| ▲ | mathfailure 8 hours ago |
| I didn't like the idea. I prefer the alternative approach: _I_ decide the order of dirs in the PATH env. If I introduce an executable with a name, that overrides a system one - I probably do that intentionally. If I introduce an alias (like `grep='grep --binary-files=without-match --ignore-case --color=auto`) that matches the name of a system binary - I probably do that intentionally. And if I EVER need to call grep without my alias - I just prefix it with a backslash: \grep will search with case sensitivity and no color and will scan binaries. |
|
| ▲ | bayindirh 5 hours ago | parent | next [-] |
| Looked so backwards to me, too. However, I decided to give it a go, anyway. Now, I have some scripts and small commands which start with a comma, and it looks neat and time saving. Yes, I can do path ordering to override usual commands. However, having a set of odd-job scripts which start with a comma gives a nice namespacing capability alongside a well narrowed-down tab-completion experience. While it's not the neatest thing around, it works surprisingly well. Another idea which looks useless until you start using is text expanders (i.e.: Espanso and TextExpander). |
| |
| ▲ | mathfailure 5 hours ago | parent | next [-] | | I never knew that what I've known as 'hotstrings' (since the AutoHotKey days) other sometimes also call 'text expanders'. | |
| ▲ | aschla an hour ago | parent | prev | next [-] | | The irony in the number of extra commas you've used in this comment... | | |
| ▲ | bayindirh 8 minutes ago | parent [-] | | As a non-native English speaker and writer/typer I'm not well versed in usage of commas unfortunately. Feel free to add the required ones while reading this comment. Sorry for the inconvenience this might create. |
| |
| ▲ | xbryanx 5 hours ago | parent | prev [-] | | Love Alfred Snippets for this same text expander need. |
|
|
| ▲ | hinkley 30 minutes ago | parent | prev | next [-] |
| When “I” means me then this usually works for me. But when “I” becomes “we”, sometimes this goes off the rails because someone introduces a bin with breaking changes that silently fucks up projects that dev doesn’t really know about, or forgot about. Call it the Chesterton’s Fence of ‘which’. |
|
| ▲ | wasmainiac 31 minutes ago | parent | prev | next [-] |
| I would recommend against overriding standard system binaries, you could break compatibility on your system with scripts that depend on those binaries. I just use an abbreviation like rg=“grep -RE” |
| |
| ▲ | RadiozRadioz 26 minutes ago | parent [-] | | Why are those scripts running in interactive login shells? If they are influenced by the configuration of profile, then the scripts are bad. | | |
| ▲ | wasmainiac 15 minutes ago | parent [-] | | That’s true, but I would still call overloading system binaries bad practice. Your making yourself foot gun. |
|
|
|
| ▲ | mid-kid 8 hours ago | parent | prev | next [-] |
| Either adding your script directory in front of the PATH, or creating `alias` that provide a full path to your script where a conflict exists, makes a whole lot more sense to me. I've never had this collision problem yet, despite appending my script directory to the end, but I'll use either of the above solutions if that ever becomes a problem. |
| |
| ▲ | alsetmusic 3 hours ago | parent | next [-] | | From my own aliases: alias curl='/opt/homebrew/opt/curl/bin/curl '
alias rsync-copy='/opt/homebrew/bin/rsync -avz --progress -h '
alias rsync-move='/opt/homebrew/bin/rsync -avz --progress -h --remove-source-files '
alias rsync-synchronize='/opt/homebrew/bin/rsync -avzu --delete --progress -h '
alias rsync-update='/opt/homebrew/bin/rsync -avzu --progress -h '
alias vi='/opt/homebrew/bin/vim -S ~/.vimrc'
alias vim='/opt/homebrew/bin/vim -S ~/.vimrc'
alias wget='/opt/homebrew/bin/wget -c '
There are others with flags added. These are the ones that override the builtin MacOS versions that aren't up-to-date. | |
| ▲ | mathfailure 4 hours ago | parent | prev [-] | | One rarely actually needs to shadow binaries. Some cases could indeed be covered by introducing an alias that binds the binary's name to call a different copy of that binary. You use shadowing to fix issues where you install some software that expects you to have a sane and ~recent version of some tool like git, but you don't as your system provides that binary and unfortunately it is either not sane (not GENERALLY sane [while it could be sane for system scripts]) or not recent enough. In that case the program's function would simply fail if it would call the system's binary and you shadow the binary with your version to fix that. > adding your script directory in front of the PATH That's a poor advice for the scripts you call relatively frequently. Instead, (as a general approach, we aren't discussing some particular script) don't use shadowing for scripts: just pick a non-conflicting script name and append the script's dir to $PATH. | | |
| ▲ | Joker_vD 3 hours ago | parent [-] | | > That's a poor advice for the scripts you call relatively frequently. Why? It protects you from someone else (cough updated packages introducing new commands cough) picking a name you already use. |
|
|
|
| ▲ | ri0t 3 hours ago | parent | prev | next [-] |
| TIL: Backslash overrides alias - wow! Thanks, mathfailure - this genuinely improves my life! |
| |
| ▲ | mixmastamyk 2 hours ago | parent [-] | | ‘command grep’ also works in several shells. A little longer but looks good in scripts etc. |
|
|
| ▲ | CGamesPlay 7 hours ago | parent | prev | next [-] |
| I do this, and routinely shadow commands with my own wrappers to do things like set environment variables. And then there’s Claude. It deletes whatever it finds at ~/.local/bin/claude, so I have to use a shell function instead to invoke the full path to my wrapper. |
| |
