About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Learning Curve » CLIX False Beginners

CLIX False Beginners (3)

Unix shells, commands for system maintenance routines.

Get It

Try It

There's a subtle difference between accessing the Unix command line with Terminal.app and accessing it through CLIX: the command line with Terminal.app can be used interactively; through CLIX it cannot.

Interactivity plays a big role with some commands such as the DTrace (or Apple's version of it). The DTrace commands assume the presence of an interactive 'terminal' - they accumulate information until they get an interrupt, then branch on the interrupt to serve up all the information they've accumulated before a graceful exit. Using Unix shells involves interactivity as well.

Unix shells are the Unix command interpreters - they're the interface between user and OS kernel. They access the same APIs as application software but they give the user the opportunity to get right at the APIs without going through other application software.

OS X 10.6 Snow Leopard comes with a half dozen Unix shells.

  1. /bin/bash. The 'Bourne again shell'. Superseded tcsh as the default Unix shell in OS X 10.3 Panther. bash is very popular in the world of Linux.
  2. /bin/csh. The 'C shell'. This was developed at UC Berkeley after Ken Thompson's visit. It added a 'history' function amongst other things.
  3. /bin/ksh. The 'Korn shell'. Developed by David Korn of Bell Labs in the 1980s. It incorporates the 'history' of csh and is backward compatible with sh. Certain versions are even capable of floating point computations.
  4. /bin/sh. The first, classic shell written by Steve Bourne of Bell Labs. Called the 'Bourne shell'. This is the original. It's also the shell used internally (when needed) by Unix APIs.
  5. /bin/tcsh. The 'T shell'. Written by Ken Greer who worked on the TENEX operating system at CMU in the late 1970s. tcsh was the default shell of Mac OS X until version 10.3 Panther in October 2003.
  6. /bin/zsh. The 'Z shell'. Originally written by Paul Falstad at Princeton in 1990. Incorporates features of bash, ksh, and tcsh.


  • Construct a CLIX command that lists the Unix shells and only the Unix shells.
  • Study the command output from above to determine if any of the files are multi-linked.
  • Use the command cmp to compare any possibly multi-linked files. Conclusions?

Onion Layers

Unix shells can be invoked at any time - even from within other shells. Start Terminal.app and try the following command.

$ echo $SHELL

Having your shell 'echo' a 'shell variable' (using the command /bin/echo) shows you the actual value of a variable.

Your shell (the 'Bourne again shell' /bin/bash in this case) runs with quite a few more configuration variables. Now try the following command ('set') to see exactly what you're running with bash. (Yep it's a long list.)

$ set
BASH_VERSINFO=([0]="3" [1]="2" [2]="48" [3]="1" [4]="release" [5]="x86_64-apple-darwin10.0")
IFS=$' \t\n'
PS1='\h:\W \u\$ '
PS2='> '
PS4='+ '

Don't exit Terminal.app quite yet. Now type in the following.

$ sh

You got a new prompt! Instead of the simple dollar sign you now have a version number. Notice as well that your 'red button' at the left in your title bar is 'dirty'.

Type in the following and watch the dirty button clear. The command exit exits your current shell. (There's a bug in Snow Leopard's Terminal.app so the button doesn't always clear as it's supposed to. Reliable sources report the crack Terminal team at Apple in Cupertino are working on the matter.)

sh-3.2$ exit


  1. Fire up Terminal.app and Activity Monitor. Set the latter to show all processes and sort by 'process name'.
  2. Run the following commands in succession: csh, ksh, sh, tcsh, zsh, zsh, zsh. Note the prompts you get for each.
  3. Can you locate all the processes you've created in Activity Monitor? Can you count the number of zsh processes?
  4. Now sort Activity Monitor by 'all processes hierarchically'. Can you find your shells in the new listing?
  5. Find the Terminal process in Activity Monitor and find the first process the Terminal process spawns. Is it bash?
  6. Keep an eye on your Terminal window. 'Force quit' the csh process in Activity Monitor. What happened in Terminal?
  7. Repeat step #2.
  8. Type in exit until you're back where you started. Keep an eye on Activity Monitor as you do this. Did your 'red button' clear or did you encounter the 10.6 bug?
  9. Type in exit one more time. What happens now?

