Bash – Practical usage of `set -k` option in bash

bashshell

When do we use set -k option in bash?

All arguments in the form of assignment statements are placed in the environment for a command, not just those that precede the command name.

I understand what the option does, but could not imagine when we need it.

Best Answer

You can basically use it anytime you want to "inject" the environment variables passed into a shell script (as arguments) as if they were set within the environment via export, but without having to have them permanently reside in export's list prior to running commands.

NOTE: There's also the long form of the -k switch, set -o keyword.

Example

$ cat cmd1.bash 
#!/bin/bash

echo $VARCMD

Now if I set -k:

$ set -k; ./cmd1.bash VARCMD="hi"; set +k
hi

But if I just were to run the above script:

$ ./cmd1.bash 

$

What's export doing?

$ help export
...
Marks each NAME for automatic export to the environment of subsequently
executed commands.  If VALUE is supplied, assign VALUE before exporting.
...

So if we were to add export | grep VAR to our script like so:

$ cat cmd2.bash 
#!/bin/bash

echo $VARCMD
export | grep VAR

And we ran our above tests again:

$ set -k; ./cmd2.bash VARCMD="hi"; set +k
hi
declare -x VARCMD="hi"

But without set -k:

$ ./cmd2.bash 

$

So set -k is allowing us to temporarily export variables in mass.

Another example

$ cat cmd3.bash 
#!/bin/bash

echo $VARCMD1
echo $VARCMD2
export | grep VAR

When we set multiple variables they're all exported:

$ set -k; ./cmd3.bash VARCMD1="hi" VARCMD2="bye"; set +k
hi
bye
declare -x VARCMD1="hi"
declare -x VARCMD2="bye"

So then it's just injecting all the environment variables?

No -k is doing a very explicit thing here. It's only exporting variables that were included on the command line when a command was executed.

Example

Say I set this variable:

$ VARCMD1="hi"

Now when we run the same command omitting VARCMD1="hi":

$  set -k; ./cmd3.bash VARCMD2="bye"; set +k

bye
declare -x VARCMD2="bye"

But why does this exist?

I found this source which explains a bit about this feature, titled: "Keyword Parameter Assignment Strings". NOTE: The source URL uses an IP address so I cannot link to it directly here on SE.

http://140.120.7.21/OpenSystem2/SoftwareTools/node16.html

When programming in any language, the variable and its value passing is critical for writing reliable code. Beside the integer and array variable types, all other shell variables accept strings as their values. When talking about shell programming language, to be consistent, we prefer the phrase "keyword parameter". Here are a few points to watch out when assigning values to keyword parameters:

To avoid any unexpected effect, always place parameter assignment substring in front of a command string.

In the B shell, the assigned values of keyword parameters will get stored in (local) shell variables. In bash and ksh, the keyword parameter assignment strings preceding command will not be stored in the shell variables. They only affect the immediate subprocess forked to execute the current command. A line of keyword parameters assignment strings alone does get stored in the (local) shell variables. Keyword parameter assignment strings may also appear as arguments to the alias, declare, typeset, export, readonly, and local builtin commands. [Section 3.4 of Bash Reference Manual]

The keyword parameter assignment strings will be treated as arguments for the command to be executed, if they are placed after the command name.

The keyword parameters may be manipulated by the set command.

`man find`

-exec command ;

Execute command; true if 0 status is returned. All following arguments to find are taken to be arguments to the command until an argument consisting of ; is encountered. The string {} is replaced by the current file name being processed everywhere it occurs in the arguments to the command, not just in arguments where it is alone, as in some versions of find. Both of these constructions might need to be escaped (with a \) or quoted to protect them from expansion by the shell. See the EXAMPLES section for examples of the use of the -exec option. The specified command is run once for each matched file. The command is executed in the starting directory. There are unavoidable security problems surrounding use of the -exec action; you should use the -execdir option instead.

-exec command {} +

This variant of the -exec action runs the specified command on the selected files, but the command line is built by appending each selected file name at the end; the total number of invocations of the command will be much less than the number of matched files. The command line is built in much the same way that xargs builds its command lines. Only one instance of {} is allowed within the command. The command is executed in the starting directory. If find encounters an error, this can sometimes cause an immediate exit, so some pending commands may not be run at all. This variant of -exec always returns true.

-execdir command ;

-execdir command {} +

Like -exec, but the specified command is run from the subdirectory containing the matched file, which is not normally the directory in which you started find. This a much more secure method for invoking commands, as it avoids race conditions during resolution of the paths to the matched files. As with the -exec action, the + form of -execdir will build a command line to process more than one matched file, but any given invocation of command will only list files that exist in the same subdirectory. If you use this option, you must ensure that your $PATH environment variable does not reference .; otherwise, an attacker can run any commands they like by leaving an appropriately-named file in a directory in which you will run -execdir. The same applies to having entries in $PATH which are empty or which are not absolute directory names. If find encounters an error, this can sometimes cause an immediate exit, so some pending commands may not be run at all. The result of the action depends on whether the + or the ; variant is being used; -execdir command {} + always returns true, while -execdir command {} ; returns true only if command returns 0.

`man xargs`

-I replace-str

Replace occurrences of replace-str in the initial-arguments with names read from standard input. Also, unquoted blanks do not terminate input items; instead the separator is the newline character. Implies -x and -L 1.

-i[replace-str], --replace[=replace-str]

This option is a synonym for -Ireplace-str if replace-str is specified. If the replace-str argument is missing, the effect is the same as -I{}. This option is deprecated; use -I instead.

Edit: and here WHY bash ignores those curly braces:

`man bash`

{ list; }

list is simply executed in the current shell environment. list must be terminated with a newline or semicolon. This is known as a group command. The return status is the exit status of list. Note that unlike the metacharacters ( and ), { and } are reserved words and must occur where a reserved word is permitted to be recognized. Since they do not cause a word break, they must be separated from list by whitespace or another shell metacharacter.

For emphasis: list must be terminated with a newline or semicolon.

Best Answer

Example

What's export doing?

Another example

So then it's just injecting all the environment variables?

Example

But why does this exist?

Related Solutions

When is `_` an Environment Variable in Bash Shell?

Bash – Usage of enclosing braces {} as arguments to commands and their options

man find

-exec command ;

-exec command {} +

-execdir command ;

-execdir command {} +

man xargs

-I replace-str

-i[replace-str], --replace[=replace-str]

man bash

{ list; }

Related Question

`man find`

`-exec` command `;`

`-exec` command `{}` `+`

`-execdir` command `;`

`-execdir` command `{}` `+`

`man xargs`

`-I` replace-str

`-i`[replace-str], `--replace`[`=`replace-str]

`man bash`

`{` list`;` `}`