job control typically put a process into the
    background by ignoring SIGINT and SIGQUIT and redirecting the standard
    input to "/dev/null"; this is done by the shell.

    Shells that support job control, on UNIX systems that support job
    control, put a process into the background by giving it a process group
    ID different from the process group to which the terminal belongs.  They
    move it back into the foreground by setting the terminal's process group
    ID to that of the process.  Shells that do *not* support job control, on
    UNIX systems that support job control, typically do what shells do on
    systems that don't support job control.

23) How can an executing program determine its own pathname?

    Your program can look at argv[0]; if it begins with a "/",
    it is probably the absolute pathname to your program, otherwise
    your program can look at every directory named in the environment
    variable PATH and try to find the first one that contains an
    executable file whose name matches your program's argv[0]
    (which by convention is the name of the file being executed).
    By concatenating that directory and the value of argv[0] you'd
    probably have the right name.

    You can't really be sure though, since it is quite legal for one
    program to exec() another with any value of argv[0] it desires.
    It is merely a convention that new programs are exec'd with the
    executable file name in argv[0].

    For instance, purely a hypothetical example:

        #include <stdio.h>
            execl("/usr/games/rogue", "vi Thesis", (char *)NULL);

    The executed program thinks its name (its argv[0] value) is
    "vi Thesis".   (Certain other programs might also think that
    the name of the program you're currently running is "vi Thesis",
    but of course this is just a hypothetical example, don't
    try it yourself :-)

24) How do I tell inside .cshrc if I'm a login shell?

    When people ask this, they usually mean either

        How can I tell if it's an interactive shell?
        How can I tell if it's a top-level shell?

    You could perhaps determine if your shell truly is a login shell
    (i.e. is going to source ".login" after it is done with ".cshrc")
    by fooling around with "ps" and "$$"; if you're really interested
    in the other two questions, here's one way you can organize
    your .cshrc to find out.

        if (! $?CSHLEVEL) then
                # This is a "top-level" shell,
                # perhaps a login shell, perhaps a shell started up by
                # 'rsh machine some-command'
                # This is where we should set PATH and anything else we
                # want to apply to every one of our shells.
                setenv      CSHLEVEL        0
                set home = ~username        # just to be sure
                source ~/.env               # environment stuff we always want
                # This shell is a child of one of our other shells so
                # we don't need to set all the environment variables again.
                set tmp = $CSHLEVEL
                @ tmp++
                setenv      CSHLEVEL        $tmp

        # Exit from .cshrc if not interactive, e.g. under rsh
        if (! $?prompt) exit

        # Here we could set the prompt or aliases that would be useful
        # for interactive shells only.

        source ~/.aliases

25) Why doesn't redirecting a loop work as intended?  (Bourne shell)

    Take the following example:


        while read line
                # do something with $line
        done < /etc/passwd

        echo "foo is now: $foo"

    Despite the assignment ``foo=bletch'' this will print ``foo is now: bar''
    in many implementations of the Bourne shell.  Why?
    Because of the following, often undocumented, feature of historic
    Bourne shells: redirecting a control structure (such as a loop, or an
    ``if'' statement) causes a subshell to be created, in which the structure
    is executed; variables set in that subshell (like the ``foo=bletch''
    assignment) don't affect the current shell, of course.

    The POSIX 1003.2 Shell and Tools Interface standardization committee
    forbids the behaviour described above, i.e. in P1003.2 conformant
    Bourne shells the example will print ``foo is now: bletch''.

    In historic (and P1003.2 conformant) implementations you can use the
    following `trick' to get around the redirection problem:


        # make file descriptor 9 a duplicate of file descriptor 0 (stdin);
        # then connect stdin to /etc/passwd; the original stdin is now
        # `remembered' in file descriptor 9; see dup(2) and sh(1)
        exec 9<&0 < /etc/passwd

        while read line
                # do something with $line

        # make stdin a duplicate of file descriptor 9, i.e. reconnect it to
        # the original stdin; then close file descriptor 9
        exec 0<&9 9<&-

        echo "foo is now: $foo"

    This should always print ``foo is now: bletch''.
    Right, take the next example:


        echo bletch | read foo

        echo "foo is now: $foo"

    This will print ``foo is now: bar'' in many implementations,
    ``foo is now: bletch'' in some others.  Why?
    Generally each part of a pipeline is run in a different subshell;
    in some implementations though, the last command in the pipeline is
    made an exception: if it is a builtin command like ``read'', the current
    shell will execute it, else another subshell is created.

