Re: Trivial script will NOT execute

[Greg Wooledge <wooledg@eeg.ccf.org>]

On Sat, Nov 05, 2016 at 10:42:46AM -0500, David Wright wrote:
> The current working directory is included here three times???at the
> beginning, middle and end.
> 
> :/usr/bin::/bin:.

Including the current directory in one's PATH (either by using "."
explicitly, or by using an empty string) is considered a bad practice.
It opens you up to certain exploits by malicious users.

The classic example is that a malicious user puts a program named "sl"
in the /tmp directory, and waits for someone (preferably root) to
change directory to /tmp and then mistype "ls" as "sl".  This runs the
malicious user's program with the other user's privileges.

Thus, it's strongly recommended that you do *not* put the current
working directory into PATH.  If you need to execute a program in
the current directory, you can invoke it with a leading ./

./myscript

This bypasses the PATH lookup (because the command name contains a
slash character).  The leading "." is simply a directory name, not
anything magic to the shell.

> One other point. I see you use spaces in your filenames. Regardless of
> this, you should quote your strings in such as FILENAME=$F$N$E

In a simple assignment like that, you don't need to quote.  Word
splitting and pathname expansion are not performed, for legacy
reasons.  However, quoting doesn't hurt.

http://mywiki.wooledge.org/Quotes