Global Functions with the Korn Shell
Rainer Raab
Scripting and UNIX systems administration go hand in hand. Writing
scripts to automate repetitive tasks is necessary if you want to
find the time to work on other things, such as tightening security
on the systems you manage, migrating applications to promote server
utilization, capacity planning, and system tuning. These types of
tasks often fall at the bottom of the food chain if you are in a
typical shop, constantly putting out the fires started by buggy
applications, compounded by poor vendor support, and unreliable
hardware. They also lose priority if you are supporting a development
team with a time to market of 3-6 months for their application and
the developers expect you to manage the test, staging, and production
environments, along with application deployment and installation
scripts. Fortunately, most UNIX variants provide an ideal tool for
developing and deploying scripts -- the Korn shell.
The Korn shell is not just a command interpreter; it provides
a powerful and versatile programming language for the rapid development
of automation scripts and the capability to write globally accessible
functions. In its basic form, a Korn shell script is a series of
shell commands, strung together in an executable file. In its most
advanced form, a Korn shell script may utilize built-in shell commands
that provide support for arrays, integer arithmetic and arithmetic
conditions, advanced UNIX I/O redirectors, and functions. It is
the support for functions that allows the rapid development of scripts
that provide solutions to the tasks of routine UNIX systems administration.
Defining Global Functions
Korn shell functions, known as procedures or subroutines in other
programming languages, allow for the organization of related shell
commands by name. By organizing shell commands into functions, long
shell scripts are easier to read and follow, and thus maintain.
More importantly, functions provide a mechanism allowing shell scripts
to be quickly developed, because Korn shell functions can be made
available for use by other Korn shell scripts.
Korn shell functions are normally defined within the script from
which they are called. However, in order for them to be made available
to other Korn shell scripts (i.e., made global), they must be defined
separately and saved in their own files, with only one function
per file. To define a global function in Korn shell, use the same
syntax for defining all functions. Either one of the following forms
will work:
function function_name {
shell commands...
Or the Bourne shell form:
function_name () {
shell commands...
I always use the first form since it is the one that I am more familiar
with and seems to be the predominantly used one.
A global function is one that returns the system date and time
in a format that is suitable for timestamps in log files:
function get_time {
TIME=$(date '+%m/%d/%y-%H:%M:%S')
printf "$TIME\n"
To make the get_time function global and invokable from Korn
shell scripts, create a special directory (e.g., ksh_functions)
in a system-wide accessible directory (e.g., /usr/local). Save
the get_time function in that directory, using the function
name as the filename. I prefer to use the /usr/local/ksh_functions
directory as the global Korn shell function directory:
[rainer@fostercity]/usr/local/ksh_functions>ls -l
total 2
-rw-r--r-- 1 rainer gurus 93 Nov 28 10:00 get_time
Add the Korn shell built-in variable FPATH=/usr/local/ksh_functions
and autoload get_time to your .kshrc file, or to the
file you have defined as the environmental file for your login shell.
If you have not previously done so, adding export ENV=~/.kshrc
to your .profile initialize file will set your environmental
file to .kshrc:
[oksana@fostercity]/export/home/oksana>more .kshrc
export FPATH=/usr/local/ksh_functions
autoload get_time
The use of the built-in variable FPATH is similar to that of
the PATH environment variable. FPATH contains the list
of directories that have function definitions, and is used by the
autoload function_name command to locate functions. The autoload
command not only instructs the shell to load the function only when
invoked, but also enables us to store functions in locations other
than in our local .profile or .kshrc files, providing
the entire framework for creation of global functions. Actually, the
autoload command is an alias for the typeset -fu command
and can be used instead. I prefer to use the autoload command
because it is easier to remember.
To use get_time from a script, simply invoke the function
name from a shell script:
[oksana@fostercity]/export/home/oksana/scripts>more test_time1
You can even assign a variable to hold the results from get_time:
[oksana@fostercity]/export/home/oksana/scripts>more test_time2
Securing Global Functions
You may have noticed that in the get_time function I did not
specify the path for the system commands date and printf.
