Screen shot of a terminal showing various Bash commands and resulting output.

This article catalogs comparable aspects of notable operating system shells.

General characteristics

ShellUsual environmentUsually invokedIntroducedPlatform-independentDefault login shell inDefault script shell inLicenseSource code availabilityUser interfaceMouse supportUnicode supportISO 8601 supportConsole redirectionStream redirectionConfigurabilityStartup/shutdown scriptsBatch scriptsLoggingAvailable as statically linked, independent single file executable
Thompson shellUNIXsh1971—N/aUNIXUNIX—N/aYesText-based CLINoNo—N/aYes—N/a—N/a—N/a—N/a—N/a—N/a
Bourne shell 1977 version7th Ed. UNIXsh1977Yes7th Ed. UNIX7th Ed. UNIX,ProprietaryYesText-based CLINoNo—N/aYesYes (arbitrary fds[citation needed])Yes (via variables and options)Yes (.profile)Yes (Unix feature)NoYes
Bourne shell current versionVarious UNIXsh1977YesSunOS-5.x, FreeBSDSunOS-5.xCDDL[better source needed]YesText-based CLINoYes[better source needed]—N/aYesYes (arbitrary fds[citation needed])Yes (via variables and options)Yes (.profile)Yes (Unix feature)YesYes
POSIX shellPOSIXsh1992—N/a—N/aPOSIX—N/a—N/aText-based CLINoYes if used by configured locale—N/aYesYes (arbitrary fds[citation needed])Yes (via variables and options)Unspecified (.profile given as an example)Yes (Unix feature)Yes—N/a
bash (v4)POSIXbash, sh1989YesGNU, Linux (default for root), macOS 10.3–10.14GNU, Linux, Haiku, macOS 10.3–10.14GPLYesText-based CLINoYes[better source needed]Yes (printf builtin)YesYes (arbitrary fds[citation needed])Yes (via variables and options)Yes (/etc/profile, .bash_profile, .bash_login, .profile, .bashrc)Yes (Unix feature)YesYes
cshPOSIXcsh1978YesSunOS?BSDYesText-based CLINoNo?YesYes (stdin, stdout, stdout+stderr)Yes (via variables and options)Yes (~/.cshrc, ~/.login, ~/.logout)Yes (Unix feature)YesYes
tcshPOSIXtcsh, csh1983YesFreeBSD (former default for root), formerly Mac OS X?BSDYesText-based CLINoYes?YesYes (stdin, stdout, stdout+stderr)Yes (via variables and options)Yes (/etc/csh.cshrc, /etc/csh.login, ~/.tcshrc, ~/.cshrc, ~/.history, ~/.login, ~/.cshdirs)Yes (Unix feature)YesYes
Hamilton C shellWin32, OS/2csh1988Yes (OS/2 version no longer maintained)OptionalOptionalProprietaryNoText-based CLINoNoYes (-t timestamp operator)YesYes (stdin, stdout, stdout+stderr)Yes (via variables and options)Yes (via login.csh, startup.csh and logout.csh)Yes (command line option)YesYes
ScshPOSIXscsh1994Yes??BSD-styleYes?????Yes????Yes
ksh (ksh93t+)POSIXksh1983YesAIX, HP-UXOpenSolarisCommon Public LicenseYesText-based CLINoYesYes (printf builtin with %(%F)T)YesYes (fds up to 9)Yes (via variables and options)Yes (system and user's profile and kshrc)Yes (Unix feature)YesYes
pdkshPOSIXksh, sh1989?YesOpenBSDOpenBSDPublic domainYesText-based CLINoNo—N/aYesYes (arbitrary fds[citation needed])Yes (via variables and options)Yes (/etc/profile, .profile)Yes (Unix feature)YesYes
zshPOSIXzsh1990YesDeepin, GoboLinux, Grml, macOS 10.15+, Kali 2020.4+Grml, macOS 10.15+MIT-styleYesText-based CLIYes via additional codeYesYes (various internal features involving the date, by using the %F strftime format and the -i option for the fc builtin)YesYes (fds up to 9)Yes (via variables, options, functions, styles, etc.)Yes (system and user's zshenv, zprofile, zshrc, zlogin, zlogout)Yes (Unix feature)YesYes
ashPOSIXsh1989YesMinix, BusyBox based systemsNetBSD, Minix, BusyBox based systemsBSD-styleYesText-based CLINoPartial (for BusyBox, supported in command-line editing, but not in string handling)—N/aYesYes (arbitrary fds[citation needed])Yes (via variables and options)Yes (/etc/profile, .profile)Yes (Unix feature)YesYes
CCPCP/M, MP/M(CCP)1976 (1974)NoCP/M (no login), MP/MCP/M, MP/MFreeware (originally proprietary)Yes (originally closed-source)Text-based CLINoNoNoNoNoNoYes (automatic via $$$.SUB)Partial (only via external SUBMIT command to update $$$.SUB)NoYes