CLIX runs all commands with the Bourne shell. CLIX also sets the $PATH variable according to a read-only kernel value so commands can't be hijacked as can happen when using Apple's Terminal.app.

CLIX can of course run external shell scripts, in which case the so-called shebang determines what shell is used.

#! /bin/bash

The shebang is put at the very beginning of the script, followed normally by a blank line for clarity's sake.

But you put the Unix shell command in the CLIX command sheet in most cases.


It's time to get practical. Up to now everything's been theoretical. Perhaps interesting but of little tangible value.


'cat' stands for 'catenate' - it's the command used to read text files. Unix (Mac OS X) has a lot of configuration files in text format that can be interesting to review.

/etc/authorization (/private/etc/authorization) is a file with parameters for privilege escalation. It's in XML format and can be read by XML editors such as PlistEdit but it's inaccessible by the defaults command. But cat will do the job.

/etc/authorization is a difficult file to read but it can help you understand what's going on in your system. Be careful when you give your admin password to new software: installers and other routines can modify this file and add their own entries.

/etc/sudoers is another file of crucial importance. It contains the configuration for running sudo, the command used to temporarily escalate privileges.

/etc/sudoers is owned by root:wheel. root is the highest user account, wheel the highest group account. Both have ID 0.

$ ls -@aeilnOT /etc/sudoers
135681 -r--r-----  1 0  0  - 1189 Mar 20 23:34:39 2010 /etc/sudoers
$ ls -@aeilOT /etc/sudoers
135681 -r--r-----  1 root  wheel  - 1189 Mar 20 23:34:39 2010 /etc/sudoers

Only root and wheel can read it; neither can modify it. But of course the file owner (root) can modify the permissions if that's needed. sudoers is otherwise modified with the program visudo which requires authentication to run.

Merely reading sudoers requires only a temporary privilege escalation.

What's so important in this file? Scroll down a bit.

Note the last two lines.

Defaults tty_tickets
Defaults:ALL timestamp_timeout=0

Those lines are not there by default. But they're very important to have. And there are instructions on how to add them here and here. The first line says that a privilege escalation that applies to one Terminal tab or window doesn't apply to any other tabs, windows, or other types of shell sessions - this to stop trojans from riding 'piggyback' on your privilege authentications.

The second line limits (eliminates) the timestamp timeout associated with sudo. sudo will only prompt you again for your admin password when the timeout expires. By default this is five minutes so as to not annoy you too much. But that's not very safe. And the safest way is of course to have no 'grace period' at all. A rogue process could otherwise lurk on your system and repeatedly poll for privilege escalation. Once at root, it could overtake your machine.

But sudo gives you the privilege escalation you need to be able to read the above file (and to edit it with visudo). sudo is an offshoot of the older Unix command su ('substitute user') which lets users (with proper authentication) substitute the privileges of other users. sudo ('substitute user and do') was initially part of the hyper-secure OpenBSD project.

You can switch to any user with su and sudo, even though root is the most common (and the default). So all that remains is to figure out how to do it with CLIX.

You use the Edit menu. Select 'Sudo', enter your admin password, click 'OK'.

CLIX hangs onto your password until your computer goes to sleep. The password is never stored anywhere. Your password is automatically submitted to the system when requested but by restoring a default, CLIX will tell you each time your password is being requested.

CLIX does even more to protect you - it prefixes all commands with an operation to destroy any preexisting grace periods and then after your command completes, runs an asynchronous operation to destroy them again.