    POSIX 1003.2 allows both behaviours so portable scripts cannot depend
    on any of them.

26) How do I use popen() to open a process for reading AND writing?

    The problem with trying to pipe both input and output to an arbitrary
    slave process is that deadlock can occur, if both processes are waiting
    for not-yet-generated input at the same time.  Deadlock can be avoided
    only by having BOTH sides follow a strict deadlock-free protocol, but
    since that requires cooperation from the processes it is inappropriate
    for a popen()-like library function.

    The 'expect' distribution includes a library of functions that a C
    programmer can call directly.  One of the functions does the
    equivalent of a popen for both reading and writing.  It uses ptys
    rather than pipes, and has no deadlock problem.  It's portable to
    both BSD and SV.  See the next answer for more about 'expect'.

27) How do I run 'passwd', 'ftp', 'telnet', 'tip' and other interactive
    programs from a shell script or in the background?

    The shell itself cannot interact with interactive tty-based programs
    like these. Fortunately some programs have been written to manage
    the connection to a pseudo-tty so that you can run these sorts
    of programs in a script.

    'expect' is a one such program, which you can ftp pub/expect.shar.Z

    The following expect script is an example of a non-interactive
    version of passwd(1).

        # username is passed as 1st arg, password as 2nd
        set password [index $argv 2]
        spawn passwd [index $argv 1]
        expect "*password:"
        send "$password\r"
        expect "*password:"
        send "$password\r"
        expect eof

    Another solution is provided by the 'pty' program, which runs a
    program under a pty session and was posted to comp.sources.unix,
    volume 23, issue 31.  You can also ftp pub/flat/pty-* from .  A pty-based solution using named pipes
    to do the same as the above might look like this:

        /etc/mknod out.$$ p; exec 2>&1
        ( exec 4<out.$$; rm -f out.$$
        <&4 waitfor 'password:'
            echo "$2"
        <&4 waitfor 'password:'
            echo "$2"
        <&4 cat >/dev/null
        ) | ( pty passwd "$1" >out.$$ )

    Here, 'waitfor' is a simple C program that searches for
    its argument in the input, character by character.  You can
    ftp pub/flat/misc-waitfor.c from .

    A simpler pty solution (which has the drawback of not
    synchronizing properly with the passwd program) is

        ( sleep 5; echo "$2"; sleep 5; echo "$2") | pty passwd "$1"

28) How do I sleep() in a C program for less than one second?

    The first thing you need to be aware of is that all you can specify is a
    MINIMUM amount of delay; the actual delay will depend on scheduling
    issues such as system load, and could be arbitrarily large if you're

    There is no standard library function that you can count on in all
    environments for "napping" (the usual name for short sleeps).
    Some environments supply a "usleep(n)" function which suspends
    execution for n microseconds.  If your environment doesn't support
    usleep(), here are a couple of implementations for BSD and
    System V environments.

    The following code is adapted from Doug Gwyn's System V emulation
    support for 4BSD and exploits the 4BSD select() system call.  
    Doug originally called it 'nap()'; you probably want to call it

            usleep -- support routine for 4.2BSD system call emulations

            last edit:  29-Oct-1984     D A Gwyn

    extern int  select();

    usleep( usec )                              /* returns 0 if ok, else -1 */
            long                usec;           /* delay in microseconds */
            static struct                       /* `timeval' */
                    long        tv_sec;         /* seconds */
                    long        tv_usec;        /* microsecs */
                    }   delay;          /* _select() timeout */

            delay.tv_sec = usec / 1000000L;
            delay.tv_usec = usec % 1000000L;

            return select( 0, (long *)0, (long *)0, (long *)0, &delay );

    On System V you might do it this way:


    subseconds sleeps for System V - or anything that has poll()
    Don Libes, 4/1/1991

    The BSD analog to this function is defined in terms of microseconds
    while poll() is defined in terms of milliseconds.  For compatibility,
    this function provides accuracy "over the long run" by truncating
    actual requests to milliseconds and accumulating microseconds across
    calls with the idea that you are probably calling it in a tight loop,
    and that over the long run, the error will even out.

