Comparison of command shells

From Wikipedia, the free encyclopedia
Jump to: navigation, search
For more details on this topic, see Shell (computing).
Bash, the default shell on many GNU/Linux distributions.

A command shell is a command line interface computer program to an operating system.

General characteristics[edit]

Usual environment Usually invoked Introduced Platform-independent Default login shell in Default script shell in License Source code availability User interface Mouse support Unicode support ISO 8601 support Console redirection Stream redirection Configurability Startup/shutdown scripts Batch scripts Logging Native CIM/WBEM support available as statically linked, independent single file executable
Bourne shell 7th Ed. UNIX sh 1977 Yes[1][2] 7th Ed. UNIX 7th Ed. UNIX, Proprietary, CDDL[3][4] Yes Text-based CLI No Yes N/A Yes Yes (arbitrary fds) Yes (via variables and options) Yes (.profile) Yes (Unix feature) Yes No Yes
POSIX shell[5] POSIX sh 1992[6] Yes N/A POSIX N/A N/A Text-based CLI No Yes, if used by configured locale Yes (date and touch utilities) Yes Yes (arbitrary fds) Yes (via variables and options) Unspecified (.profile given as an example) Yes (Unix feature) Yes No N/A
bash (v4.0) POSIX bash, sh 1989[7] Yes GNU, Linux, Mac OS X 10.3+ GNU, Linux, Haiku, Mac OS X GPL Yes Text-based CLI No Yes Yes (printf builtin) Yes Yes (arbitrary fds) Yes (via variables and options) Yes (/etc/profile, .bash_profile, .bash_login, .profile, .bashrc) Yes (Unix feature) Yes No Yes
csh POSIX csh 1978 Yes SunOS ? BSD Yes Text-based CLI No No ? Yes Yes (stdin, stdout, stdout+stderr) ? ? Yes (Unix feature) ? No Yes
tcsh POSIX tcsh, csh 1983[8] Yes FreeBSD, formerly Mac OS X ? BSD Yes Text-based CLI No Yes ? Yes Yes (stdin, stdout, stdout+stderr) ? ? Yes (Unix feature) ? No Yes
Hamilton C shell Win32, OS/2 csh 1988[9] Yes (OS/2 version no longer maintained) optional optional Proprietary ? Text-based CLI ? No ? Yes Yes (stdin, stdout, stdout+stderr) ? ? ? ? No Yes
Scsh POSIX scsh 1994 Yes ? ? BSD-style Yes ? ? ? ? ? Yes ? ? ? ? No Yes
ksh (ksh93t+) POSIX ksh 1983[10][11] Yes AIX, HP-UX OpenSolaris Common Public License Yes Text-based CLI No Yes Yes (printf builtin) Yes Yes (arbitrary fds) Yes (via variables and options) Yes (system and user's profile and kshrc) Yes (Unix feature) Yes No Yes
pdksh POSIX ksh, sh 1989? Yes OpenBSD[12] OpenBSD[12] Public Domain Yes Text-based CLI No No N/A Yes Yes (arbitrary fds) Yes (via variables and options) Yes (/etc/profile, .profile) Yes (Unix feature) Yes No Yes
zsh POSIX zsh 1990 Yes Grml, Gobolinux Grml MIT-style Yes Text-based CLI via additional code[13] Yes Yes Yes Yes (arbitrary fds) Yes (via variables, options, functions, styles, etc.) Yes (system and user's zshenv, zprofile, zshrc, zlogin, zlogout) Yes (Unix feature) Yes No Yes
ash POSIX sh 1989 Yes Minix, BusyBox based systems NetBSD, Minix, BusyBox based systems BSD-style Yes Text-based CLI No Yes Yes (touch builtin) Yes Yes (arbitrary fds) Yes (via variables and options) Yes (/etc/profile, .profile) Yes (Unix feature) Yes No Yes
CCP CP/M, MP/M (CCP) 1975 (1973) No CP/M (no login), MP/M CP/M, MP/M Freeware (originally proprietary) Yes (originally closed-source) Text-based CLI No No No ? No No Yes (automatic via $$$.SUB) Partial (only via external SUBMIT command to update $$$.SUB) No No Yes
COMMAND.COM DOS COMMAND 1980 No (3rd party implementations, not bound to a specific DOS vendor or version, available) DOS, Windows 95, 98, SE, ME DOS, Windows 95, 98, SE, ME vendor specific, f.e. MS-EULA,[14] or BSD/GPL (free clones) No (except for OpenDOS, DR-DOS, PTS/DOS and FreeDOS) Text-based CLI No No No (except for DR-DOS) Yes (via COMMAND con: or CTTY con:) Yes (stdin, stdout) Yes (via startup parameters and environment variables, DR-DOS also supports DIR /C /R user-default switch command) Yes (automatic \AUTOEXEC.BAT for primary shell, or explicitly via /P, /P:filename.bat or /K startup options) Yes (via CALL command or /C and /K startup options) No No Yes
OS/2 CMD.EXE OS/2 CMD 1987 No OS/2 OS/2 IBM-EULA[15] No Text-based CLI No No No No Yes (stdin, stdout, stderr) ? Partial (only via /K startup option) Yes (via CALL command or /C and /K startup options) No No ?
Windows CMD.EXE[16] Win32 CMD 1993 No Windows NT, 2000, XP, Server 2003, Vista Windows NT, 2000, XP, Server 2003, Vista MS-EULA[17] No Text-based CLI No Partial (CHCP 65001 for UTF-8, but program arguments are still encoded in local codepage) No No Yes Yes (via registry, startup parameters, and environment variables) Yes (automatic via registry, or explicitly via /K startup option) Yes (via CALL command or /C and /K startup options) No No Yes
4DOS, NDOS DOS, Windows 95, 98, SE, ME 4DOS, NDOS 1989 (1986) No (not bound to a specific OS vendor or version) optional optional MIT License, with restrictions Yes Text-based CLI with TUI extensions Yes (popups, help system, %_MOUSE internal variable, INKEY /M command) No Yes Yes (via 4DOS con: or CTTY con:, except for DRAWBOX, DRAWLINE, DRAWVLINE, LIST, SCREEN, SCRPUT, SELECT, VSCRPUT commands and file / directory coloring) Yes (stdin, stdout, stderr, stdout+stderr) Yes (via 4DOS.INI/NDOS.INI file, startup parameters, environment variables, SETDOS command) Yes (automatic \AUTOEXEC.BAT for primary shell and 4START.BTM/4START.BAT as well as 4EXIT.BTM/4EXIT.BAT for any shell, or explicitly via /P, /P:dir\filename.ext or /K startup options) Yes (via CALL command or /C and /K startup options) Yes No Yes
4OS2 OS/2 4OS2 1992 No (not bound to specific OS/2 versions) optional optional Freeware Yes Text-based CLI No No No No Yes (stdin, stdout, stderr, stdout+stderr) Yes (via 4OS2.INI file, startup parameters, environment variables, SETDOS command) Yes (automatic via 4START.CMD/4START.BTM as well as 4EXIT.CMD/4EXIT.BTM files, or explicitly via /K startup.cmd option) Yes (via CALL command or /C and /K startup options) Yes No ?
TCC (formerly 4NT) Win32 TCC 1993 No (not bound to specific NT versions) optional optional Shareware No Text-based CLI (Take Command: GUI) Yes (console mouse, popups, help system, %_XMOUSE, %_YMOUSE internal variables, INKEY /M command) Yes Yes No Yes (stdin, stdout, stderr, stdout+stderr) Yes (via registry, TCMD.INI/4NT.INI file, startup parameters, environment variables, SETDOS command) Yes (automatic via registry and TCSTART/4START as well as TCEXIT/4EXIT, or explicitly via /K startup option) Yes (via CALL command or /C and /K startup options) Yes No No
Windows PowerShell .NET powershell 2006 No Windows Server 2008, 7, Vista, XP[18] Windows Server 2008, 7 MS-EULA[17] No Graphical CLI Yes Yes ? No Yes ? Yes (%USERPROFILE%\Documents \WindowsPowerShell\Microsoft.PowerShell_profile.ps1) ? ? Yes No
rc Plan 9, POSIX rc 1989 Yes Plan 9, Version 10 Unix Plan 9, Version 10 Unix Lucent Public License ? ? ? Yes ? ? Yes ? ? ? ? No Yes
BeanShell Java ? 2005 Yes ? ? LGPL ? ? ? Yes ? ? Yes ? ? ? ? ? Yes (bsh.jar)
VMS DCL[19] OpenVMS ? 1977? Yes VMS VMS ? ? Text-based CLI ? No ? ? Yes (sys$input, sys$output assignment) ? ? ? ? No No
fish POSIX fish 2005[20] Yes ? ? GPL Yes ? ? Yes ? ? Yes (arbitrary fds) ? ? ? ? No ?

