Marco Bravo
If you don’t know, ask – if you know, share! ~ opensource mindset 
➠ "We may not have control over our circumstances, but we do have control over our minds"
➠ What do I want to do next?
Writing Safe Shell Scripts
by Marco Bravo
Writing shell scripts leaves a lot of room to make mistakes, in ways that will cause your scripts to break on certain input, or (if some input is untrusted) open up security vulnerabilities. Here are some tips on how to make your shell scripts safer.
The simplest step is to avoid using shell at all. Many higher-level languages are both easier to write the code in in the first place, and avoid some of the issues that shell has. For example, Python will automatically error out if you try to read from an uninitialized variable (though not if you try to write to one), or if some function call you make produces an error.
- Shell settings
set -euf -o pipefail - Quote liberally
- Passing filenames or other positional arguments to commands
- Temporary files
- Use ShellCheck to check for bugs
- Google has a Shell Style Guide.
Conclusion When possible, instead of writing a “safe” shell script, use a higher-level language like Python. If you can’t do that, the shell has several options that you can enable that will reduce your chances of having bugs, and you should be sure to quote liberally.
tags: sysadmin - tools - bash - automation