    If you aren't calling it in a tight loop, then you almost certainly
    aren't making microsecond-resolution requests anyway, in which case
    you don't care about microseconds.  And if you did, you wouldn't be
    using UNIX anyway because random system indigestion (i.e., scheduling)
    can make mincemeat out of any timing code.

    Returns 0 if successful timeout, -1 if unsuccessful.


    #include <poll.h>

    unsigned int usec;          /* microseconds */
            static subtotal = 0;        /* microseconds */
            int msec;                   /* milliseconds */

            /* 'foo' is only here because some versions of 5.3 have
             * a bug where the first argument to poll() is checked
             * for a valid memory address even if the second argument is 0.
            struct pollfd foo;

            subtotal += usec;
            /* if less then 1 msec request, do nothing but remember it */
            if (subtotal < 1000) return(0);
            msec = subtotal/1000;
            subtotal = subtotal%1000;
            return poll(&foo,(unsigned long)0,msec);

    Another possibility for nap()ing on System V, and probably other
    non-BSD Unices is Jon Zeeff's s5nap package, posted to
    comp.sources.misc, volume 4.  It does require a installing
    a device driver, but works flawlessly once installed.
    (Its resolution is limited to the kernel HZ value, since it
    uses the kernel delay() routine.)

29) How can I get setuid shell scripts to work?

    [ This is a long answer, but it's a complicated and frequently-asked
      question.  Thanks to Maarten Litmaath for this answer, and
      for the "indir" program mentioned below. ]

    Let us first assume you are on a UNIX variant (e.g. 4.3BSD or SunOS)
    that knows about so-called `executable shell scripts'.  Such a script
    must start with a line like:


    The script is called `executable' because just like a real (binary)
    executable it starts with a so-called `magic number' indicating the
    type of the executable.  In our case this number is `#!' and the OS
    takes the rest of the first line as the interpreter for the script,
    possibly followed by 1 initial option like:

        #!/bin/sed -f

    Suppose this script is called `foo' and is found in /bin,
    then if you type:

        foo arg1 arg2 arg3

    the OS will rearrange things as though you had typed:

        /bin/sed -f /bin/foo arg1 arg2 arg3

    There is one difference though: if the setuid permission bit for
    `foo' is set, it will be honored in the first form of the command;
    if you really type the second form, the OS will honor the permission
    bits of /bin/sed, which is not setuid, of course.


    OK, but what if my shell script does NOT start with such a `#!' line
    or my OS does not know about it?

    Well, if the shell (or anybody else) tries to execute it, the OS will
    return an error indication, as the file does not start with a valid
    magic number.  Upon receiving this indication the shell ASSUMES the
    file to be a shell script and gives it another try:

        /bin/sh shell_script arguments

    But we have already seen that a setuid bit on `shell_script' will NOT
    be honored in this case!


    Right, but what about the security risks of setuid shell scripts?

    Well, suppose the script is called `/etc/setuid_script', starting


    Now let us see what happens if we issue the following commands:

        $ cd /tmp
        $ ln /etc/setuid_script -i
        $ PATH=.
        $ -i

    We know the last command will be rearranged to:

        /bin/sh -i

    But this command will give us an interactive shell, setuid to the
    owner of the script!
    Fortunately this security hole can easily be closed by making the
    first line:

        #!/bin/sh -

    The `-' signals the end of the option list: the next argument `-i'
    will be taken as the name of the file to read commands from, just
    like it should!


    There are more serious problems though:

        $ cd /tmp
        $ ln /etc/setuid_script temp
        $ nice -20 temp &
        $ mv my_script temp

    The third command will be rearranged to:

        nice -20 /bin/sh - temp

    As this command runs so slowly, the fourth command might be able to
    replace the original `temp' with `my_script' BEFORE `temp' is opened
    by the shell!
    There are 4 ways to fix this security hole:

        1)  let the OS start setuid scripts in a different, secure way
            - System V R4 and 4.4BSD use the /dev/fd driver to pass the
            interpreter a file descriptor for the script

        2)  let the script be interpreted indirectly, through a frontend
            that makes sure everything is all right before starting the
            real interpreter - if you use the `indir' program from
            comp.sources.unix the setuid script will look like this:

                #!/bin/indir -u
                #?/bin/sh /etc/setuid_script

        3)  make a `binary wrapper': a real executable that is setuid and
            whose only task is to execute the interpreter with the name of
            the script as an argument

        4)  make a general `setuid script server' that tries to locate the
            requested `service' in a database of valid scripts and upon
            success will start the right interpreter with the right


    Now that we have made sure the right file gets interpreted, are there
    any risks left?

    Certainly!  For shell scripts you must not forget to set the PATH
    variable to a safe path explicitly.  Can you figure out why?
    Also there is the IFS variable that might cause trouble if not set
    properly.  Other environment variables might turn out to compromise
    security as well, e.g. SHELL...
    Furthermore you must make sure the commands in the script do not
    allow interactive shell escapes!
    Then there is the umask which may have been set to something

    Etcetera.  You should realise that a setuid script `inherits' all the
    bugs and security risks of the commands that it calls!

    All in all we get the impression setuid shell scripts are quite a
    risky business!  You may be better off writing a C program instead!

30) What are some useful Unix or C books?

    Mitch Wright ( maintains a useful list of Unix and
    C books, with descriptions and some mini-reviews.  There are currently
    77 titles on his list.

    You can obtain a copy of this list by anonymous ftp from (, where it's
    "pub/Unix-C-Booklist".  If you can't use anonymous ftp, email the
    line "help" to "" for instructions on
    retrieving things via email.

    Send additions or suggestions to .

31) How do I construct a shell glob-pattern that matches all files
    except "." and ".." ?

    You'd think this would be easy.

    *        Matches all files that don't begin with a ".";

    .*       Matches all files that do begin with a ".", but
             this includes the special entries "." and "..",
             which often you don't want;

    .[!.]*   (Newer shells only; some shells use a "^" instead of
             the "!"; POSIX shells must accept the "!", but may
             accept a "^" as well; all portable applications shall
             not use an unquoted "^" immediately following the "[")

             Matches all files that begin with a "." and are
             followed by a non-"."; unfortunately this will miss

    .??*     Matches files that begin with a "." and which are
             at least 3 characters long.  This neatly avoids
             "." and "..", but also misses ".a" .

    So to match all files except "." and ".." safely you have to use
    3 patterns (if you don't have filenames like ".a" you can leave out
    the first):

        .[!.] .??* *

    Alternatively you could employ an external program or two and use
    backquote substitution.  This is pretty good:

    `ls -a | sed -e '/^\.$/d' -e '/^\.\.$/d'`    

        (or `ls -A` in some Unix versions)

    but even it will mess up on files with newlines, IFS characters
    or wildcards in their names.

32) How do I find the last argument in a Bourne shell script?