Notes[edit]

  1. ^ A platform independent version based on the historical UNIX V7 original source code is available from Geoff Collyer
  2. ^ A platform independent version based on the SVr4/Solaris source code is available from Jörg Schilling
  3. ^ The historic UNIX V7 version is available under a BSD-style license through the Unix Heritage Society and others.
  4. ^ The SVr4 (OpenSolaris) version https://sourceforge.net/p/schillix-on/schillix-on/ci/default/tree/usr/src/cmd/sh/ is available under CDDL, older versions (except UNIX V7) are available under a AT&T proprietray license. However, most extent versions (AIX, IRIX64, HPUX, Tru64) remain under AT&T licence.
  5. ^ IEEE and The Open Group (2008). IEEE 1003.1 Standard for Information Technology – Portable Operating System Interface (POSIX): Shell and Utilities, Issue 7. 
  6. ^ As part of IEEE Std.1003.2-1992 (POSIX.2); integrated into IEEE Std.1003.1 with the 2001 revision.
  7. ^ Brian Fox (forwarded by Leonard H. Tower Jr.) (7 June 1989). "Bash is in beta release!". gnu.announce. Web link. Retrieved 28 October 2010.
  8. ^ Ken Greer (3 October 1983). "C shell with command and filename recognition/completion". net.sources. Web link. Retrieved 29 December 2010.
  9. ^ Sussman, Ann. "Hamilton C Shell Speeds Development Of OS/2 Applications". PC Week (Dec 26 1988 - Jan 2 1989): 37. Retrieved Nov 22, 2010. 
  10. ^ Ron Gomes (9 June 1983). "Toronto USENIX Conference Schedule (tentative)". net.usenix. Web link. Retrieved 29 December 2010.
  11. ^ Guy Harris (10 October 1983). "csh question". net.flame. Web link. Retrieved 29 December 2010.
  12. ^ a b Default shell in OpenBSD is ksh (pdksh).
  13. ^ The zsh command line editor is fully configurable and can allow mouse support in various ways such as with Stéphane Chazelas's mouse.zsh.
  14. ^ MS-DOS and Windows component – covered by a valid license for MS-DOS or Microsoft Windows
  15. ^ OS/2 component – covered by a valid license for OS/2
  16. ^ Command extensions enabled, or "CMD /X".
  17. ^ a b Windows component – covered by a valid license for Microsoft Windows
  18. ^ Windows PowerShell is installed with Windows 7, however, it is an optional download for users of Windows Vista or Windows XP.
  19. ^ "HP OpenVMS DCL Dictionary". Retrieved 23 March 2009. 
  20. ^ Axel Liljencrantz (17 May 2005). "Fish - The friendly interactive shell". Retrieved 8 April 2013. 