This is because the PATH environment variable is set explicitly, from
the shell scripts test_time1 and test_time2, to include
the standard system command directories /usr/bin and /usr/ucb.
This is my preferred method for writing functions and scripts. If
you view this as a security concern, simply include the full path
for system commands in all functions and set the PATH to null
(PATH="") in your shell scripts.
For added security, create a special group, such as kshteam,
and add supplementary group membership to users who want to create
and access global functions in the ksh_functions directory:
[rainer@fostercity]/usr/local/ksh_functions>groups rainer
gurus kshteam
Then, assign the user bin as the owner, with group name kshteam,
to the ksh_functions directory with permissions of read, write,
and execute for the owner/group and no permissions for world. Next,
set the sticky bit on the ksh_functions directory to only allow
the owner of a global function to delete, rename, or modify the function:
[rainer@fostercity]/usr/local/ksh_functions>ls -la
total 6
drwxrwx--T 2 bin kshteam 512 Nov 28 12:41 .
drwxr-xr-x 40 root root 1024 Oct 22 14:50 ..
-rw-r--r-- 1 rainer gurus 93 Nov 28 14:50 get_time
This scheme will prevent unauthorized access to global functions,
as well as prevent authorized users from modifying functions that
they do not own. However, be sure to inform authorized users that
their functions must be world readable to allow other authorized users
access (unless the other authorized users all belong to the same primary
group and the appropriate permissions are set to allow group access
to the functions). Setting the global functions to world readable
is not a security concern in this scheme because the permissions on
the ksh_functions directory are set to none for world, making
the directory inaccessible by anyone other than root or members of
the kshteam group.
Managing Global Functions
There are several useful commands for managing functions. To verify
which functions are available to your shell, use the functions
command. The functions command displays a list of all defined
functions, listed in alphabetical order by function name, defined
in your login session:
function get_time
The functions command, like autoload, is yet another
Korn shell alias. The typeset -f command can be used instead.
There are a number of predefined Korn shell aliases that might be
of interest. Use the alias command to display a list of all
aliases defined for your login session:
autoload='typeset -fu'
command='command '
functions='typeset -f'
history='fc -l'
integer='typeset -i'
nohup='nohup '
r='fc -e -'
stop='kill -STOP'
suspend='kill -STOP $$'
The functions command does not just list functions available
to your current login session, but all of your shells, because the
FPATH=/usr/local/ksh_functions and the autoload get_time
statements have been added to your .kshrc environment file.
The get_time function, as well as other functions defined by
the autoload command in your .kshrc file, are available to
all subshells and Korn shell scripts run under your login.
whence is another useful built-in command. It identifies
the source of a command. When used with the -v option (verbose),
whence produces useful information as to what type of command
it is (e.g., is it a shell function, a built-in command, a reserved
shell keyword, an alias, etc.):
[oksana@fostercity]/export/home/oksana/scripts>whence -v get_time
get_time is a function
[oksana@fostercity]/export/home/oksana/scripts>whence -v whence
whence is a shell builtin
[oksana@fostercity]/export/home/oksana/scripts>whence -v function
function is a reserved shell keyword
[oksana@fostercity]/export/home/oksana/scripts>whence -v functions
functions is an exported alias for typeset -f
Use whence for clarification when there is some uncertainty
as the output of a command. Strange results are often not so strange
when you realize that the command you have been running is not the
command you thought you were running. A good example of this is the
pwd command, which is also a built-in shell command, and takes
precedence over /usr/bin/pwd when typed without the full path.
This conundrum becomes apparent when you cd to a directory
via a symbolic link, and find yourself wondering where you really
[oksana@fostercity]/export/home/oksana/scripts>cd /usr/pub \
This occurs because pwd is a built-in shell command that displays
the contents of the present working directory set by the cd
command and stored in the PWD shell environment variable. PWD stores
the relative path, while /usr/bin/pwd displays the absolute
path name of the current working directory.