    Answer by:
        Martin Weitzel <>
        Maarten Litmaath <>

    If you are sure the number of arguments is at most 9, you can use:

        eval last=\${$#}

    In POSIX-compatible shells it works for ANY number of arguments.
    The following works always too:

        for last

    This can be generalized as follows:

        for i

    Now suppose you want to REMOVE the last argument from the list,
    or REVERSE the argument list, or ACCESS the N-th argument directly,
    whatever N may be.  Here is a basis of how to do it, using only
    built-in shell constructs, without creating subprocesses:

        t0= u0= rest='1 2 3 4 5 6 7 8 9' argv=

        for h in '' $rest
                for t in "$t0" $rest
                        for u in $u0 $rest
                                case $# in
                                        break 3
                                eval argv$h$t$u=\$1
                                argv="$argv \"\$argv$h$t$u\""       # (1)

        # now restore the arguments
        eval set x "$argv"                                    # (2)

    This example works for the first 999 arguments.  Enough?
    Take a good look at the lines marked (1) and (2) and convince yourself
    that the original arguments are restored indeed, no matter what funny
    characters they contain!

    To find the N-th argument now you can use this:

        eval argN=\$argv$N

    To reverse the arguments the line marked (1) must be changed to:

        argv="\"\$argv$h$t$u\" $argv"

    How to remove the last argument is left as an exercise.

    If you allow subprocesses as well, possibly executing nonbuilt-in
    commands, the `argvN' variables can be set up more easily:


        for i
                eval argv$N=\$i
                N=`expr $N + 1`

    To reverse the arguments there is still a simpler method, that even does
    not create subprocesses.  This approach can also be taken if you want
    to delete e.g. the last argument, but in that case you cannot refer
    directly to the N-th argument any more, because the `argvN' variables are
    set up in reverse order:


        for i
                eval argv$#=\$i
                argv="\"\$argv$#\" $argv"

        eval set x "$argv"

33) How can I find out which user or process has a file open or is using
    a particular file system (so that I can unmount it?)

    Use fuser (system V), ofiles (public domain) or fstat (BSD).
    These programs will tell you various things about processes
    using particular files.

    A port of the 4.3 BSD fstat to Dynix, SunOS and Ultrix
    can be found in archives of comp.sources.unix, volume 18.

34) How do I keep track of people who are fingering me?

    Generally, you can't find out the userid of someone who is
    fingering you from a remote machine.  You may be able to
    find out which machine the remote request is coming from.
    One possibility, if your system supports it and assuming
    the finger daemon doesn't object, is to make your .plan file a
    "named pipe" instead of a plain file.  (Use 'mknod' to do this.)

    You can then start up a program that will open your .plan file
    for writing; the open will block until some other process
    (namely fingerd) opens the .plan for reading.  Now, not only
    can you write whatever you want through this pipe (which lets
    you show different .plan information every time someone
    fingers you), you can use getpeername() to find out the name of the
    peer connected to this socket, which will let you find out from
    which remote machine the finger request originates.

    Of course, this may not work at all if your system doesn't
    support named pipes or if your local fingerd insists
    on having plain .plan files.

    Getting the remote userid would require that the remote site be
    running some sort of RFC931-style authorization daemon, which
    relatively few sites currently run.  (A public domain RFC931
    server written by Dan Bernstein for newer BSD-style machines
    is available for anonymous ftp from, in
    pub/hier/inet/rfc931/authd.3.01 .)

35) How do I find out the process ID of a program with a particular
    name from inside a shell script or C program?

    In a shell script:

    There is no utility specifically designed to map between program names
    and process IDs.  Furthermore, such mappings are often unreliable,
    since it's possible for more than one process to have the same name,
    and since it's possible for a process to change its name once it
    starts running.  However, a pipeline like this can often be used to
    get a list of processes (owned by you) with a particular name:

            ps ux | awk '/name/ && !/awk/ {print $2}'

    You replace "name" with the name of the process for which you are

    The general idea is to parse the output of ps, using awk or grep or
    other utilities, to search for the lines with the specified name on
    them, and print the PID's for those lines.  Note that the "!/awk/"
    above prevents the awk process for being listed.

    You may have to change the arguments to ps, depending on what kind of
    Unix you are using.

    In a C program:

    Just as there is no utility specifically designed to map between
    program names and process IDs, there are no (portable) C library
    functions to do it either.