COMMAND.COMDOSCOMMAND1980No (3rd party implementations, not bound to a specific DOS vendor or version, available)DOS, Windows 95, 98, SE, MEDOS, Windows 95, 98, SE, MEvendor specific, f.e. MS-EULA, or BSD/GPL (free clones)No (except for OpenDOS, DR-DOS, PTS/DOS and FreeDOS)Text-based CLINoNoNo (except for DR-DOS)Yes (via COMMAND con: or CTTY con:)Yes (stdin, stdout)Yes (via startup parameters and environment variables, DR-DOS also supports DIR /C /R user-default switch command)Yes (automatic \AUTOEXEC.BAT for primary shell, or explicitly via /P, /P:filename.bat or /K startup options)Yes (via CALL command or /C and /K startup options)NoYes
OS/2 CMD.EXEOS/2, eComStation, ArcaOSCMD1987NoOS/2, eComStation, ArcaOSOS/2, eComStation, ArcaOSIBM-EULANoText-based CLINoNoNoNoYes (stdin, stdout, stderr)?Partial (only via /K startup option)Yes (via CALL command or /C and /K startup options)NoYes
Windows CMD.EXEWin32CMD1993NoWindows NT, 2000, XP, Server 2003, VistaWindows NT, 2000, XP, Server 2003, VistaMS-EULANoText-based CLINoPartial (CHCP 65001 for UTF-8, but program arguments are still encoded in local codepage)NoNoYesYes (via registry, startup parameters, and environment variables)Yes (automatic via registry, or explicitly via /K startup option)Yes (via CALL command or /C and /K startup options)NoYes
4DOS, NDOSDOS, Windows 95, 98, SE, ME4DOS, NDOS1989 (1986)No (not bound to a specific OS vendor or version)OptionalOptionalMIT License, with restrictionsYesText-based CLI with TUI extensionsYes (popups, help system, %_MOUSE internal variable, INKEY /M command)NoYesYes (via CTTY con:, except for DRAWBOX, DRAWLINE, DRAWVLINE, LIST, SCREEN, SCRPUT, SELECT, VSCRPUT commands and file / directory coloring)Yes (stdin, stdout, stderr, stdout+stderr)Yes (via 4DOS.INI/NDOS.INI file, startup parameters, environment variables, SETDOS command)Yes (automatic \AUTOEXEC.BAT for primary shell and 4START.BTM/4START.BAT as well as 4EXIT.BTM/4EXIT.BAT for any shell, or explicitly via /P, /P:dir\filename.ext or /K startup options)Yes (via CALL command or /C and /K startup options)YesYes
4OS2OS/2, eComStation, ArcaOS4OS21992No (not bound to specific OS/2 versions)Optional (but bundled with ArcaOS)OptionalFreewareYesText-based CLINoNoNoNoYes (stdin, stdout, stderr, stdout+stderr)Yes (via 4OS2.INI file, startup parameters, environment variables, SETDOS command)Yes (automatic via 4START.CMD/4START.BTM as well as 4EXIT.CMD/4EXIT.BTM files, or explicitly via /K startup.cmd option)Yes (via CALL command or /C and /K startup options)Yes?
TCC (formerly 4NT)Win32TCC1993No (not bound to specific NT versions)optionaloptionalSharewareNoText-based CLI (Take Command: GUI)Yes (console mouse, popups, help system, %_XMOUSE, %_YMOUSE internal variables, INKEY /M command)YesYesNoYes (stdin, stdout, stderr, stdout+stderr)Yes (via registry, TCMD.INI/4NT.INI file, startup parameters, environment variables, SETDOS command)Yes (automatic via registry and TCSTART/4START as well as TCEXIT/4EXIT, or explicitly via /K startup option)Yes (via CALL command or /C and /K startup options)YesNo
VMS DCLOpenVMSAutomatically for login/interactive process1977?YesVMSVMSProprietary, bundled in VMSby special license onlyText-based CLIwith DECwindows/MotifYesYes, at least to 1988 standardYesYes (sys$input, sys$output assignment)Yes (via symbols, logical names, and options)Yes (SYS$MANAGER:SYLOGIN.COM and user defined LOGIN.COM)YesYesNo
PowerShell.NET, .NET FrameworkPowerShell2006YesWindows 10, 8, Server 2008, 7Windows 10, 8, Server 2008, 7MIT-styleYesGraphical CLIYesYesYesYesYesYes (via variables and options)Yes (%USERPROFILE%\Documents \WindowsPowerShell\Microsoft.PowerShell_profile.ps1)Yes (PowerShell feature)YesNo
rcPlan 9, POSIXrc1989YesPlan 9, Version 10 UnixPlan 9, Version 10 UnixMIT LicenseYesText-based CLI?YesYes?YesYes (via options)Yes ($HOME/.rcrc)Yes?Yes
BeanShellJava?2005Yes??LGPL???Yes??Yes????No
fishPOSIXfish2005YesGhostBSD?GPLYesText-based CLI?Yes??Yes (arbitrary fds[citation needed])Yes (through environment variables and via web interface through fish_config)Yes (/etc/fish/config.fish and ~/.config/fish/config.fish)Yes (Unix feature)Yes (~/.config/fish/fish_history*)?
IonRedox, Linuxion2015YesRedoxRedoxMITYesText-based CLI?YesYes?Yes (arbitrary fds[citation needed])Yes (follows the XDG Base Directory spec)Yes (~/.config/ion/initrc)YesYes (~/.local/share/ion/history)Partial (not distributed as a standalone executable, but it can be built as one)

