I have a script and it does a read -p to a variable named PASSWD:
smbclient -L 192.1.1.1 -U username%$PASSWD
I believe that I won't be able to see this in the history. On this link, it says that someone doing ps would be able to see the password string? Pass parameters to a script securely
But if a script lasts a negligible time (a few milliseconds) isn't this not a big deal?
You can read from man smbclient:
-U|--user=username[%password]
Sets the SMB username or username and password.
If %password is not specified, the user will be prompted. The client will first check the USER environment variable, then the LOGNAME variable and if
either exists, the string is uppercased. If these environmental variables are not found, the username GUEST is used.
A third option is to use a credentials file which contains the plaintext of the username and password. This option is mainly provided for scripts where
the admin does not wish to pass the credentials on the command line or via environment variables. If this method is used, make certain that the
permissions on the file restrict access from unwanted users. See the -A for more details.
So, it will be better to use -A option and set the right permissions on the file so it is NOT world-readable
If the command using the password is called from a script, that command won't be in your shell history, that is correct. This has nothing to do with "subshells".
It's not really secure to store or re-use plaintext passwords anywhere, though.
That's open for discussion, it is as safe as you deem it to be.
Some people will see this as a security risk, others will find this to be negligible.
Personally I wouldn't do it.
