Keeping Passwords Out of Viewable History
Novell Cool Solutions: Tip
By Aaron Burgemeister
Digg This -
Posted: 9 Mar 2006
In major *nix distributions (Linux, Unix, and Mac X+), previous commands are kept in the history for a period of time. This is a very helpful feature to speed up repeated tasks and to look back and see what has been done in case a step of a procedure was missed.
However, some users may find that if they look through their history (`history` command), they have passwords entered at the command line, displayed for the world to see. These will be there if the user typed a password into the prompt as part of a regular command (as opposed to when prompted by the system for a password that would not show up at the prompt).
In bash there is a variable named 'HISTCONTROL' that is set by the shell when it is loaded. To see the value of HISTCONTROL, use the following command:
If this value is set to either 'ignoreboth' or 'ignorespace' then it tells bash not to remember commands that start with a space. ('ignoreboth' has other functionality, but 'ignorespace' is included in that, along with 'ignoredups'). To use this functionality, just put a space before the command you want to omit from the history. Going back through the history with Ctrl+R, the up arrow, or the 'history' command, should not show the most-recent command that was meant to be hidden.
Note that if you are going to reuse a command multiple times it may be a better option to type 'history -c' after running the commands so you can reuse the previous commands in the meantime. This clears the entire history list.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com