Interactive features

ShellCommand name completionPath completionCommand argument completionWildcard completionCommand historyMandatory argument promptAutomatic suggestionsColored directory listingsText highlightingSyntax highlightingDirectory history, stack or similar featuresImplicit directory changeAuto­correctionIntegrated environmentSnippetsValue promptMenu/options promptProgress indicatorContext sensitive help
Thompson shellNoNoNoNoNoNoNo??NoNoNoNoNoNoNoNoNoNo
Bourne shell 1977 versionNoNoNoNoNoNoNo??NoNoNoNoNoNoYesNoExternalNo
Bourne shell current versionNoYesNoNoYesNoNoYesYesNoYes (CDPATH, pushd, popd, dirs), CDPATH since SVr4NoNoNoNoYesNoExternalNo
POSIX shellNoNoNoNoYesNoNoYesYesNoYes (CDPATH)NoNoNoNoYesNoExternalNo
bash (v4.0)YesYesYesYesYesNoNoYesYesNoYes (CDPATH, pushd, popd)optionalNoNoNoYesYesExternalNo
cshYesYesNoNoYesNoNoYesYesNoYes (cdpath, pushd, popd)optionalNoNoNoYesNoExternalNo
tcshYesYeswhen definedNoYesNoNoYesYesNoYes (cdpath, pushd, popd)optionalYesNoNoYesNoExternalNo
Hamilton C shellYesYesNoYesYesNoNoYesYesNoYes (cdpath, pushd, popd)NoNoNoNoYesNoExternalNo
ScshNoNoNoNoNoNoNo??NoNoNoNoNoNoYesNoExternalNo
ksh (ksh93t+)Yes (extendable)Yes (extendable)NoNoYesNoNoYesYesNoYes (cdpath builtin, pushd, popd implemented as functions)NoNoNoNoYesYesExternalNo
pdkshYesYesNoNoYesNoNoYesYesNoNoNoNoNoNoYesYesExternalNo
zshYesYesYesYesYesYesYes (via predict-on or user-defined)YesYesThird-party extensionYesoptionalYesNowhen defined (as ZLE widgets)YesYesExternalYes
ashNoNoNoNoYesNoNoYesYesNoNoNoNoNoNoYesYesExternalNo
CCPNoNoNoNoNoNoNoNoNoNoNoNoNoNoNoNoNoNoNo
COMMAND.COMNoNoNoNoNoNoNoNoNo (only in DR-DOS through %$ON%, %$OFF%, %$HEADER%, %$FOOTER%)NoNoNoNoNo (only single-stepping with COMMAND /Y)NoNoNo (only via external CHOICE command, in DR-DOS also via SWITCH / DRSWITCH internal commands)NoNo
OS/2 CMD.EXEYesYesNoNoYesNoNoNoNoNoNoNoNoNoNoNoNoNoNo
Windows CMD.EXEpartialpartialNoNoYes (F8)NoNoNoNoNoYes (PUSHD, POPD)NoNoNoNoYes (via SET /P command)NoNoNo
4DOSYesYesYesYesYesNoNoYesNoNo(via popup, extended directory searches, CDPATH, PUSHD, POPD, DIRHISTORY, DIRS, CDD, CD - commands and %@DIRSTACK[] function)YesNoYesNoYes (via INPUT, INKEY and ESET commands)Yes (via @SELECT[] function, and indirectly via a combination of INKEY, INPUT, SWITCH commands)NoYes
4OS2????YesNoNoYesNoNoYesYesNo?No??NoYes
TCC (formerly 4NT)YesYesYesYesYesNoNoYesNoYes(via popup, extended directory searches, CDPATH, PUSHD, POPD, DIRHISTORY, DIRS, CDD, CD - commands and %@DIRSTACK[] function)YesNoYesNoYes (via INPUT, INKEY, ESET and SET /P commands)Yes (via @SELECT[] function, and indirectly via a combination of INKEY, INPUT, SWITCH commands)NoYes
PowerShellYesYesYesYesYes (F8)YesYes; via PSReadLine module (bundled in v5.0) or in ISEThird-party extensionYesYes; via PSReadLine module (bundled in v5.0) or in ISEYes (multiple stacks; multiple location types; Push-Location, Pop-Location)Yes, in PSReadLine moduleYes, in ISEYes, in ISEYesYesYesYes, in ISEpopup window
rcYesYesNoNoYesNoNoNo?NoNoNoNoNoNo?NoNoNo
BeanShellYesYesNoNoNoNoNo??NoNoNoNoNoNoNoNoNoNo
VMS DCLMinimum uniqueness schemeNoNoNoYesYesNo??NoNoNoNoNoNoYesNoNoNo
fishYesYesYesYesYesNoYesYesYes (built-in helper available)YesYesYesYesYesYes, using abbr commandYes(via fish_config command)NoNo

