Novell Home

Keeping Passwords Out of Viewable History

Novell Cool Solutions: Tip
By Aaron Burgemeister

Rate This Page

Reader Rating  stars  from 5 ratings

Digg This - Slashdot This

Posted: 9 Mar 2006 		 

Problem

In major *nix distributions (Linux, Unix, and Mac X+), previous commands are kept in the history for a period of time. This is a very helpful feature to speed up repeated tasks and to look back and see what has been done in case a step of a procedure was missed.

However, some users may find that if they look through their history (`history` command), they have passwords entered at the command line, displayed for the world to see. These will be there if the user typed a password into the prompt as part of a regular command (as opposed to when prompted by the system for a password that would not show up at the prompt).

Solution

In bash there is a variable named 'HISTCONTROL' that is set by the shell when it is loaded. To see the value of HISTCONTROL, use the following command:

echo $HISTCONTROL

If this value is set to either 'ignoreboth' or 'ignorespace' then it tells bash not to remember commands that start with a space. ('ignoreboth' has other functionality, but 'ignorespace' is included in that, along with 'ignoredups'). To use this functionality, just put a space before the command you want to omit from the history. Going back through the history with Ctrl+R, the up arrow, or the 'history' command, should not show the most-recent command that was meant to be hidden.

Note that if you are going to reuse a command multiple times it may be a better option to type 'history -c' after running the commands so you can reuse the previous commands in the meantime. This clears the entire history list.

Reader Comments

  • in general, this is still a bad idea: 1. it's too easy to forget to set for a command 2. and ps -ef still lists the password... -> e.g. with oracle/sqlplus, provide the pw on stdin, not the command line. -> consider expect to provide the pw interactively, ... -> and don't keep the pw plaintext in an accessible file...
  • Good to know.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

Novell® Making IT Work As One

© 2008 Novell, Inc. All Rights Reserved.