Request to code review Suggestions Plz

Shell Programming and Scripting
1

Hello All,

I have 2 questions,

1) I am on Unix Sun Solaris korn shell, in my shell scripts i am using

#!/bin/sh

Instead of

#!/bin/ksh

, though it is still working is this correct way of doing and also I am saving the shell script file as abc.sh instead of abc.ksh, please let me know the best practice does it really matters are there any issues involved if i specify different shell.

2) Do you have any suggestions or best practice syntax for below shell script, in this script i have some commands which would invoke other stuff for that i need to supply the login credentials in that syntax, is there any way i can hide the password in shell script so that it is not readable to others though it should execute fine at run time,

Appreciate your help, Thank you!!


#!/bin/sh

logfile="/tmp/ITSLT_Ibot.log"
cat /dev/null > $logfile

cd $HOME
echo "Date Executed: "`date`>> $logfile
echo "Current Directory: "`pwd` >> $logfile

. /u03/app/OracleBI/setup/sa-init.sh
if [ $? -eq 0 ] ; then
echo "Successfully Invoked OBIEE Initialization Shell Script" >> $logfile
else
echo "Error in Invoking OBIEE Intialization Shell Script" >> $logfile
fi

/u03/app/oraclebi/server/Bin/nqcmd -d AnalyticsWeb -u Administrator -p PASSWORD -s /u03/app/dac/DAC/purgecache.nqcmd
if [ $? -eq 0 ] ; then
echo "Successfully Cleared The Analytics Cache" >> $logfile
else
echo "Error In Clearing the Analytics Cache " >> $logfile
fi
COMMENT

Regards,
Ariean.

2

On a different platform, /bin/sh may be a Bourne-derived shell or even an old-fashioned plain Bourne shell. Linux systems in particular tend to be based around BASH, an extended Bourne shell, and may not have ksh at all.

It's only coincidentally the same thing as ksh under Solaris. If your scripts demand ksh features, use #!/bin/ksh. I had to break myself of the habit too, when I tried moving some of my scripts over to an embedded environment that had a plain sh but not a bash...

As for preventing others from reading the password, don't give anyone read-permissions to the script. You could also include an encrypted form of the password in the script that's decrypted with another password I suppose, but then why not just ask for the database password instead. And you'd still ultimately be passing the password to something else on the commandline which is just as big a security hole, commandline parameters can be viewed by anyone via /proc/. (Your database might fork and exec to hide its parameters though.)