Background execution

Background execution allows a shell to run a command without user interaction in the terminal, freeing the command line for additional work with the shell. POSIX shells and other Unix shells allow background execution by using the & character at the end of command.

Completions

Command-line completion in Bash.

Completion features assist the user in typing commands at the command line, by looking for and suggesting matching words for incomplete ones. Completion is generally requested by pressing the completion key (often the Tab ↹ key).

Command name completion is the completion of the name of a command. In most shells, a command can be a program in the command path (usually $PATH), a builtin command, a function or alias.

Path completion is the completion of the path to a file, relative or absolute.

Wildcard completion is a generalization of path completion, where an expression matches any number of files, using any supported syntax for file matching.

Variable completion is the completion of the name of a variable name (environment variable or shell variable). Bash, zsh, and fish have completion for all variable names. PowerShell has completions for environment variable names, shell variable names and — from within user-defined functions — parameter names.

Command argument completion is the completion of a specific command's arguments. There are two types of arguments, named and positional: Named arguments, often called options, are identified by their name or letter preceding a value, whereas positional arguments consist only of the value. Some shells allow completion of argument names, but few support completing values.

Bash, zsh and fish offer parameter name completion through a definition external to the command, distributed in a separate completion definition file. For command parameter name/value completions, these shells assume path/filename completion if no completion is defined for the command. Completion can be set up to dynamically suggest completions by calling a shell function. The fish shell additionally supports parsing of man pages to extract parameter information that can be used to improve completions/suggestions. In PowerShell, all types of commands (cmdlets, functions, script files) inherently expose data about the names, types and valid value ranges/lists for each argument. This metadata is used by PowerShell to automatically support argument name and value completion for built-in commands/functions, user-defined commands/functions as well as for script files. Individual cmdlets can also define dynamic completion of argument values where the completion values are computed dynamically on the running system.

Command history

Users of a shell may find themselves typing something similar to what they have typed before. Support for command history means that a user can recall a previous command into the command-line editor and edit it before issuing the potentially modified command.

Shells that support completion may also be able to directly complete the command from the command history given a partial/initial part of the previous command.

Most modern shells support command history. Shells which support command history in general also support completion from history rather than just recalling commands from the history. In addition to the plain command text, PowerShell also records execution start- and end time and execution status in the command history.

Mandatory argument prompt

Mandatory arguments/parameters are arguments/parameters which must be assigned a value upon invocation of the command, function or script file. A shell that can determine ahead of invocation that there are missing mandatory values, can assist the interactive user by prompting for those values instead of letting the command fail. Having the shell prompt for missing values will allow the author of a script, command or function to mark a parameter as mandatory instead of creating script code to either prompt for the missing values (after determining that it is being run interactively) or fail with a message.

Automatic suggestions

Command-line completion in PowerShell.

Shells featuring automatic suggestions display optional command-line completions as the user types. The PowerShell and fish shells natively support this feature; pressing the Tab ↹ key inserts the completion.

Implementations of this feature can differ between shells; for example, PowerShell and zsh use an external module to provide completions, and fish derives its completions from the user's command history.

Directory history, stack or similar features

Shells may record a history of directories the user has been in and allow for fast switching to any recorded location. This is referred to as a "directory stack". The concept had been realized as early as 1978 in the release of the C shell (csh).

Command line interpreters 4DOS and its graphical successor Take Command Console also feature a directory stack.

Implicit directory change

A directory name can be used directly as a command which implicitly changes the current location to the directory.

This must be distinguished from an unrelated load drive feature supported by Concurrent DOS, Multiuser DOS, System Manager and REAL/32, where the drive letter L: will be implicitly updated to point to the load path of a loaded application, thereby allowing applications to refer to files residing in their load directory under a standardized drive letter instead of under an absolute path.

Autocorrection

Zsh autocompletion and autocorrection demo for a telnet program.

When a command line does not match a command or arguments directly, spell checking can automatically correct common typing mistakes (such as case sensitivity, missing letters). There are two approaches to this; the shell can either suggest probable corrections upon command invocation, or this can happen earlier as part of a completion or autosuggestion.

The tcsh and zsh shells feature optional spell checking/correction, upon command invocation.

Fish does the autocorrection upon completion and autosuggestion. The feature is therefore not in the way when typing out the whole command and pressing enter, whereas extensive use of the tab and right-arrow keys makes the shell mostly case insensitive.

The PSReadLine PowerShell module (which is shipped with version 5.0) provides the option to specify a CommandValidationHandler ScriptBlock which runs before submitting the command. This allows for custom correcting of commonly mistyped commands, and verification before actually running the command.

Progress indicator

A shell script (or job) can report progress of long running tasks to the interactive user.

Unix/Linux systems may offer other tools support using progress indicators from scripts or as standalone-commands, such as the program "pv". These are not integrated features of the shells, however.

Colored directory listings

JP Software command-line processors provide user-configurable colorization of file and directory names in directory listings based on their file extension and/or attributes through an optionally defined %COLORDIR% environment variable.

For the Unix/Linux shells, this is a feature of the ls command and the terminal.

Text highlighting

The command line processors in DOS Plus, Multiuser DOS, REAL/32 and in all versions of DR-DOS support a number of optional environment variables to define escape sequences allowing to control text highlighting, reversion or colorization for display or print purposes in commands like TYPE. All mentioned command line processors support %$ON% and %$OFF%. If defined, these sequences will be emitted before and after filenames. A typical sequence for %$ON% would be \033[1m in conjunction with ANSI.SYS, \033p for an ASCII terminal or \016 for an IBM or ESC/P printer. Likewise, typical sequences for %$OFF% would be \033[0m, \033q, \024, respectively. The variables %$HEADER% and %$FOOTER% are only supported by COMMAND.COM in DR-DOS 7.02 and higher to define sequences emitted before and after text blocks in order to control text highlighting, pagination or other formatting options.

For the Unix/Linux shells, this is a feature of the terminal.

Syntax highlighting

A defining feature of the fish shell is built-in syntax highlighting, As the user types, text is colored to represent whether the input is a valid command or not (the executable exists and the user has permissions to run it), and valid file paths are underlined.

An independent project offers syntax highlighting as an add-on to the Z Shell (zsh). This is not part of the shell, however.

PowerShell provides customizable syntax highlighting on the command line through the PSReadLine module. This module can be used with PowerShell v3.0+, and is bundled with v5.0 onwards. It is loaded by default in the command line host "powershell.exe" since v5.0.

Take Command Console (TCC) offers syntax highlighting in the integrated environment.

Context sensitive help

4DOS, 4OS2, 4NT / Take Command Console and PowerShell (in PowerShell ISE) looks up context-sensitive help information when F1 is pressed.

Zsh provides various forms of configurable context-sensitive help as part of its run-help widget, _complete_help command, or in the completion of options for some commands.

The fish shell provides brief descriptions of a command's flags during tab completion.