    However, some vendors provide functions for reading Kernel memory; for
    example, Sun provides the "kvm_" functions, and Data General provides
    the "dg_" functions.  It may be possible for any user to use these, or
    they may only be useable by the super-user (or a user in group "kmem")
    if read-access to kernel memory on your system is restricted.
    Furthermore, these functions are often not documented or documented
    badly, and might change from release to release.

    Some vendors provide a "/proc" filesystem, which appears as a
    directory with a bunch of filenames in it.  Each filename is a number,
    corresponding to a process ID, and you can open the file and read it
    to get information about the process.  Once again, access to this may
    be restricted, and the interface to it may change from system to

    If you can't use vendor-specific library functions, and you don't have
    /proc, and you still want to do this completely in C, you are going to
    have to do the grovelling through kernel memory yourself.  For a good
    example of how to do this on many systems, see the sources to
    "ofiles", available in the comp.sources.unix archives.
    (A package named "kstuff" to help with kernel grovelling was posted
    to alt.sources in May 1991.)

    If all else fails, you can call popen() on "ps" and parse its output.

36) What's wrong with having '.' in your $PATH ?

    A bit of background: the PATH environment variable is a list of
    directories separated by colons.  When you type a command name
    without giving an explicit path (e.g. you type "ls", rather than
    "/bin/ls") your shell searches each directory in the PATH list in
    order, looking for an executable file by that name, and the
    shell will run the first matching program it finds.

    One of the directories in the PATH list can be the
    current directory "." .  It is also permissible to use
    an empty directory name in the PATH list to indicate
    the current directory.  Both of these are equivalent

    for csh users:

        setenv PATH :/usr/ucb:/bin:/usr/bin
        setenv PATH .:/usr/ucb:/bin:/usr/bin

    for sh or ksh users

        PATH=:/usr/ucb:/bin:/usr/bin export PATH
        PATH=.:/usr/ucb:/bin:/usr/bin export PATH

    Having "." somewhere in the PATH is convenient - you can type
    "a.out" instead of "./a.out" to run programs in the current
    directory.  But there's a catch.

    Consider what happens in the case  where "." is the
    first entry in the PATH.  Suppose your current directory is a
    publically-writable one, such as "/tmp".  If there just happens to
    be a program named "/tmp/ls" left there by some other user, and you
    type "ls" (intending, of course, to run the normal "/bin/ls"
    program), your shell will instead run "./ls", the other
    user's program.  Needless to say, the results of running
    an unknown program like this might surprise you.

    It's slightly better to have "." at the end of the PATH:

        setenv PATH /usr/ucb:/bin:/usr/bin:.

    Now if you're in /tmp and you type "ls", the shell will
    search /usr/ucb, /bin and /usr/bin for a program named
    "ls" before it gets around to looking in ".", and there
    is less risk of inadvertently running some other user's
    "ls" program.  This isn't 100% secure though - if you're
    a clumsy typist and some day type "sl -l" instead of "ls -l",
    you run the risk of running "./sl", if there is one.
    Some "clever" programmer could anticipate common typing
    mistakes and leave programs by those names scattered
    throughout public directories.  Beware.

    Many seasoned Unix users get by just fine without having
    "." in the PATH at all:

        setenv PATH /usr/ucb:/bin:/usr/bin

    If you do this, you'll need to type "./program" instead
    of "program" to run programs in the current directory, but
    the increase in security is probably worth it.

37) What happened to the pronunciation list that used to be
    part of this document?

    Since its inception in 1989, this FAQ document included a comprehensive
    pronunciation list maintained by Maarten Litmaath (thanks, Maarten!).
    (Does anyone know who *created* it?)

    I've retired it, since it is not really relevant to the topic of
    "Unix questions".  You can still find it as part of the
    widely-distributed "Jargon" file (maintained by Eric S. Raymond, which seems like a much more appropriate
    forum for the topic of "How do you pronounce  /* ?"

    If you'd like a copy, you can ftp one from,
    (, it's "pub/Pronunciation-Guide".

Steve Hayman    Workstation Manager    Computer Science Department   Indiana U.                                    (812) 855-6984
NeXT Mail: