In my work environment, I often see the `which` command being used in scripts, such as with commands like `$(which sudo)` and `$(which find)`. The idea seems to be ensuring that these commands are found regardless of their location on the system. However, I'm wondering if it's genuinely necessary to use `which` in this situation. Wouldn't just using `sudo find [...]` suffice since it relies on the PATH?
3 Answers
Using `which` can actually be pretty risky! In cases where the command you're looking for doesn't exist, like trying to run `$(which cp)` when `cp` isn’t installed, you end up with empty output instead of the expected path. For example, you might see `$(which sudo) $(which cp) bin/foo /usr/local/bin`, which could give an erroneous command if `cp` isn’t found. It’s better to skip `which` altogether unless you have a very specific need for its output.
Some argue it's useful for checking which version of a command you're running, but in scripts, that could lead to unnecessary complications.
Exactly! Plus, without good reason, it just adds more clutter to the code.
It's generally viewed as unnecessary. Using commands without `which` is typically better since it's just a wrapper for getting paths based on the current PATH environment. It doesn’t actually deal with permissions or prioritizing security, which is a common misconception. And if you're looking to avoid aliases, that's misguided too; aliases aren't active in scripts by default, and your script should be secure on its own without the need for commands like `which`. So, it might be just tacking unnecessary complexity onto your scripts without clear benefits.
Exactly! Just sticking to basics often does the job. Keeping it clean is usually best practice.
Right? It seems like a shortcut that adds more confusion rather than clarifying what's running.
You're right that using `which` doesn't really add much in scripts. It's often a misunderstanding where developers try to avoid issues with PATH by using `which`, but frequent use of full paths like `/usr/bin/find` would actually be a better solution for security.
Additionally, many experienced scripters believe that it overcomplicates things unnecessary, like worrying about unorthodox environment variables. Instead, focusing on proper error handling for missing commands is a more robust approach.
But wouldn't `which` help if you're not sure where the command is? Can't it help ensure you're using the correct version?
It could, but often trusting the system's PATH is enough for most scripts. Overusing tools like `which` can obscure the real intent of the command.
True, and in many environments `which` doesn't add any real value since the command you need is already in your PATH. It can make scripts less portable if they rely too heavily on it.