| ▲ | e1g 7 hours ago | parent [-] | | You can use an alias, which takes priority over $PATH. e.g. I have this in .zhsrc to override the "claude" executable to run it in the OS sandbox: alias claude="sandbox-exec -f ~/agents-jail.sb ~/.local/bin/claude --dangerously-skip-permissions"
| | |
| ▲ | plagiarist 6 hours ago | parent [-] | | How does your sandbox ruleset look? I've been using containers on Linux but I don't have a solution for macOS. | | |
| ▲ | e1g 4 hours ago | parent [-] | | Here's my ruleset https://gist.github.com/eugene1g/ad3ff9783396e2cf35354689cc6... My goal is to prevent Claude from blowing up my computer by erasing things it shouldn't touch. So the philosophy of my sanboxing is "You get write access to $allowlist, and read access to everything except for $blocklist". I'm not concerned about data exfiltration, as implementing it well in a dev tool is too difficult, so my rules are limited to blocking highly sensitive folders by name. |
|
|
|
|
| ▲ | 112233 8 hours ago | parent | prev | next [-] |
| Any severe side effects so far? Have you set PATH up somehow so it is effect only on interactive prompt, and not in the launched processes? Because I cannot imagine much 3rd party scripts working with random flags added to core tools |
| |
| ▲ | deredede 7 hours ago | parent | next [-] | | I also do this. Random flags added to core tools are done with aliases, which do not affect the launched processes, not by shadowing them in ~/bin. Shadowing in ~/bin are for cases where a newer (compared to the system-wide version) or custom version of a tool is needed. | |
| ▲ | mathfailure 4 hours ago | parent | prev [-] | | Not really, since if one usually does that - they probably understand the possible consequences and don't shadow whatever they like, but do it carefully. On MacOS I shadow that way just curl and git binaries to the versions installed from homebrew and nothing has broken (yet). I know that tar on MacOS is also a weirdo that I'd rather shadow with the homebrew's gtar, but their args are different and I of course understand that there's a high probability of something in system to be bound to mac's version of tar, so here I better remember to use 'sane' tar as gtar or use an alias (instead of shadowing the binary) for tar to use gtar (because aliases are for users, not for system scripts/processes). And on my home desktop's Debian - I don't even use shadowing of binaries at all (never needed it). Also, I just realized: I change PATH env via my shell's rc script (~/.zshrc), so I probably could worry even less about shadowing system binaries (like tar on MacOS) possibly breaking things. |
|
|
| ▲ | alance 7 hours ago | parent | prev | next [-] |
| Just on your first suggestion, this also means that if a person or process can drop a file (unknown to you) into your ~/bin/ then they can wreak havoc. Eg they can override `sudo` to capture your password, or override `rm` to send your files somewhere interesting, and so on. Btw on the second suggestion, I think there's a command named `command` that can help with that sort of thing, avoids recursive pitfalls. |
| |
| ▲ | functionmouse 7 hours ago | parent | next [-] | | That would require someone to already want to sabotage me in particular, learn my private workflows, and also have write access to my home folder. At that point, All is Lost. Don't tell people to sacrifice agency for apocalypse insurance that doesn't work, lol | |
| ▲ | latexr 6 hours ago | parent | prev | next [-] | | If someone can drop a file in your ~/bin, they can also edit your shell’s startup files to add their malicious command. | |
| ▲ | wtetzner 6 hours ago | parent | prev | next [-] | | I think it's already game over if they have access to your home directory. They can also edit your path at that point. | |
| ▲ | dieulot 5 hours ago | parent | prev | next [-] | | The issue of rootless malicious command overrides is solved by typing the whole path, such as "/bin/sudo". | | |
| ▲ | mathfailure 4 hours ago | parent [-] | | No, don't do that as a precaution. As others have already answered correctly - it's too late to worry about such things if a malicious agent has write access to your ${HOME} dir. |
| |
| ▲ | znpy 7 hours ago | parent | prev [-] | | While true, what you describe is very unlikely to happen and most definitely won’t happens on systems where i’m the only users. |
|
|
| ▲ | pmarreck 6 hours ago | parent | prev | next [-] |
| I do the same thing, but I also have a command that shows me what functions or scripts might be shadowing other scripts |
| |
| ▲ | e40 5 hours ago | parent [-] | | Care to share? | | |
| ▲ | lowmagnet 4 hours ago | parent | next [-] | | the sibling answer but with `-a` before command name, will display all path hits for a command. | |
| ▲ | cluckindan 4 hours ago | parent | prev [-] | | which <commandname>
| | |
| ▲ | e40 4 hours ago | parent [-] | | Seemed like it was more than that, but the comment is ambiguous. I took it to mean "show me all the commands which are shadowed" not "is this command shadowed"... |
|
|
|
|
| ▲ | chrisjj 8 hours ago | parent | prev | next [-] |
| > If I introduce an executable with a name, that overrides a system one ... and breaks existing scripts that reference the system one, right? |
| |
|
| ▲ | 6 hours ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | fragmede 8 hours ago | parent | prev [-] |
| curious if you're customizing anyway, why not use eg ripgrep? |
| |
| ▲ | mathfailure 5 hours ago | parent | next [-] | | Others have already given valid answers: grep is not ripgrep [their params don't match], so it's a bad idea to alias 'grep' to use ripgrep. But it's okay to alias 'ripgrep' (or 'rg' or whatever) to use ripgrep with some args. | |
| ▲ | wtetzner 6 hours ago | parent | prev | next [-] | | repgrep's CLI options and general behavior are different from grep. I tend to use both for different things. | |
| ▲ | 8 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | llimllib 7 hours ago | parent | prev [-] | | Not OP, but I use ripgrep and customize it with an alias as well, so it applies equally there |
|