Programming features

ShellFunctionsException handlingSearch & replace on variable substi­tutionsArithmeticFloating pointMath function libraryLinear arrays or listsAssoc­iative arraysLambda functionseval functionPseudo­random number generationBytecode
Bourne shell 1977 versionNoYes (via trap)NoNoNoNoNoNoNoYesNoNo
Bourne shell current versionYes since SVR2Yes (via trap)NoYesNoNoNoNoNoYesNoNo
POSIX shellYesYes (via trap)NoYesNoNoNoNoNoYesNoNo
bash (v4.0)YesYes (via trap)Yes (via ${//} syntax)YesNoNoYesYesNoYesYes ($RANDOM)No
cshNoNoYes (via $var:s/// syntax)YesNoNoYesNoNoYesNoNo
tcshNoNoYes (via $var:s/// syntax)YesNoNoYesNoNoYesNoNo
Hamilton C shellYesNoYes (via $var:s/// syntax)YesYesYesYesNoNoYesYes (random utility)No
ScshYes?Yes (via string functions and regular expressions)???Yes?YesYesYes (random-integer, random-real)Yes (compiler is Scheme48 virtual machine, via scshvm)
ksh (ksh93t+)YesYes (via trap)Yes (via ${//} syntax and builtin commands)YesYesYesYesYesNoYesYes ($RANDOM)Yes (compiler is called shcomp)
pdkshYesYes (via trap)NoYesNoNoYesNoNoYesYes ($RANDOM)No
zshYesYesYes (via ${:s//} and ${//} syntax)YesYesYes (zsh/mathfunc module)YesYesNoYesYes ($RANDOM)Yes (built-in zcompile command)
ashYesYes (via trap)NoYes (since 1992)NoNoNoNoNoYesNoNo
CCPNo?NoNo??NoNoNoNoNoNo
COMMAND.COMNoPartial (only Auto-fail (via COMMAND /F (or /N in some versions of DR-DOS))NoNoNoNoNoNoNoNoNoNo
OS/2 CMD.EXENoNoNo?NoNo?NoNoNoNoNo
Windows CMD.EXEYes (via CALL :label)NoYes (via SET %varname:expression syntax)Yes (via SET /A)NoNoYes (via SET)NoNoNoYes (%random%)No
4DOSYesYes (via ON command, optional Auto-fail via 4DOS /F)Yes (via %@Replace[...] function)Yes (via SET /A)??Yes (via ranges, include lists, @file lists and FOR command)NoNoYesYes (%@Random[...] function)Yes (via BATCOMP command)
4OS2????????NoYesYes (%@Random[...] function)?
TCC (formerly 4NT)YesYes (via ON and various ...MONITOR commands)Yes (via %@Replace[...] function)Yes (via SET /A)??Yes (via ranges, include lists, @file lists and FOR command)?NoYesYes (%@Random[...] function)Yes (via BATCOMP command)
PowerShellYesYes (Try-Catch-Finally)Yes (-replace operator)YesYes[Math] classYesYesYesYesYesYes, automatic
rcYesYesNoYes??Yes?NoYesNoNo
BeanShellYesYes?Yes??YesYesNoYesYesYes
VMS DCLYesYesNoYesNoyes, for compiled programsYesNoNoNoNoNo
fishYesYes (via trap)Yes, via string builtin commandYesYesYesYesNoNoYesYes (random)No

String processing and filename matching

ShellString processingAlternation (Brace expansion)Pattern matching (regular expressions built-in)Pattern matching (filename globbing)Globbing qualifiers (filename generation based on file attributes)Recursive globbing (generating files from any level of subdirectories)
Bourne shell 1977 version?NoNoYes (*, ?, [...])NoNo
Bourne shell recent versionPartial (prefix and suffix stripping in variable expansion)NoNoYes (*, ?, [...])NoNo
POSIX shellPartial (prefix and suffix stripping in variable expansion)NoNoYes (*, ?, [...])NoNo
bash (v4.0)Partial (prefix and suffix stripping in variable expansion)YesYesYes (*, ?, [...], {...})NoYes (**/...)
cshYes (:s and other editing operators)YesNoYesNoNo
tcshYes (:s and other editing operators)YesYesYesNoNo
Hamilton C shellYes (:s and other editing operators + substr, strlen, strindex, printf, reverse, upper, lower, concat and other builtin functions)YesNoYesNoYes (via indefinite directory "..." wildcard)
Scsh??YesYesNoNo
ksh (ksh93t+)Partial (prefix, suffix stripping and string replacement in variable expansion)YesYesYes (*, ?, [...])NoYes (with set -G, no following of symlinks)
pdksh?YesNoYesNoNo
zshYes (through variable processing: e.g. substring extraction, various transformations via parameter expansion)YesYesYes (*, ?, [...], extended globbing)YesYes (**/... or ***/... to follow symlinks)
ash??NoYesNoNo
CCPNoNoNoNoNoNo
COMMAND.COMNoNoNoYes (*, ?)NoNo
OS/2 CMD.EXENoNoNoYes (*, ?)Partial (only in DIR /A:... command)No
Windows CMD.EXEPartial (only through FOR /F and SET /A)NoNoYes (*, ?)Partial (only in DIR /A:... command)Yes (via FOR /R command, or, where available, indirectly via /S subdir option)
4DOSYes (through variable functions %@...[], extended environment variable processing, various string commands and FOR /F and SET /A)NoNoYes (*, ?, [...], extended wildcards, SELECT popup command)Yes (via /A:... attribute and /I"..." description options and /[S...] size, /[T...] time, /[D...] date, and /[!...] file exclusion ranges)Yes (via FOR /R command, or indirectly via GLOBAL command or, where available, /S subdir option)
4OS2?NoNo???
TCC (formerly 4NT)Yes (through variable functions %@...[], extended environment variable processing, various string commands and FOR /F and SET /A)NoYesYes (*, ?, [...], extended wildcards, SELECT popup command)Yes (via /A:... attribute and /I"..." description options and /[S...] size, /[T...] time, /[D...] date, /[O...] owner, and /[!...] file exclusion ranges)Yes (via FOR /R command, or indirectly via GLOBAL command or, where available, /S subdir option)
PowerShellYes (Concat/Substring/Insert/Remove/Replace, ToLower/ToUpper, Trim/TrimStart/TrimEnd, Compare, Contains/StartsWith/EndWith, Format, IndexOf/LastIndexOf, Pad/PadLeft/PadRight, Split/Join, regular expression functions and other .NET string functions)Range operator for numbersYes (full regex support)Yes (*, ?, [...])??
rc??NoYesNoNo
BeanShell??Yes???
VMS DCLYesNoNoYesNoYes (via [SUBDIR...])
fishYes (builtin string function)YesYes (via builtin string match and string replace functions)Yes (*, ?, {...})NoYes (**/...)