Interactive features[edit]

Command
name
completion
Path/file
argument
completion
Non-Path/file
argument
completion
Wildcard
completion
Command
history
Mandatory
argument
prompt
Automatic
suggestions
Syntax
highlighting
Directory history, stack or similar features Implicit
directory
change
Spell
checking
Integrated
environment
Snippets Value
prompt
Menu/options
prompt
Progress
indicator
Interactive
table
Context
sensitive
help
Command
builder
Bourne shell No No No No No No No No No No No No No Yes No No No No No
POSIX shell No No No No Yes No No No Yes (CDPATH) No No No No Yes No No No No No
bash (v4.0) Yes Yes when defined Yes[1] Yes No No No Yes (CDPATH, pushd, popd) optional No No No Yes Yes No No No No
csh Yes Yes No No Yes No No No Yes (cdpath, pushd, popd) optional No No No Yes No No No No No
tcsh Yes Yes No No Yes No No No No optional experimental No No Yes No No No No No
Hamilton C shell Yes Yes No Yes Yes No No No Yes (cdpath, pushd, popd) No No No No Yes No No No No No
Scsh No No No No No No No No No No No No No Yes No No No No No
ksh (ksh93t+) Yes (extendable) Yes (extendable) No No Yes No No No Yes (cdpath builtin, pushd, popd implemented as functions) No No No No Yes Yes No No No No
pdksh Yes Yes No No Yes No No No No No No No No Yes Yes No No No No
zsh Yes Yes when defined Yes[2] Yes No No No[3] Yes optional Yes No No Yes Yes No No Yes No
ash No No No No Yes No No No No No No No No Yes Yes No No No No
CCP No No No No No No No No No No No No No No No No No No No
COMMAND.COM No No No No No[4][5] No No No No No No No No No No (only via external CHOICE command, in DR-DOS also via SWITCH / DRSWITCH internal commands) No No No No
OS/2
CMD.EXE
Yes Yes No No Yes No No No No No No No No No No No No No No
Windows
CMD.EXE
partial partial No No Yes (F8) No No No Yes (PUSHD, POPD) No No No No Yes (via SET /P command) No No No No No
4DOS Yes Yes Yes Yes Yes[6][7] No No No (via popup, extended directory searches, CDPATH, PUSHD, POPD, DIRHISTORY, DIRS, CDD, CD - commands and %@DIRSTACK[] function) Yes No Yes No Yes (via INPUT, INKEY and ESET commands) Yes (via @SELECT[] function, and indirectly via a combination of INKEY, INPUT, SWITCH commands) No No Yes No (except for OPTION command for INI file directives)
4OS2 ? ? ? ? Yes No No No Yes Yes No ? No ? ? No No Yes No
TCC (formerly 4NT) Yes Yes Yes Yes Yes No No Yes (via popup, extended directory searches, CDPATH, PUSHD, POPD, DIRHISTORY, DIRS, CDD, CD - commands and %@DIRSTACK[] function) Yes No Yes No Yes (via INPUT, INKEY, ESET and SET /P commands) Yes (via @SELECT[] function, and indirectly via a combination of INKEY, INPUT, SWITCH commands)[8] No No Yes No
Windows PowerShell Yes Yes Yes Yes Yes (F8) Yes Yes[9] Yes[9] Yes; multiple stacks; multiple location types[10] No No Yes[9] Yes[9] Yes Yes[11] Yes[12] popup window[13] Yes[9] popup window[14]
rc Yes[15] Yes[15] No No Yes[15] No No No No No No No No ? No No No No No
BeanShell Yes Yes No No No No No No No No No No No No No No No No No
VMS DCL Minimum uniqueness scheme No No No Yes Yes No No No No No No No Yes No No No No No
fish Yes Yes when defined[16] Yes[17] Yes No Yes Yes Yes Yes No Yes[18] No Yes No No Yes No No

Completions[edit]

Command-line completion in Bash.

Completion features assist the user in typing commands at the command line. The simplest form of completion is command name completion where the shell looks for and suggests matching internal and/or external commands when the user enters a partial command and presses the completion key (often the Tab key).

For each command there is usually also a set of parameters/arguments/options. parameters/arguments/options are often identified by a name or letter preceding a value. Some shells allow completion on parameter/option names and -values.

Bash and zsh offer parameter name completion through a definition external to the command, distributed in a separate completion definition file. For command parameter name/value completions, the shell assumes path/filename completion if no completion is defined for the command. Completion can be set up to suggest completions by calling a shell function.[19]

As opposed to traditional shells where parameters are parsed internally by each command, all types of PowerShell commands (cmdlets, functions, script files) expose data about their parameters, names, types, value ranges and more. This discoverable data is used by the shell to automatically support argument name and value completion for built-in commands/functions, user-defined commands/functions as well as for script files. Cmdlets can also define dynamic completion of argument values where the completion values are computed dynamically on the running system.

Command history[edit]

Main article: Command history

A user of a shell may find that he/she is typing something similar to what the user typed before. If the shell supports command history the user can call the previous command into the line editor and edit it before issuing it again.

Shells that support completion may also be able to directly complete the command from the command history given a partial/initial part of the previous command.

Most modern shells support command history. Shells which support command history in general also supports completion from history rather than just recalling commands from the history. In addition to the plain command text, PowerShell also records execution start- and end time and execution status in the command history.

Mandatory argument prompt[edit]

Mandatory arguments/parameters are arguments/parameters which must be assigned a value upon invocation the command, function or script file. A shell that can determine ahead of invocation that there are missing mandatory values, can assist the interactive user by prompting for those values instead of letting the command fail. Having the shell prompt for missing values will allow the author of a script, command or function to mark a parameter as mandatory instead of creating script code to either prompt for the missing values (after determining that it is being run interactively) or fail with a message.

PowerShell allows commands, functions and scripts to define arguments/parameters as mandatory. The shell determines prior to invocation if there is any mandatory arguments/parameters which have not been bound, and will then prompt the user for the value(s) before actual invocation. [20]

Automatic suggestions[edit]

Main article: Autocomplete
Command-line completion in PowerShell.

