Template:Short description
Template:Use dmy dates
{{#invoke:Infobox|infobox}}Template:Template other{{#invoke:Check for unknown parameters | check | showblankpositional=1
| unknown = Template:Main other
| preview = Page using Template:Infobox software with unknown parameter "_VALUE_"|ignoreblank=y
| AsOf | author | background | bodystyle | caption | collapsetext | collapsible | developer | discontinued | engine | engines | genre | included with | language | language count | language footnote | latest preview date | latest preview version | latest release date | latest release version | latest_preview_date | latest_preview_version | latest_release_date | latest_release_version | licence | license | logo | logo alt | logo caption | logo upright | logo size | logo title | logo_alt | logo_caption | logo_upright | logo_size | logo_title | middleware | module | name | operating system | operating_system | other_names | platform | programming language | programming_language | released | replaced_by | replaces | repo | screenshot | screenshot alt | screenshot upright | screenshot size | screenshot title | screenshot_alt | screenshot_upright | screenshot_size | screenshot_title | service_name | size | standard | title | ver layout | website | qid
}}Template:Main other
In computing, Bash (short for "Bourne Again SHell",)<ref>Template:Multiref2</ref> is an interactive command interpreter and command programming language developed for UNIX-like operating systems.<ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref> Created in 1989<ref name="BashBeta">Template:Cite newsgroup</ref> by Brian Fox for the GNU Project, it is supported by the Free Software Foundation and designed as a 100% free alternative for the Bourne shell (sh) and other proprietary Unix shells.<ref>Template:Multiref2</ref>
Since its inception, Bash has gained widespread adoption and is commonly used as the default login shell for numerous Linux distributions.<ref>Template:Multiref2</ref><ref name="cmpwrld_intrw2008">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><ref name="goftw2015">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> It holds historical significance as one of the earliest programs ported to Linux by Linus Torvalds, alongside the GNU Compiler (GCC).<ref>Template:Cite newsgroup</ref> It is available on nearly all modern operating systems, making it a versatile tool in various computing environments.
As a command-line interface (CLI), Bash operates within a terminal emulator, or text window, where users input commands to execute various tasks. It also supports the execution of commands from files, known as shell scripts, facilitating automation. In keeping with Unix shell conventions, Bash incorporates a rich set of features. The keywords, syntax, dynamically scoped variables, and other basic features of the language are all copied from the Bourne shell, (sh). Other features, e.g., history, are copied from the C shell, (csh), and the Korn Shell, (ksh). It is a POSIX-compliant shell with extensions.
HistoryEdit
While Bash was developed for UNIX and UNIX-like operating systems, such as GNU/Linux, it is also available on Android, macOS, Windows, and numerous other current and historical operating systems.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> "Although there have been attempts to create specialized shells, the Bourne shell derivatives continue to be the primary shells in use."<ref name="developer.ibm.com">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
TimelineEdit
Template:Split portions Template:Timeline-start
FeaturesEdit
List of Short DescriptionsEdit
Template:Prose As a command processor, Bash can operate in two modes: an interactive and non-interactive mode. In the interactive mode a text window where users input commands to execute various tasks. The second mode, is execution of commands from files, known as shell scripts, facilitating automation. In keeping with Unix shell conventions, Bash incorporates a rich set of features, including:
- A User Manual provided by the GNU Project, also available at
info bash, and a technical manual available atman bash. - Invocation as a...
- Interactive shell,
- Non-interactive shell, or
- Login shell;
- A command-line interface;
- Exit status codes;
- Control structures for
- Condition testing,
if,case,select,- logical AND (
&&) and OR (||), and
- Iteration:
for,while,untilloops, and- Arithmetic C-style loop:
for ((;
- Condition testing,
- Syntaxes for Boolean testing of file attributes, string and integer values, etc.:
- Traditional
testcommand, - Traditional single bracket test:
[, - Modern double bracket test:
[[ ... ]], which includes advanced features:- Extended regular expression and extglob matching
- Lexicographic sorting with
<and>;
- Traditional
- UNIX-style pipelines:
|; - Subshells:
$( ... ); - Signaling as a means of inter-process communication using the
trapbuiltin; - Asynchronous execution, i.e., Jobs and job control:
job_spec &wherejob_speccan be one of:- A full commandline:
<command_name> <options> <operands> <arguments> &, or - A job control identifier as denoted by a leading percent symbol:
%1 &;
- A full commandline:
- A shell portability mode where command lines can be interpreted in conformance with the POSIX standard;
- Command parsing:
- Comments are ignored:
- Bourne-style
#hashtag comments, and - Thompson-style
:colon comments;
- Bourne-style
- Commands are parsed one line at a time:
- Control structures are honored, and
- Backslash
\escapes are also honored at the ends of lines;
- Split into words (i.e., word splitting) according to quoting rules,
- Including ANSI-C quoting
$'...';
- Including ANSI-C quoting
- Seven kinds of expansions are performed in the following order on the resulting string:
- (Step 1) Brace expansion
kernel{-headers}, - (Step 2) Tilde expansion
~, - (Step 3) In a left-to-right fashion:
- Parameter and variable expansion
$fooor${bar}, including- Dynamically scoped variables,
- Indexed arrays of unlimited size,
- Associative arrays via
declare -A, and - Expansion syntaxes which can perform some tasks more quickly than external utilities, including, among others:
- Pattern Substitution
${foo//x/y}forsed 's/x/y/g',
- Remove Matching Prefix or Suffix Pattern
${bar##[a-zA-Z0-9]*}forcut -c8-,
- Print Array Keys
${!array[@]}, and
- Display Error if Null or Unset
${var:?error message},
- Pattern Substitution
- Command substitution:
$( ... ), - Process substitution,
<()or>(), when a system supports it: - Arithmetic expansion,
(( ... ))or$(( ... )), including- Integer arithmetic in any base from two to sixty-four, although
- Floating-point arithmetic is not available from within the shell itself (for this functionality, see current versions of
bcandawk, among others),
- Parameter and variable expansion
- (Step 4) Word splitting (again),
- (Step 5) Pathname expansion, i.e., shell-style globbing and pattern matching using
*,?,[...], and- (Although they can be used in conjunction, the use of brackets in pattern matching,
[...], and the use of brackets in the testing commands,[and[[ ... ]], are each one different things.)
- (Although they can be used in conjunction, the use of brackets in pattern matching,
- Quote removal;
- (Step 1) Brace expansion
- Redirections of Standard Input, Standard Output and Standard Error data streams are performed, including
- File writing,
>, and appending,>>, - Here documents,
<<, - Here strings,
<<<, which allow parameters to be used as input, and - A redirection operator,
>|, which can force overwriting of a file when a shell's "noclobber" setting is enabled;
- File writing,
- Command name lookup is performed, in the following order:
- Commands internal to the shell:
- Shell aliases,
- Shell reserved words,
- Shell functions, and
- Shell built-in commands;
- Commands external to the shell:
- Separate UNIX-style programs such as
lsorln, and - Shell scripts, which are files containing executable commands. (Shell scripts do not require compilation before execution and, when certain requirements are met, can be invoked as commands by using their filename.)
- Separate UNIX-style programs such as
- Commands internal to the shell:
- The resulting string is executed as a command.
- Comments are ignored:
Bash also offers...