Inter-process communication

ShellPipesCommand substitutionProcess substitutionSubshellsTCP/UDP connections as streamsKeystroke stacking
Bourne shellbytes concurrentYesNoYesNoN/A
POSIX shellbytes concurrentYesNoYesNoN/A
bash (v4.0)bytes concurrentYesYes (if system supports /dev/fd/⟨n⟩ or named pipes)YesYes (client only)N/A
cshbytes concurrentYesNoYesNoN/A
tcshbytes concurrentYesNoYesNoN/A
Hamilton C shellbytes concurrentYesNoYesNo?
Scshtext???YesN/A
ksh (ksh93t+)bytes (may contain serialized objects if print -C is used) concurrentYes ($(...) and ${<space>...;})Yes (if system supports /dev/fd/⟨n⟩)YesYes (and SCTP support, client only)N/A
pdkshbytes concurrentYesNoYesNoN/A
zshbytes concurrentYesYesYesYes (client and server, but only TCP)N/A
ashbytes concurrentYesNoYesNoN/A
CCPNoNoNoNoNoNo
COMMAND.COMtext sequential temporary filesNoNoPartial (only under DR-DOS multitasker via COMMAND.COM /T)NoNo
OS/2 CMD.EXEtext concurrentNoNo?NoNo
Windows CMD.EXEtext concurrentYes (via FOR /F command)NoYes (Backtick: ` in FOR /F usebackq)NoNo
4DOStext sequential temporary filesYes (via FOR /F command)?Partial (via %@EXECSTR[] and %@EXEC[], or via SET /M, ESET /M and UNSET /M and %@MASTER[...])NoYes (via KEYSTACK and KSTACK)
4OS2text concurrent???NoYes (via KEYSTACK)
TCC (formerly 4NT)text concurrentYes (via FOR /F command)?Partial (via %@EXECSTR[] and %@EXEC[])Yes (via FTP, TFTP, FTPS, SFTP, HTTP, HTTPS and IFTP, client only)Yes (via KEYSTACK)
PowerShellobjects concurrentYesNoYesYes?
rctext concurrentYesYes (via: <{cmd} if system supports /dev/fd/⟨n⟩)YesNo?
BeanShellnot supported???Yes?
VMS DCLtext (via PIPE command)YesNoYes (spawn)Yes (server TCP only)No
fishbytes concurrentYes (...)No (broken)NoNoN/A

Keystroke stacking

In anticipation of what a given running application may accept as keyboard input, the user of the shell instructs the shell to generate a sequence of simulated keystrokes, which the application will interpret as a keyboard input from an interactive user. By sending keystroke sequences the user may be able to direct the application to perform actions that would be impossible to achieve through input redirection or would otherwise require an interactive user. For example, if an application acts on keystrokes, which cannot be redirected, distinguishes between normal and extended keys, flushes the queue before accepting new input on startup or under certain conditions, or because it does not read through standard input at all. Keystroke stacking typically also provides means to control the timing of simulated keys being sent or to delay new keys until the queue was flushed etc. It also allows to simulate keys which are not present on a keyboard (because the corresponding keys do not physically exist or because a different keyboard layout is being used) and therefore would be impossible to type by a user.