With automatic suggestions the shell monitors while the interactive user is typing and displays context-relevant suggestions without interrupting the typing instead of the user explicitly requesting completion.

The PowerShell Integrated Scripting Environment use the discoverable metadata to provide "intellisense" - i.e. suggestions that automatically pops up as the user types, in addition to when the user explicitly requests completion lists by pressing e.g. Tab

Further information: Intellisense

Directory history, stack or similar features[edit]

A shell may record the locations the user has used as current locations and allow fast switching to any location/directory in the history.

One of the uses of the zsh directory stack is to record a directory history. In particular, the AUTO_PUSHD option and advanced cd arguments and completion are used for this purpose.

PowerShell allows multiple named stacks to be used. Locations (directories) can be pushed onto/popped from the current stack or a named stack. Any stack can become the current (default) stack. Unlike most other shells, PowerShell's location concept allow location stacks to hold file system locations as well as other location types like e.g. Active Directory organizational units/groups, SQL Server databases/tables/objects, Internet Information Server applications/sites/virtual directories.

4DOS and Take Command Console record history of current directories and allows the user to switch to a directory in the history using a popup a window.

Implicit directory change[edit]

A directory name can be used directly as a command which implicitly changes the current location to the directory.

Spell checking[edit]

Main article: Spell checker

When a command line does not match a command or arguments directly, spell checking can look for common typing mistakes and match possible alternatives with known valid alternatives. The shell can then suggest probable corrections to the interactive user.

The tcsh and zsh shells feature optional spell checking/correction.

Integrated environment[edit]

An integrated environment is the integration of the command line interface with editors (typically multiple documents), help system and possibly debugging and other tools.

Take Command Console (TCC) comes with an integrated environment with command line pane, file explorer, editor, batch debugger and more.[21]

PowerShell ISE includes a command line pane with support for integrated command line, copy-paste, multiple document editors, source level debugging, help pane, command explorer pane and scripting interface allowing scripts/modules to manipulate menus, add-ons etc. The ISE (menus, windows, shortcuts, addons) are customizable through scripts.[22]

Snippets[edit]

Main article: Snippet (programming)

Snippets are small regions of re-usable of script code. Snippets are often used to save keystrokes, or to assist the user with common scripting patterns.

PowerShell supports snippets in the Integrated Scripting Environment (ISE) using Ctrl J.[23]

Value prompt[edit]

A shell script can prompt the interactive user for a value.

Menu/options selector[edit]

A shell script can present the interactive user with a list of choices.

Progress indicator[edit]

A shell script (or job) can report progress of long running tasks to the interactive user.

Unix/Linux systems may offer other tools support using progress indicators from scripts or as standalone-commands, such as the program "pv".[24] These are not integrated features of the shells, however.

PowerShell has a built-in command and API functions (to be used when authoring commands) for writing/updating a progress bar. Progress bar messages are sent separates from regular command output and the progress bar is always displayed at the ultimate interactive users console regardless of whether the progress messages originates from an interactive script, from a background job or from a remote session.

Interactive table[edit]

Output from a command execution can be displayed in a table/grid which can be interactively sorted and filtered and/or otherwise manipulated after command execution ends.

PowerShell Out-GridView cmdlet displays data in an interactive window with interactive sorting and filtering.

Syntax highlighting[edit]

Main article: Syntax highlighting

An independent project offers syntax highlighting as an add-on to the Z Shell (zsh).[25] This is not part of the shell, however. PowerShell ISE has syntax highlighting on the current command line as well as in the script pane.[22] Take Command Console (TCC) offers syntax highlighting in the integrated environment.

Context sensitive help[edit]

4DOS, 4OS2, 4NT / Take Command Console and PowerShell (in PowerShell ISE) looks up context-sensitive help information when F1 is pressed.

Zsh provides various forms of configurable context-sensitive help as part of its run-help widget, _complete_help command, or in the completion of options for some commands.

Command builder[edit]

A command builder is a guided dialog which assists the user in filling in a command. PowerShell has a command builder which is available in PowerShell ISE or which can be displayed separately through the Show-Command cmdlet.[26]

Notes[edit]

  1. ^ Alt-Shift-8 or Alt-* will expand to the full matching list of filenames
  2. ^ "[Z Shell] Completion System". 
  3. ^ zsh does not feature syntax highlighting, but a 3rd party project exists which offers this capability as an add-on: zsh-syntax-highlighting
  4. ^ Available through the DOSKEY add-on
  5. ^ Available in DR-DOS through HISTORY
  6. ^ Alternatively available through the DOSKEY add-on as well
  7. ^ Alternatively available in DR-DOS through HISTORY as well
  8. ^ TCC has special prompt functions for Yes, No, Cancel, Close, Retry.
  9. ^ a b c d e Available in PowerShell Integrated Scripting Environment (ISE) which offers integrated command line pane, script editor, intellisense, help, scriting snippets, source-level debugging, syntax highlighting, automatic suggestions (IntelliSense) and more.
  10. ^ Push-Location (with alias pushd) and Pop-Location (with alias popd) allows multiple location types (directories of file systems, organizational units of Active Directory, nodes of Windows Registry etc) to be pushed onto and popped from location stacks.
  11. ^ The $host.ui.PromptForChoice function allows for a menu-style prompt for choices. The prompt works from background jobs as well as from remote sessions, displaying the menu prompt on the console of the controlling session.
  12. ^ The Write-Progress cmdlet writes a progress bar which can indicate percentage, remaining seconds etc. The progress bar messages work from background jobs or remote sessions in addition to interactive scripts, i.e. the progress bar is displayed on the console of the controlling session, not as part of the regular output.
  13. ^ The Out-GridView (with a the alias ogv) opens an interactive "grid view" (table) where the user can sort, filter and select/choose rows, rearrange columns etc.
  14. ^ The Show-Command cmdlet inspects the command definition and opens an interactive windows with a named input field for each parameter/switch
  15. ^ a b c Handled by rio, GNU readline, editline or vrl
  16. ^ "Fish user documentation". 
  17. ^ "Fish user documentation". "Completion of filenames, even on strings with wildcards such as *, ** and ?." 
  18. ^ The fish shell is an interactive character based input/output surface
  19. ^ "zsh: 20. Completion System". Zsh.sourceforge.net. 2013-03-06. Retrieved 2013-08-18. 
  20. ^ "Use PowerShell to Make Mandatory Parameters". 
  21. ^ "#1 Windows Command Line Replacement - Windows CMD Command Prompt Commands". Jpsoft.com. Retrieved 2013-08-18. 
  22. ^ a b "Windows PowerShell 3.0 Integrated Scripting Environment (ISE)". Technet.microsoft.com. Retrieved 2013-08-18. 
  23. ^ "PowerShell v3 ISE and ISE scripting model changes & improvements". PowerShell Magazine. 2011-09-28. Retrieved 2013-08-18. 
  24. ^ http://linux.die.net/man/1/pv
  25. ^ "zsh-users/zsh-syntax-highlighting 路 GitHub". Github.com. Retrieved 2013-08-18. 
  26. ^ "Show-Command". Technet.microsoft.com. Retrieved 2013-08-18. 

Programming features[edit]

Functions Exception handling Search & replace on variable substi­tutions Arith­metic Linear arrays or lists Assoc­iative arrays Lambda functions eval func­tion Pseudo­random number generation Bytecode
Bourne shell Yes since SVR2 Yes (via trap) No No No No No Yes No No
POSIX shell Yes Yes (via trap) No No No No No Yes No No
bash (v4.0) Yes Yes (via trap) Yes (via ${//} syntax) Yes Yes Yes No Yes Yes ($RANDOM) No
csh No No Yes (via $var:s/// syntax) Yes Yes No No Yes No No
tcsh No No Yes (via $var:s/// syntax) Yes Yes No No Yes No No
Hamilton C shell Yes No Yes (via $var:s/// syntax) Yes Yes No No Yes No No
Scsh Yes ? Yes (via string functions and regular expressions) ? Yes ? Yes Yes Yes (random-integer, random-real) Yes (compiler is Scheme48 virtual machine, via scshvm)
ksh (ksh93t+) Yes Yes (via trap) Yes (via ${//} syntax and builtin commands) Yes ? Yes No Yes Yes ($RANDOM) Yes (compiler is called shcomp)
pdksh Yes Yes (via trap) No ? ? ? No Yes Yes ($RANDOM) No
zsh Yes Yes Yes (via ${:s//} and ${//} syntax) Yes Yes Yes No Yes Yes ($RANDOM) Yes (built-in zcompile command)
ash Yes Yes (via trap) No No No No No Yes No No
CCP No ? No No No No No No No No
COMMAND.COM No Partial (only Auto-fail (via COMMAND /F (or /N in some versions of DR-DOS)) No No No No No No No No
OS/2 CMD.EXE No No No ? ? No No No No No
Windows CMD.EXE Yes (via CALL :label) No Yes (via SET %varname:expression syntax) Yes (via SET /A)[1] Yes (via SET[2]) No No No Yes (%random%) No
4DOS Yes Yes (via ON command, optional Auto-fail via 4DOS /F) Yes (via %@Replace[...] function) Yes (via SET /A) Yes (via ranges, include lists, @file lists and FOR command) No No Yes Yes (%@Random[...] function) Yes (via BATCOMP command)
4OS2 ? ? ? ? ? ? No Yes Yes (%@Random[...] function) ?
TCC (formerly 4NT) Yes Yes (via ON and various ...MONITOR commands) Yes (via %@Replace[...] function) Yes (via SET /A) Yes (via ranges, include lists, @file lists and FOR command) ? No Yes Yes (%@Random[...] function) Yes (via BATCOMP command)
Windows PowerShell Yes Yes Yes (-replace operator) Yes Yes Yes Yes Yes Yes Yes, automatic
rc Yes Yes No ? ? ? No Yes No No
BeanShell Yes Yes ? Yes Yes Yes No Yes Yes Yes
VMS DCL Yes Yes No Yes Yes ? No No No No
fish Yes Yes (via trap) No Yes Yes No No Yes Yes (random) No

Notes[edit]

String processing and filename matching[edit]

String processing Alternation (Brace expansion) Pattern matching (regular expressions built-in) Pattern matching (filename globbing) Globbing qualifiers (filename generation based on file attributes) Recursive globbing (generating files from any level of subdirectories)
Bourne shell ? No No Yes (*, ?, [...]) No No
POSIX shell ? No No Yes (*, ?, [...]) No No
bash (v4.0) ? Yes Yes Yes (*, ?, [...], {...}) No Yes (**/...)
csh Yes (:s and other editing operators) Yes No Yes No No
tcsh Yes (:s and other editing operators) Yes Yes Yes No No
Hamilton C shell Yes (:s and other editing operators + substr, strlen, strindex, printf, reverse, upper, lower, concat and other builtin functions) Yes No Yes No Yes (via indefinite directory "..." wildcard[1])
Scsh ? ? Yes Yes No No
ksh (ksh93t+) ? ? Yes Yes (*, ?, [...]) No Yes (with set -G, no following of symlinks)
pdksh ? Yes[2] No Yes No No
zsh Yes (through variable processing: e.g. substring extraction, various transformations via parameter expansion) Yes Yes Yes (*, ?, [...], extended globbing[3]) Yes Yes (**/... or ***/... to follow symlinks)
ash ? ? No Yes No No
CCP No No No No No No
COMMAND.COM No No No Yes (*, ?) No No
OS/2 CMD.EXE No No No Yes (*, ?) Partial (only in DIR /A:... command) No
Windows CMD.EXE Partial (only through FOR /F and SET /A) No Yes (via FINDSTR /R command) Yes (*, ?) Partial (only in DIR /A:... command) Yes (via FOR /R command, or, where available, indirectly via /S subdir option)
4DOS Yes (through variable functions %@...[], extended environment variable processing, various string commands and FOR /F and SET /A) No No Yes (*, ?, [...], extended wildcards, SELECT popup command) Yes (via /A:... attribute and /I"..." description options and /[S...] size, /[T...] time, /[D...] date, and /[!...] file exclusion ranges) Yes (via FOR /R command, or indirectly via GLOBAL command or, where available, /S subdir option)
4OS2 ? No No ? ? ?
TCC (formerly 4NT) Yes (through variable functions %@...[], extended environment variable processing, various string commands and FOR /F and SET /A) No Yes Yes (*, ?, [...], extended wildcards, SELECT popup command) Yes (via /A:... attribute and /I"..." description options and /[S...] size, /[T...] time, /[D...] date, /[O...] owner, and /[!...] file exclusion ranges) Yes (via FOR /R command, or indirectly via GLOBAL command or, where available, /S subdir option)
Windows PowerShell Yes (Concat/Substring/Insert/Remove/Replace, ToLower/ToUpper, Trim/TrimStart/TrimEnd, Compare, Contains/StartsWith/EndWith, Format, IndexOf/LastIndexOf, Pad/PadLeft/PadRight, Split/Join, regular expression functions and other .NET string functions) No Yes (full regex support)[4] Yes (*, ?, [...]) ? ?
rc ? ? No Yes No No
BeanShell ? ? Yes ? ? ?
VMS DCL ? ? No Yes No Yes (via [SUBDIR...])
fish ? ? No Yes (*, ?, {...}) No Yes (**/...)

Notes[edit]

  1. ^ Hamilton C shell Language reference: Wildcarding and pattern matching, Hamilton Laboratories, retrieved October 29, 2013, "... Indefinite Directory: match any number of directory levels – zero or more – whatever it takes to make the rest of the pattern match." 
  2. ^ Seebach, Peter (2008). Beginning Portable Shell Scripting: From Novice to Professional. Expert's voice in open source. Apress. p. 149. ISBN 9781430210436. Retrieved 2014-09-17. "Brace expansion is available in ksh93, pdksh, bash, and zsh." 
  3. ^ Zsh offers a variety of globbing options.
  4. ^ PowerShell leverages the full .NET regular expression engine which features named captures, zero-width lookahead/-behind, greedy/non-greedy, character classes, level counting etc.

Inter-process communication[edit]

Keystroke stacking Pipes Command substitution Process substitution Subshells TCP/UDP connections as streams
Bourne shell ? bytes concurrent Yes No Yes No
POSIX shell No bytes concurrent Yes No Yes No
bash (v4.0) ? bytes concurrent Yes Yes (if system supports /dev/fd/<n> or named pipes) Yes Yes (client only)
csh ? bytes concurrent Yes No Yes No
tcsh ? bytes concurrent Yes No Yes No
Hamilton C shell ? bytes concurrent Yes No Yes No
Scsh ? text ? ? ? Yes
ksh (ksh93t+) ? bytes (may contain serialized objects if print -C is used) concurrent Yes ($(...) and ${<space>...;}) Yes (if system supports /dev/fd/<n>) Yes Yes (and SCTP support, client only)
pdksh ? bytes concurrent Yes No Yes No
zsh ? bytes concurrent Yes Yes Yes Yes (client and server, but only TCP)
ash ? bytes concurrent Yes No Yes No
CCP No No No No No No
COMMAND.COM No text sequential temporary files No No Partial (only under DR-DOS multitasker via COMMAND.COM /T) No
OS/2 CMD.EXE No text concurrent No No ? No
Windows CMD.EXE No text concurrent Yes (via FOR /F command) No Yes (Backtick: ` in FOR /F usebackq) No
4DOS Yes (via KEYSTACK and KSTACK) text sequential temporary files Yes (via FOR /F command) ? Partial (via %@EXECSTR[] and %@EXEC[], or via SET /M, ESET /M and UNSET /M and %@MASTER[...]) No
4OS2 Yes (via KEYSTACK) text concurrent ? ? ? No
TCC (formerly 4NT) Yes (via KEYSTACK) text concurrent Yes (via FOR /F command) ? Partial (via %@EXECSTR[] and %@EXEC[]) Yes (via FTP, TFTP, FTPS, SFTP, HTTP, HTTPS and IFTP, client only)
Windows PowerShell ? objects concurrent Yes No Yes Yes
rc ? text concurrent Yes Yes (via: <{cmd} if system supports /dev/fd/<n>) Yes No
BeanShell ? not supported ? ? ? Yes
VMS DCL ? text (via PIPE command) No No Yes (spawn) Yes (server TCP only)
fish ? bytes concurrent Yes (...) Yes (... | psub) No No

Notes[edit]

Security features[edit]

Secure (password) prompt Non-password credentials prompt Encrypted variables/ parameters File/directory passwords Execute permission Script origin execution restriction Signed script restriction Multilevel execution policies Restricted shell subset Safe data subset
Bourne shell via stty[1] No No ? Yes[2] No No No Yes No
POSIX shell via stty[1] No No ? Yes[2] No No No No No
bash (v4.0) read -s No No ? Yes[2] No No No Yes No
csh via stty[1] No No ? Yes[2] No No No Yes No
tcsh via stty[1] No No ? Yes[2] No No No Yes No
Hamilton C shell No No No ? No No No No No No
Scsh via stty[1] No No ? Yes[2] No No No No No
ksh (ksh93t+) via stty[1] No No ? Yes[2] No No No Yes No
pdksh via stty[1] No No ? Yes[2] No No No Yes No
zsh read -s No No ? Yes[2] No No No Yes No
ash via stty[1] No No ? Yes[2] No No No Yes No
CCP No No No No No No No No No No
COMMAND.COM Partial (only under DR-DOS, prompts for password if file/directory is protected) No No Partial (only under DR-DOS via \dirname;dirpwd\filename;filepwd syntax)[3] Partial (only under DR-DOS, if files are password-protected for read and/or execute permission)[4] No No No No No
OS/2 CMD.EXE No No No No No No No No No No
Windows CMD.EXE No No No No No No No No No No
4DOS Yes (via INPUT /P or INKEY /P)[5] No No Partial (only under DR-DOS via \dirname;;dirpwd\filename;;filepwd syntax)[3] Partial (only under DR-DOS, if files are password-protected for read and/or execute permission)[4] No No No No No
4OS2 ? No No No No No No No No No
TCC (formerly 4NT) Yes (via INPUT /P, INKEY /P or QUERYBOX /P)[5] No No No No Yes (via NTFS Zone ID config setting) No No No No
Windows PowerShell Yes[6] Yes Yes No No[7] Yes[8] Yes[9] Yes[10] Yes[11] Yes[12]
rc via stty[1] No No ? Yes[2] No No No Yes[13] No
BeanShell ? ? ? ? ? ? ? ? ? ?
VMS DCL ? No No ? No No No No No No
fish ? ? ? ? ? ? ? ? ? ?

Secure prompt[edit]

Some shell scripts need to query the user for sensitive information such as passwords, private digital keys, PIN codes or other confidential information. Sensitive input should not be echoed back to the screen/input device where it could be gleaned by unauthorized persons. Plaintext memory representation of sensitive information should also be avoided as it could allow the information to be compromised, e.g., through swap files, core dumps etc.[14]

The shells bash, zsh and Windows PowerShell offer this as a specific feature.[15][16] Shells which do not offer this as a specific feature may still be able to turn off echoing through some other means. Shells executing on a Unix/Linux operating system can use the stty external command to switch off/on echoing of input characters.[17] In addition to not echoing back the characters, PowerShell's -AsSecureString option also encrypts the input character-by-character during the input process, ensuring that the string is never represented unencrypted in memory where it could be compromised through memory dumps, scanning, transcription etc.

Non-password credentials prompt[edit]

Scripts that connect to resources on behalf of the user will usually (security best practice) query the user for his/her credentials at run time. Depending on the security policies in place, the credentials may be in the form of username+password, smart card with PIN code, biometrics, tokens etc. The script should be able to handle (relay) credentials without restricting the credential type to username+password, i.e. it should be able to handle "abstract" credentials without concerns about specific type of the credentials.

PowerShell comes with the Get-Credential cmdlet which prompts for credentials and which can accept other types of credentials, e.g. a smart card with a PIN code depending on the security providers available at run time. Scripts that need to obtain credentials to access resources on behalf of the user can use this cmdlet to obtain credentials without specifying which form they must take. The Get-Credential cmdlet returns credentials in Common Criteria compliant encrypted form.[18]

Encrypted variables/parameters[edit]

If a script reads a password into an environment variable it is in memory in plain text, and thus may be accessed via a core dump. It is also in the process environment, which may be accessible by other processes started by the script.[19]

PowerShell can work with encrypted string variables/parameters.[20] Encrypted variables ensure that values are not inadvertently disclosed through e.g. transcripts, echo'ing, logfiles, memory or crash dumps or even malicious memory scanning. PowerShell also supports saving of such encrypted strings in text files, protected by a key owned by the current user.

Execute permission[edit]

Some operating systems define an execute permission which can be granted to users/groups for a script file. The Linux/Unix shells in general require that this bit be set if a file is invoked as a script file to be executed by the shell. Although Windows also specifies an execute permission, none of the Windows specific shells block script execution if the permission has not been granted. PowerShell protects against inadvertently executing scripts obtained from untrusted sources through other means (described in the following sections).

Script origin execution restriction[edit]

PowerShell can be set to block execution of scripts which has been marked as obtained from an unknown/untrusted origin (e.g. the Internet).[21] Internet facing applications such as web browsers, IM clients, mail readers etc. mark files downloaded from the internet with the origin zone in an alternate data stream which is understood by PowerShell. The Unix/Linux shell in general block on the specific execute permission (see General execution restriction above), not based on origin zone.

Signed script restriction[edit]

Script/code signing policies can be used to ensure that an operations department only run approved scripts/code which have been reviewed and signed by a trusted reviewer/approver. Signing regimes also protects against tampering. If a script is sent from vendor to a client, the client can use signing to ensure that the script has not been tampered with during transit and that the script indeed originates from the vendor and not an attacker trying to social engineer an operator into running an attack script.

PowerShell can be set to allow execution of otherwise blocked scripts (e.g. originating from an untrusted zone) if the script has been digitally signed using a trusted digital certificate.[22][23][24]

Multilevel execution policies[edit]

A company may want to enforce execution restriction globally within the company and/or certain parts of the company. It may want to set a policy for running signed scripts but allow certain parts of the company to set their own policies for zoned restrictions.

PowerShell allows script blocking policies to be enforced at multiple levels: Local machine, current user etc. A higher level policy overrides a lower level policy, e.g. if a policy is defined for the local machine it is in place for all users of the local machine, only if it is left undefined at the higher level can it be defined for the lower levels.

Restricted shell subset[edit]

Several shells can be started or be configured to start in a mode where only a limited set of commands and actions is available to the user. While not a security boundary (the command accessing a resource is blocked rather than the resource) this is nevertheless typically used to restrict users' actions before logging in.