Practical Global Functions
The get_time function was a simple example of a function,
made global, that may be useful for incorporation into other Korn
shell scripts. However, it is hardly worth the effort to make get_time
global just to save 3-4 lines of future typing. A more useful global
function would be one to send out email alerts (see Listing 1):
The first thing you might notice that is different with this function,
than with the previous get_time function, is that it contains
a documentation header. When writing functions for system-wide usage,
it is helpful to include a small description of the function that
describes (at a minimum) what the function does and its usage. Develop
a standard documentation header and stick to it. As the system-wide
function library grows, you will be glad to see the documentation
header there when you want to use someone else's function or
need to use one of your older functions.
To make the send_email function globally available and
invokable from Korn shell scripts, save the send_email function
to our system-wide accessible /usr/local/ksh_functions directory
and add the autoload send_email command to your .kshrc
[rainer@fostercity]/usr/local/ksh_functions>ls -l
total 4
-rw-r--r-- 1 rainer gurus 93 Nov 28 10:00 get_time
-rw-r--r-- 1 rainer gurus 290 Nov 28 10:05 send_email
[oksana@fostercity]/export/home/oksana>more .kshrc
export FPATH=/usr/local/ksh_functions
autoload get_time
autoload send_email
To use the send_email function from a script, simply assign
values to the variables EMAIL_LIST, EMAIL_SUBJECT, and
EMAIL_MESSAGE, then invoke the function name from a script:
[oksana@fostercity]/export/home/oksana/scripts>more test_email
EMAIL_LIST="[email protected] [email protected]"
EMAIL_MESSAGE="This was only a test.."
Notice that you can pass the value of variables to functions. In the
test_email script, we are passing a space-separated list of
the users to whom we want to send email using the EMAIL_LIST
variable, and the subject of the email message with the EMAIL_SUBJECT
variable, and the email message itself with the EMAIL_MESSAGE
variable. This little bit of magic works because functions do not
run in separate subshells, as scripts normally do (the exception is
if you invoke a script with the "." command). Utilizing
functions in this manner allows you to use functions within your scripts
as if they were present locally!
Another useful function is one to read a configuration file (see
Listing 2. When developing complex scripts, I find it useful to
be able to change the values of variables from a configuration file,
rather than hardcoding the values within the script itself. This
not only eases script maintenance, but also allows for user-adjustable
settings. Since the configuration file is a text file, you can make
appropriate comments to assist the individuals who may be responsible
for managing the process that your script performs.
Listing 3 contains a configuration file that could be used with
the read_config function. To make the read_config
function globally available and invokable from Korn shell scripts,
save it to our system-wide accessible /usr/local/ksh_functions
directory and add autoload read_config to your .kshrc
file. Then to use it from a shell script, simply invoke the function
name from a script:
[oksana@fostercity]/export/home/oksana/scripts>more test_read_cfg
printf "Email list: $EMAIL_LIST\n"
printf "Log file: $LOG_FILE\n"
printf "Debugging is: $DEBUG\n"
Notice how the values of the variables DEBUG, LOG_FILE,
and EMAIL_LIST are magically available to the test_read_cfg
script. This is accomplished by exporting the variables found in the
configuration file to the current shell for use. I use the read_config
function for all of my shell scripts that require regular updates
or are maintained by someone else. For example, to add someone to
the email list, just edit the test_read_cfg.conf file with
your favorite text editor and then append an additional email address
to the EMAIL_LIST variable. Someone with no Korn shell scripting
experience can do this, since the configuration file is easily readable
and in plain text.
The Korn shell provides a powerful and versatile programming language
and is my scripting language of choice for automating routine UNIX
systems administration tasks. The Korn shell function facility not
only provides the mechanism for allowing shell scripts to be quickly
developed, but it promotes the sharing of code through the use of
global functions. There is no point in reinventing the wheel every
time a new script has to be developed. With some proper management,
the use of global Korn shell functions can become an invaluable
tool for everyone on a system, not just the systems administrator.
Learning the Korn Shell, Bill Rosenblatt, O'Reilly
and Associates, Inc., 1993
Rainer Raab is a senior UNIX Systems Administrator, consulting
for Wells Fargo Bank in San Francisco, California. When not scripting,
he spends as much time as possible with his lovely wife, Oksana.
He can be contacted at: [email protected].