Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


"script" command without notification?

Posted on 2000-03-31
Medium Priority
Last Modified: 2010-04-21
I would like to know how to use the UNIX "script" command so that it doesn't display (on the screen) the message:
  "Script command is started. The file is ..."
when I start a script session, and if possible, doesn't display (on the screen) the message:
  "Script command is complete.  The file is ..."
when I exit.

Everything else (ie: commands entered during the script "session", and output from them), should display on the screen as usual.

I need this to work in AIX 4.3.2, (ksh).
Question by:tel2
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 3
  • +2
LVL 40

Expert Comment

ID: 2674814
Unless you want to find the script sources and build you own (or patch the executable to emit spaces for the strings) you can't disable the notifications or redirect them to /dev/null.

There's pretty good security related reasons for "script" announcing what it's doing. If it didn't announce, a malicious user could invoke it on an unattended session or slip it into someones shell init script and capture data that they shouldn't be able to see.

If you are in a position of authority and suspect that some user is misbehaving, there may be other ways to document the users actions. For anything else, I can't see why the messages would be a problem.
LVL 12

Author Comment

ID: 2675428
Thanks for that jlevie,

My purpose is to capture enties of users who I suspect may be doing stuff they shouldn't, and also to log sessions of service people so I can see how they have fixed things.

Does anyone know of any other way?  Otherwise, patching the executable may be what I have to do, in which case, my next question will be how to do this with a binary file.  For a text file, I would have used sed and tr, but I'm not quite up to using more flexible tools like awk and perl.
LVL 40

Expert Comment

ID: 2675494
To patch the executable, you'll need to use a binary patch tool, probably adb. The process goes like, find the offset to the start of each string (od -a will help) and use adb or what ever you have on AIX to insert spaces. I'd highly recommend making a special copy, not in the in the normal path, that only you and/or root has read/executable rights to.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Expert Comment

ID: 2678526
For Solaris , you can install bsm (basic security module) , under AIX utilities such as tcbck and

I recommend installing tripwire, this will give you a complete history of all files that have been altered on the system each day.

you can also use swatch to watch the users shell history file automatically for you, and alert you to suspicious behaviour.

programs such as COPS allow you to secure permissions on your systems.

commands such as lastcomm, acctcms etc can help, and If you have a suspected rogue user as a last resort you can give them a restricted shell (this is very secure, but has some limitations).

Hope this helps.
LVL 12

Author Comment

ID: 2695689

Your answer was very informative, but it's just not really what I'm after, so I'm afraid I have to reject it.  I don't think any of the facilities you mentioned will show me to see exactly what came up on the screen of a user (as script does).  Shell history can be useful, until the user enters an application, then you can't see what they're doing.  Thanks for you efforts though, and keep up the good work!
LVL 12

Author Comment

ID: 2695704

Sorry for the delay in getting back to you, and thanks for your help so far.  A couple of problems:

First, I tried to find the strings:
"Script command is started. The file is" and "Script command is complete. The file is" in the executable, using the strings command, but couldn't quite find them.  Check this out:

# strings `which script`
1.11  src/bos/usr/ccs/lib/libc/__threads_init.c, libcthrd, bos43K, 9823A_43K 6/1
2/98 12:37:06
get window size
Script started, file is %s
Script started on %s
OK!  You can read now.
tcsetattr 1
script done on %s
tcsetattr 3
Script done, file is %s
open master
tcsetattr 2
set window size 1
xusage: script [ -a ] [ typescript ]
chmod failed on tty. errno = %d
chown failed on tty. errno = %d
acl_set failed on tty. errno = %d
chown failed on tty. errno = %d
@(#)26  src/bos/usr/bin/script/script.c, cmdsh, bos43D, 9744A_43D 10/2
4/97 10:53:32

The closest I can find is: "Script started, file is %s".  So, I don't understand where "Script command is started...", etc, come from.  What am I doing wrong?

Secondly, are you sure that adb can be used as a binary editor?  The AIX man pages say it's a "general purpose debug program".  How might I use it to edit?
LVL 84

Expert Comment

ID: 2696203
you can edit it with emacs, just be careful not to change the length of the strings you replace (you may want to set overwrite mode)
Changing the S in "Script started" to a null would probably do it.
LVL 40

Expert Comment

ID: 2696231
I don't know why you don't see those strings, unless there's more than one "script" executable around. You certainly have run the "strings" command correctly and it's output shows what I would expect, namely "Script started, file is %s", etc.

Well, any debugger has the ability to modify locations in an executable. But now that I look at the man pages for adb again, I realize that I'm not sure that I can save any changes. So I may have misled you there. I'm used to using adb to patch runnig kernels, so it quicly came to mind, but then I don't have to save those back to disk. Of course the best solution would be to build a custom copy from source and I'm looking for a source now. If I can find one and get it to work on Solaris, you ought to also be able to use it on AIX. More soon... I hope.

Accepted Solution

sgoldgaber earned 240 total points
ID: 2710457
I followed jlevie's and ozo's excellent advice, with slight modifications
and came up with this ez-script mod:

NOTE: Lines starting with "%" indicate the shell prompt.

% which script
% xxd /bin/script > /tmp/script.hex
% cp /tmp/script.hex /tmp/script.hex.new
% vi /tmp/script.hex.new
% diff /tmp/script.hex /tmp/script.hex.new
< 0001a30: 6372 6970 7420 5d0a 0000 0000 5363 7269  cript ].....Scri
> 0001a30: 6372 6970 7420 5d0a 0000 0000 0063 7269  cript ]......cri
< 0001a90: 646f 6e65 206f 6e20 2573 0a00 5363 7269  done on %s..Scri
> 0001a90: 646f 6e65 206f 6e20 2573 0a00 0063 7269  done on %s...cri
% xxd -r /tmp/script.hex.new > /tmp/newscript
% chmod 755 /tmp/newscript

The above patch has the nice benefit of also taking out the "Script done, file is typescript" that you get when you quit script.  To be completely explicit about the above diff, all I did was replace the "53" with "00" and "S" with "."

Happy hacking!
LVL 12

Author Comment

ID: 2711024

Thanks very much for that.  My only problem, before I test it, is getting hold of xxd.  It doesn't come with AIX, and I had a quick search on the Net and could only find it with VIM (the editor).

What is a good place to get xxd (for AIX) from?  I will want to download it, compile it, and test it on "script" before grading your answer.

LVL 12

Author Comment

ID: 2711160
In the mean time, I tried this:

# tr "S" "\000" <script >script2
Which changes ALL "S"s to nulls.  The only extra "S" it should find is in "SHELL", which should not be a problem for our test.  Here goes:

# chmod +x script2
# chmod +s script2
# ./script2
Script command is started. The file is typescript.
# exit
Script command is complete. The file is typescript.

NOPE.  That didn't work.  I still think the problem is that "Script command is started..." is different from "Script started...".

Let's check that tr worked:
# od -a script >script.hex
# od -a script2 >script2.hex
# diff script*hex
< 0013500    S   H   E   L   L nul nul nul   /   u   s   r   /   b   i   n
< 0013520    /   s   h nul   a nul nul nul   w nul nul nul   S   c   r   i
> 0013500  nul   H   E   L   L nul nul nul   /   u   s   r   /   b   i   n
> 0013520    /   s   h nul   a nul nul nul   w nul nul nul nul   c   r   i
< 0013620    S   c   r   i   p   t  sp   s   t   a   r   t   e   d  sp   o
> 0013620  nul   c   r   i   p   t  sp   s   t   a   r   t   e   d  sp   o
< 0013760    r  sp   3 nul   S   c   r   i   p   t  sp   d   o   n   e   ,
> 0013760    r  sp   3 nul nul   c   r   i   p   t  sp   d   o   n   e   ,

Looks OK to me.

Did you test your new version of script, sgoldgaber?  What did the output look like?
LVL 12

Author Comment

ID: 2711164
Adjusted points from 60 to 80

Expert Comment

ID: 2712778
The xxd that I used did, in fact, come with vim.  It should compile on AIX.

What I wrote was exactly what I did on Solaris, and it worked.  script produced no output when so patched.  It started and stopped without either the "Script started, file is typescript" or the "Script done, file is typescript" messages.

Expert Comment

ID: 2712836
Here are a couple of links to hex editors which are advertised to compile under AIX:



Expert Comment

ID: 2712858
By the way, when I said that script produced no output, I meant no output when it started, and no output when it stopped.  Normal output (such as the shell prompt, STDOUT, STDERR, etc) was still there, as it should be.
LVL 12

Author Comment

ID: 2713751

Thanks for all that info.  I've downloaded hexedit and I'll try it some time.

1. Is hexedit a different program to xxd?
2. Would you agree that my attempt using "tr" has achieved the same thing in this case (except "SHELL" has been changed to "<nul>HELL")?  Ie: Because I got lucky that there weren't too many "S"s.
3. Any ideas why it's still not working for me.

My concern is, I could get hexedit and make the change and it still won't work.
I'm thinking that "script" may be calling another program which has the exact text "Script command is started...".  I'll have to search the binary.

Expert Comment

ID: 2713839
1 - yes, but it _should_ be able to do what you need
   I've never used anything other than xxd on a UNIX system, so I have no comment on hexedit (except that its supposed to be able to edit hex ;).

2 - Actually, it doesn't look like your "tr" trick caught the right strings.  There's more than one "Script started" string in the file.  Your "tr" seemed to catch the wrong one.  Also, the third substitution that it seemed to do was on "Script done", not on "Script completed".  So, I suggest using a real hex editor to make sure you got all of the relevant strings.

3.  See above.

Expert Comment

ID: 2713871
Script does not call another program, at least not on Solaris.  The patch I applied works for me, and I modified only script itself.  If you want you can run "truss", "trace", "strace", "ktrace", or whatever the AIX equivalent is on script and you'll see if it forks.  But it almost definately won't.
LVL 12

Author Comment

ID: 2719902
If you have a look (far above) at the output of my "strings `which script`" command, you will see that there is a reference to "script.cat".  I searched the system for this file, and found it:
-rw-r--r--   1 bin  bin   494 Oct 01 1997 /usr/lib/nls/msg/en_US/script.cat

And check this out:
# strings script.cat
Usage: script [ -a ] [ Typescript ]
Script command is started. The file is %s.
Script command is started on %s.
Script command is complete on %s.
Script command is complete. The file is %s.
Out of pty's.
chmod failed to change permissions of tty. Errno = %d.
chown failed to change ownership of tty. Errno = %d.
acl_set failed to change permissions of tty. Errno = %d.

It seems it's a catalogue of messages for commands for the script command, and this one's got the EXACT message I get when I start & stop the script command.  I tried running tr on that, and it worked.  There's only 1 minor problem - I still need to exit twice to logoff, but I can workaround that easily in the .profile.

Thanks to everyone for your help.  The points will all go to sgoldgaber in this case for simplicity, but I appreciate the help of jlevie, festive & ozo too!  Keep up the good work guys!

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question