Having to type ./script is tedious and you’d rather just add . (or an empty directory, meaning a leading or trailing : or a :: in the middle) to your $PATH.

We advise against doing this for any user, but we strongly advise against doing this for root. If you absolutely must do this, make sure . comes last. Never do it as root.

As you know, the shell searches the directories listed in $PATH when you enter a command name without a path. The reason not to add . is the same reason not to allow world-writable directories in your $PATH.

Say you are in /tmp and have . as the first thing in your $PATH. If you type ls and there happens to be a file called /tmp/ls, you will run that file instead of the /bin/ls you meant to run. Now what? Well, it depends. It’s possible (even likely given the name) that /tmp/ls is a malicious script, and if you have just run it as root there is no telling what it could do, up to and including deleting itself when it’s finished to remove the evidence.

So what if you put it last? Well, have you ever typed mc instead of mv? We have. So unless Midnight Commander is installed on your system, you could accidentally run ./mc when you meant /bin/mv, with the same results as above.

Just say no to dot!