Ok, the difference I found after reading the manpage was when using double quotes around it. "$*" seems to become one "string", while with "$@" you have it still split. Is this the whole point? Can someone who is not tired explain to me what the importance is for security? (I'd rather know it before I work on anything mission critical.)

Sorry it was late. "$*" should be safe, however it's most likely also useless (everything becomes just one huge string). "$@" is basically the same as $*, except that it doesn't make the script crap out at the first sight of various special characters. Imagine you're handling command line arguments to the shell script with variables. Now, that Redmond stuff has the mental abortian of only wanting at most 3 more characters in filenames after the first period. Unix has the mental abortion of stopping dead at the first space in a filename. (There are exceptions to both.) Using "$@" allows you to handle characters like space, & [ ] { } < > etc within(!) arguments (spaces between arguments are never a problem). Allowing for this has 2 major advantages: your script actually works for the general case (not just for the special case of filenames only consisting of letters and digits) which is always a good programming practise, and you catch a few security related problems. IIRC the original suggestion was to call sudo like this: sudo $* where $variable was to supply 1 argument to sudo. Call this with ./myscript "one argument here" and you get in fact ./myscript "one" "argument" "here", except there are now 3, not 1. With the same mechanism you can slip in additional arguments to sudo: ./myscript "--somesmartsudooption heeeeee" You may as well leave out the quotes when calling the script. Now before anyone suggests there's nothing to be gained from sudo (I'm not going to bother to check), that's beside the point. If the script is ever to be run as root, make sure to use sudo "$@" in all those situations for any variable expansion. This keeps arguments together as one, even when they contain characters which may have other meanings as well. For lists of values you have to use the array feature in bash 2.x; the lack of this in bash 1.x renders that version essentially useless for serious programming. Volker