Running any shell script or CLIX command with escalated privileges is always risky - how well is the script file/command file protected? So it's important to see what you're asking sudo to run for you.

sudo on Mac OS X 10.6 (version 1.7.0) requires a -S switch when the access point isn't a 'terminal', so the switch is added to all CLIX commands for Snow Leopard.

You can run the 'sudoers' command once you've submitted your password to CLIX.

[Note that you can do almost anything to your computer with root privileges - you can totally hose it if you want. So be careful.]


hexdump is useful for reading files that aren't text and are therefore 'readable' only with a bit of effort. hexdump is actually a second link to the original file /usr/bin/od ('octal dump'). The programs have each their own command syntax despite being run by the same physical file.

Two of hexdump's most useful switches are '-C' for the 'canonical' offset/hex/text display and '-v' to force hexdump to show all data even when successive rows are identical.

One might (in theory at least) want to dump one's own virtual memory. (Use the 'stop' button to stop the nonsense when you've had enough.)


strings can be used to look in Cocoa binaries for targets for the defaults command. Using the '-' switch (dash all on its own) forces strings to look in all sections of a binary. (The minimum string length (default 4) can also be set.)


defaults is one of the more powerful commands in the Mac OS X arsenal. This command does not come from Unix but from NeXT. Short version? defaults is brilliant. Get to know it and get to learn how to use it.

defaults can be used to read (or write to) any preference file.

defaults can be used to read (or write to) any key in a preference file.

Use defaults to change Safari's default fixed pitch font:

[There's no output from this command if run successfully - as with vanilla Unix, 'no news is good news'.]


find is one of the most useful Unix commands - it finds things. And when they're found, you're able to act on the results. The simplest form is as follows.

$ find ~

Note that find is always recursive. You start at a specific point in your file system hierarchy and then let find drill down.

$ find /Applications -name "*.app"
/Applications/Address Book.app
/Applications/Automator.app/Contents/Resources/Application Stub.app
/Applications/DVD Player.app
/Applications/Font Book.app
/Applications/Front Row.app
/Applications/Image Capture.app
/Applications/Photo Booth.app
/Applications/QuickTime Player.app
/Applications/System Preferences.app
/Applications/Time Machine.app
/Applications/Utilities/Activity Monitor.app
/Applications/Utilities/AirPort Utility.app
/Applications/Utilities/AppleScript Editor.app
/Applications/Utilities/Audio MIDI Setup.app
/Applications/Utilities/Bluetooth File Exchange.app
/Applications/Utilities/Boot Camp Assistant.app
/Applications/Utilities/ColorSync Utility.app
/Applications/Utilities/DigitalColor Meter.app
/Applications/Utilities/Disk Utility.app
/Applications/Utilities/Java Preferences.app
/Applications/Utilities/Keychain Access.app
/Applications/Utilities/Migration Assistant.app
/Applications/Utilities/Network Utility.app
/Applications/Utilities/Podcast Capture.app
/Applications/Utilities/RAID Utility.app
/Applications/Utilities/Remote Install Mac OS X.app
/Applications/Utilities/System Profiler.app
/Applications/Utilities/VoiceOver Utility.app

find can do things to what it's found. To remove install build copies you left behind:

$ find /tmp -name "*.dst" -exec rm -fr {} \;

The rm ('remove') command removes things - study its manual page.

System Maintenance

It's eminently straightforward to create system maintenance scripts with defaults, find, and rm.

It's not really difficult to create customised system maintenance scripts that do a lot better job than the utilities you can download. With CLIX, you have immediate access to your commands and you can make them do whatever you want.

Browse the forums for Unix shell scripts; people are always typing them in each time they need them, or even worse: making abominable AppleScript wrappers (which usually are within Cocoa wrappers) to run a simple 50-character command line which you already have on your CLIX command sheet.

See Also
Learning Curve: CLIX False Beginners (1)
Learning Curve: CLIX False Beginners (2)
Learning Curve: CLIX False Beginners (3)

CLIX: Learn how to fish
Rixstep FTP: Download CLIX

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.