A restricted mode is part of the POSIX specification for shells, and most of the Linux/Unix shells support such a mode where several of the built-in commands are disabled and only external commands from a certain directory can be invoked.[25][26]

PowerShell supports restricted modes through session configuration files or session configurations. A session configuration file can define visible (available) cmdlets, aliases, functions, path providers and more.[27]

Safe data subset[edit]

Scripts that invoke other scripts can be a security risk as they can potentially execute foreign code in the context of the user who launched the initial script. Scripts will usually be designed to exclusively include scripts from known safe locations; but in some instances, e.g. when offering the user a way to configure the environment or loading localized messages, the script may need to include other scripts/files.[28] One way to address this risk is for the shell to offer a safe subset of commands which can be executed by an included script.

PowerShell data sections can contain constants and expressions using a restricted subset of operators and commands.[29] PowerShell data sections are used when e.g. localized strings needs to be read from an external source while protecting against unwanted side effects.

Notes[edit]

  1. ^ a b c d e f g h i The shell can use the stty utility to suppress echoing of typed characters to the screen. This requires multiple steps: 1. reading the current echo state, 2. switching echo off, 3. reading the input, 4. switching echo state back to the original state.
  2. ^ a b c d e f g h i j k Scripts can only be invoked directly if user has execute permission on the file. Scripts can still be piped as input to the shell processor without execute permission.
  3. ^ a b Under DR-DOS the password separator for file and directory passwords is a semicolon. This is also supported under 4DOS for as long as the command does not support include lists. Unter 4DOS, the password separator must be doubled for all commands supporting include lists in order to distinguish passwords from include lists. Commands not supporting include lists accept both forms. DR-DOS 7.02 and higher optionally accept a doubled semicolon as well, so that doubled semicolons work under both COMMAND.COM and 4DOS regardless of the command executed.
  4. ^ a b DR-DOS supports file passwords for read/write/delete and optionally execute permissions. Files are not protected by default, but the system can be set up so that f.e. batch scripts require a password to read.
  5. ^ a b INPUT /P and INKEY /P echoes back asterisks for each typed character
  6. ^ Read-Host -AsSecureString reads a string of characters from the input device into an encrypted string, one character at a time thus ensuring that there is no memory image of the clear text which could be gleaned from scanning memory, or from crash dumps, memory dumps, paging files, log files or similar.
  7. ^ PowerShell script files (.ps1 files) are by default associated with the Notepad editor, not with the PowerShell execution engine. Invoking a .ps1 file will launch Notepad rather than executing the script.
  8. ^ PowerShell allows an execution policy to specify if scripts with zone identifiers indicating that they were obtained from an untrusted zone should be allowed to execute.[1]
  9. ^ PowerShell scripts can be signed with a digital certificate, and PowerShell can be set to block execution of unsigned scripts.[2]
  10. ^ PowerShell defines 5 levels (scopes) where execution policies can be defined, where a higher level overrides a lower level.[3]
  11. ^ Startup scripts per computer/user can import modules and expose a subset the commands/functions available in the modules.
  12. ^ PowerShell Data sections define sections of scripts which can be evaluated using a restricted subset of commands.[4]
  13. ^ -l makes rc behave as a restricted login shell
  14. ^ Provos, Niels. "Encrypting Virtual Memory". Center for Information Technology Integration, University of Michigan. Retrieved 20 December 2012. 
  15. ^ "bash - GNU Bourne-Again SHell". "read -s Silent mode. If input is coming from a terminal, characters are not echoed." 
  16. ^ "Using the Read-Host Cmdlet". "By adding the -assecurestring parameter you can mask the data entered at the prompt" 
  17. ^ "Linux / Unix Command: stty". 
  18. ^ "Getting Credentials From The Command Line - Windows PowerShell Blog - Site Home - MSDN Blogs". Blogs.msdn.com. 2008-06-24. Retrieved 2013-08-18. 
  19. ^ Albing, Carl; Vossen, J.P.; Newham, Cameron (2007). "3.8. Prompting for a Password". Bash cookbook (1. ed. ed.). Sebastopol, Calif.: O'Reilly. p. 65. ISBN 978-0-596-52678-8. "Be aware that if you read a password into an environment variable it is in memory in plain text, and thus may be accessed via a core dump or /proc/core. It is also in the process environment, which may be accessible by other processes." 
  20. ^ Holmes, Lee. "SecureStrings in PowerShell". Retrieved 18 December 2012. 
  21. ^ "PowerShell Security :: Windows OS Security :: Articles & Tutorials". WindowSecurity.com. Retrieved 2013-08-18. 
  22. ^ http://www.hanselman.com/blog/SigningPowerShellScripts.aspx
  23. ^ "Hey, Scripting Guy! How Can I Sign Windows PowerShell Scripts with an Enterprise Windows PKI? (Part 2 of 2) - Hey, Scripting Guy! Blog - Site Home - TechNet Blogs". Blogs.technet.com. Retrieved 2013-08-18. 
  24. ^ "Running Windows PowerShell Scripts". Technet.microsoft.com. Retrieved 2013-08-18. 
  25. ^ "man sh - shell, the standard command language interpreter / posix" (in French). Pwet.fr. Retrieved 2013-08-18. 
  26. ^ "Bash Reference Manual: The Restricted Shell". Gnu.org. 2010-12-28. Retrieved 2013-08-18. 
  27. ^ "New-PSSessionConfigurationFile". Technet.microsoft.com. Retrieved 2013-08-18. 
  28. ^ Albing, Carl; Vossen, J.P.; Newham, Cameron (2007). Bash cookbook (1. ed. ed.). Sebastopol, Calif.: O'Reilly. ISBN 978-0-596-52678-8. "[...] is hardly what one thinks of as a passive list of configured variables. It can run other commands (e.g.,cat) and use if statements to vary its choices. It even ends by echoing a message. Be careful when you source something, as it’s a wide open door into your script." 
  29. ^ "about_Data_Sections". Microsoft. Retrieved 18 December 2012. 

External links[edit]