Executable Shell

Regular Linux users* are not able to download a program from the web and run it. They can if they have the most basic knowledge of what a terminal is, but most people don't and never will (nor, I belive, should they need to). This is the problem Executable Shell (esh) is trying to solve.

Besides the psychological reasons why this doesn't work (which are addressed in the FAQ) there is a technical reason - files downloaded from the web (via HTTP or FTP, or just about any other means) don't have 'execute' permissions. A double-click on the downloaded file in a file manager (or on the desktop) will result in a dialog asking the user what program they want to open this file in.

The esh utility deals with the problem by running sh with the name of the file as a parameter - in other words it automates the following sequence of steps:
  1. open a terminal
  2. cd to the directory where your file is
  3. run `sh program.sh`
Note that a shell script can have any kind of program inside, not just shell commands. Take a look at makeself.

Here's a GTK-based prototype I wrote. I expect that when this system is accepted, someone will develop a similar QT-based program (they can coexist very easily):


Why esh is needed

This system will allow developers who are not part of existing open source communities to reach Linux users with minimal effort.

Having developed a couple of open source applications I know full well how much effort it takes to get a program packaged: first you need to learn the package management system of all the distributions (since your program is distro-independent); then with every version of the program you need to recreate and retest all the packages. My two programs (ISO Master and Asunder) would only be available in source code format if it wasn't for a few smart and dedicated volunteers. I simply don't have the time to both make the program and make the packages.

But don't get me wrong, I'm not proposing to get rid of rpm and deb. Those systems are critical to maintaining a stable Linux distribution. What I'm saying is that a person making a program for Linux should be able to reach the users in the early stages of development - that is before there are volunteers to make distro-specific packages.

Ultimately there will be more programs developed and available for Linux, so the number of users will grow, and the communities of volunteers will grow, and the quality of all distributions will improve. 'Yeah right', you say? Go back in time and count the people saying 'yeah right' to Microsoft taking over the world back in the DOS days. I say make it easier to use than the competition and you will win in the market in the end.

What's needed for esh to succeed

For this happy scenario to materialize all the major file managers have to be configured by default to assiciate the .sh extension (or the bourne-again shell script mime type) with esh. And distributions have to ship with esh installed out of the box.

Security vs ease of use

Like I said at the top of the page - users can already run shell scripts. All they need is access to a terminal. Executable shell does not add any new security holes. It simply exposes the existing security holes (the ability to run interpreters such as sh, perl, python, etc.) to more users.

In fact Executable Shell is more secure than the current system, since having shell scripts running via esh distributions have an easy way to add malware checking for downloaded programs - something that's harder to do if the user types in `sh program.sh` in a terminal, and it's very much harder to deal with if the user manually gives the file execute permissions.

While it's kind-of true that if the user doesn't know how to do it he won't, it's also true that Linux is a fringe operating system on the desktop. Arguing for security through obscurity and against usability will only make sure Linux will stay on the fringes, letting OSX take the market share that Linux is entitled to on technical merits.

Download

To play with esh feel free to download it from subversion. I will make a proper release (with a tarball) once I get more feedback. To checkout use the following command:

svn co svn://littlesvr.ca/prog/esh

Discussion

I realise that this is a hot topic and that my solution may use improvement. I encourage you to send me an email and invite me to discuss this topic on a forum, or a mailing list, or a newsgroup.

Notes

* When I say regular Linux users I don't mean the average Linux user today, but someone with the computer skills of a regular Windows user today - the vast majority of people who don't use Linux today, but could move in the next some years. So the regular Linux user reffered to on this page is kind of ficticious. And a side-note: if you think saying GNU/Linux is more important than gaining a good share of users, you're on the wrong page.