Why shouldn’t someone use passwords in the command line?

Why do people fear writing passwords in the command line?

The history file is located in ~/.history, so it’s available only to the user who executed the commands (and root).

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Command lines are not just available in history. They are also available, for example, in the output of ps -ocmd or through the /proc filesystem. (/proc/<pid>/cmdline) which is where ps reads them.

Also, users’ home directories are often world- or group- readable; you can make the history file only user-readable, but that might not survive deletion and recreation.

Method 2

Passwords on the command line are just a bad idea all the way around. In addition to the methods discussed in the other answers:

  • /proc
  • process list (ps)
  • user’s history file

User commands can show up in these locations as well:

  • audit logs
  • /var/log/*

In addition user’s commands can also show up when users login between systems, so in general it’s a bad practice and should be avoided at all times.

Method 3

The problem is the visibility of the parameters (to other users in most cases, even for root) while the command is running. See the output of

ps -eo pid,user,args


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments