2

In ubuntu scripts can be executed with following commands:

$ chmod +x manage.py
$ manage.py

However in mac you need to use ./ in order to actually run the script, as follow:

$ chmod +x manage.py
$ ./manage.py

I would like to know what is exactly ./ (especially that both system use bash by default) and if there is a way to run scripts directly in mac?

bman
  • 5,016
  • 4
  • 36
  • 69
  • 1
    "*In ubuntu scripts can be executed with following commands*" not in general. This completely depend on how the environment's `PATH` variable had been set. – alk Feb 04 '17 at 10:27

2 Answers2

4

It's because you (very sensibly) don't have . in your PATH environment variable. If you do, it becomes an attack vector for people to get you to execute their own code instead of real stuff.

For example, let's say your path is:

.:/usr/bin

so that commands will first be searched for in your current directory, then in /usr/bin.

Then another user creates an executable script file ls in their home directory which changes to your home directory and deletes all your files. Then they tell you they've got something interesting in their home directory. You run ls to see what they have, and your files are deleted. All because it ran ls from your current directory first.

This is a particular favorite attack vector against naive system admins.

To be honest, on my home machines, I don't worry too much, since I'm the only user and I'm not prone to downloading stuff I don't trust. So I usually add . to my path for convenience, but usually at the end so it doesn't get in the way of my more regular commands.

Luke Peterson
  • 8,584
  • 8
  • 45
  • 46
paxdiablo
  • 854,327
  • 234
  • 1,573
  • 1,953
  • Paxdiablo; the example you're showing may not be relevant since when you are the system admin, chances are high you'll be navigating to that user's home directory, but as a root user. If any user decides to set the PATH of a non-root user in such a way, you can ask questions, but you can't prevent. You say it's an attack against system admin. From a non-root account, don't see how you are going to change root's PATH. A non-root user; yes. But, sys admin controls backups, no ? – tvCa Dec 16 '14 at 19:27
  • @tvCa, the attack vector is not because you can change someone's path, it's because someone with the power to can. That includes a naive sysadmin changing root's path because it makes it more convenient for them. And deletion of files was just an example, no amount of backups is going to fix the problem of, for example, stolen corporate information. – paxdiablo Dec 16 '14 at 22:03
0

When you are executing a command that file (script/binary) needs to be found by the system. That is done by putting directories where to look for scripts into the PATH environment variable. So if it works in ubuntu it means PATH includes '.' (the current directory). If you want the same behavior on mac then put something like export PATH="$PATH:." in your .bashrc (asuming you are using bash..)

sammygadd
  • 299
  • 2
  • 6