Security features

ShellSecure (password) promptFile/directory passwordsExecute permissionRestricted shell subsetSafe data subset
Bourne shellvia stty?N/AYesNo
POSIX shellvia stty?N/ANoNo
bash (v4.0)read -s?N/AYesNo
cshvia stty?N/AYesNo
tcshvia stty?N/AYesNo
Hamilton C shellNoNoNoNoNo
Scshvia stty?N/ANoNo
ksh (ksh93t+)via stty?N/AYesNo
pdkshvia stty?N/AYesNo
zshread -s?N/AYesNo
ashvia stty?N/ANoNo
CCPNoNoNoNoNo
COMMAND.COMPartial (only under DR-DOS, prompts for password if file/directory is protected)Partial (only under DR-DOS via \dirname;dirpwd\filename;filepwd syntax)Partial (only under DR-DOS, if files are password-protected for read and/or execute permission)NoNo
OS/2 CMD.EXENoNoNoNoNo
Windows CMD.EXENoNoNoNoNo
4DOSYes (via INPUT /P or INKEY /P)Partial (only under DR-DOS via \dirname;;dirpwd\filename;;filepwd syntax)Partial (only under DR-DOS, if files are password-protected for read and/or execute permission)NoNo
4OS2?NoNoNoNo
TCC (formerly 4NT)Yes (via INPUT /P, INKEY /P or QUERYBOX /P)NoNoNoNo
PowerShellYesNoNoYesYes
rcvia stty?N/ANoNo
BeanShell?????
VMS DCLYesNoYesYesNo
fishread -s?N/ANo?

Secure prompt

Some shell scripts need to query the user for sensitive information such as passwords, private digital keys, PIN codes or other confidential information. Sensitive input should not be echoed back to the screen/input device where it could be gleaned by unauthorized persons. Plaintext memory representation of sensitive information should also be avoided as it could allow the information to be compromised, e.g., through swap files, core dumps etc.

The shells bash, zsh and PowerShell offer this as a specific feature. Shells which do not offer this as a specific feature may still be able to turn off echoing through some other means. Shells executing on a Unix/Linux operating system can use the stty external command to switch off/on echoing of input characters. In addition to not echoing back the characters, PowerShell's -AsSecureString option also encrypts the input character-by-character during the input process, ensuring that the string is never represented unencrypted in memory where it could be compromised through memory dumps, scanning, transcription etc.

Execute permission

Some operating systems define an execute permission which can be granted to users/groups for a file when the file system itself supports it.

On Unix systems, the execute permission controls access to invoking the file as a program, and applies both to executables and scripts. As the permission is enforced in the program loader, no obligation is needed from the invoking program, nor the invoked program, in enforcing the execute permission – this also goes for shells and other interpreter programs. The behaviour is mandated by the POSIX C library that is used for interfacing with the kernel. POSIX specifies that the exec family of functions shall fail with EACCESS (permission denied) if the file denies execution permission (see – System Interfaces Reference, The Single UNIX Specification, Version 5 from The Open Group).

The execute permission only applies when the script is run directly. If a script is invoked as an argument to the interpreting shell, it will be executed regardless of whether the user holds the execute permission for that script.

Although Windows also specifies an execute permission, none of the Windows-specific shells block script execution if the permission has not been granted.

Restricted shell subset

Several shells can be started or be configured to start in a mode where only a limited set of commands and actions is available to the user. While not a security boundary (the command accessing a resource is blocked rather than the resource) this is nevertheless typically used to restrict users' actions before logging in.

A restricted mode was evaluated for the POSIX specification for shells, but not included. However, most of the Linux/Unix shells support such a mode where several of the built-in commands are disabled and only external commands from a certain directory can be invoked.

PowerShell supports restricted modes through session configuration files or session configurations. A session configuration file can define visible (available) cmdlets, aliases, functions, path providers and more.

Safe data subset

Scripts that invoke other scripts can be a security risk as they can potentially execute foreign code in the context of the user who launched the initial script. Scripts will usually be designed to exclusively include scripts from known safe locations; but in some instances, e.g. when offering the user a way to configure the environment or loading localized messages, the script may need to include other scripts/files. One way to address this risk is for the shell to offer a safe subset of commands which can be executed by an included script.

Notes

External links

  • Nasarek, Marcus (May 2007). (PDF). . Linux Magazine. (PDF) from the original on 2014-10-10.
  • . IEEE Standard for Information Technology 1003.1™-2024 – Portable Operating System Interface POSIX™.1-2024 — The Open Group Base Specifications Issue 8 (2024 ed.). The IEEE and The Open Group. 2024-08-08.