- Configurable execution environment(s):<ref>{{#invoke:citation/CS1|citation
|CitationClass=web }}/</ref>
- Support for Unicode;
- With interactive invocation only,
- Unlimited size command history,
- A directory stack (see
pushdandpopdbuilt-ins), - Tab completion,
- Configurable prompts, and
- Command line editing with GNU readline;
- Lightweight logging for debugging purposes (xtrace), and other lightweight debugging options (errexit, noexec, nounset, pipefail, etc.);
- Shell compatibility modes: bash 5.1 can operate as if it were bash 4.2, etc.;
- Various Built-In Commands:
cdpwd
- Documentation:
- Informal avenues of support via:
- IRC at libera.chat #bash
- Mailing lists at Bash - GNU Project - Free Software Foundation
General DiscussionEdit
The Bash command syntax is a superset of the Bourne shell command syntax. Bash supports brace expansion,<ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref> command line completion (Programmable Completion),<ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref> basic debugging<ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref><ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref> and signal handling (using trap) since bash 2.05a<ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref><ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref> among other features. Bash can execute the vast majority of Bourne shell scripts without modification, with the exception of Bourne shell scripts stumbling into fringe syntax behavior interpreted differently in Bash or attempting to run a system command matching a newer Bash builtin, etc. Bash command syntax includes ideas drawn from the Korn Shell (ksh) and the C shell (csh) such as command line editing, command history (history command),<ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref> the directory stack, the $RANDOM and $PPID variables, and POSIX command substitution syntax $(...).
When a user presses the tab key within an interactive command-shell, Bash automatically uses command line completion, since beta version 2.04,<ref name="auto1">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> to match partly typed program names, filenames and variable names. The Bash command-line completion system is very flexible and customizable, and is often packaged with functions that complete arguments and filenames for specific programs and tasks.
Bash's syntax has many extensions lacking in the Bourne shell. Bash can perform integer calculations ("arithmetic evaluation") without spawning external processes. It uses the ((...)) command and the $((...)) variable syntax for this purpose. Its syntax simplifies I/O redirection. For example, it can redirect standard output (stdout) and standard error (stderr) at the same time using the &> operator. This is simpler to type than the Bourne shell equivalent 'command > file 2>&1'. Bash supports process substitution using the <(command) and >(command)syntax, which substitutes the output of (or input to) a command where a filename is normally used. (This is implemented through /proc/fd/ unnamed pipes on systems that support that, or via temporary named pipes where necessary).
When using the 'function' keyword, Bash function declarations are not compatible with Bourne/Korn/POSIX scripts (the KornShell has the same problem when using 'function'), but Bash accepts the same function declaration syntax as the Bourne and Korn shells, and is POSIX-conformant. Because of these and other differences, Bash shell scripts are rarely runnable under the Bourne or Korn shell interpreters unless deliberately written with that compatibility in mind, which is becoming less common as Linux becomes more widespread. But in POSIX mode, Bash conforms with POSIX more closely.<ref name="GNUBASHREF">Template:Citation</ref>
Bash supports here documents. Since version 2.05b Bash can redirect standard input (stdin) from a "here string" using the <<< operator.
Bash 3.0 supports in-process regular expression matching using a syntax reminiscent of Perl.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
In February 2009,<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> Bash 4.0 introduced support for associative arrays.<ref name="bashfaq061" /> Associative array indices are strings, in a manner similar to AWK or Tcl.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> They can be used to emulate multidimensional arrays. Bash 4 also switches its license to GPL-3.0-or-later.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
Control StructuresEdit
Bash supplies "conditional execution" command separators that make execution of a command contingent on the exit code set by a precedent command. For example:
<syntaxhighlight lang="bash"> cd "$SOMEWHERE" && ./do_something || echo "An error occurred" >&2 </syntaxhighlight>
Where <syntaxhighlight lang="text" class="" style="" inline="1">./do_something</syntaxhighlight> is only executed if the <syntaxhighlight lang="text" class="" style="" inline="1">cd</syntaxhighlight> (change directory) command was "successful" (returned an exit status of zero) and the <syntaxhighlight lang="text" class="" style="" inline="1">echo</syntaxhighlight> command would only be executed if either the <syntaxhighlight lang="text" class="" style="" inline="1">cd</syntaxhighlight> or the <syntaxhighlight lang="text" class="" style="" inline="1">./do_something</syntaxhighlight> command return an "error" (non-zero exit status).
For all commands the exit status is stored in the special variable $?. Bash also supports <syntaxhighlight lang="bash" class="" style="" inline="1">if ...;then ...;else ...;fi</syntaxhighlight> and <syntaxhighlight lang="bash" class="" style="" inline="1">case $VARIABLE in $pattern)...;;$other_pattern)...;; esac</syntaxhighlight> forms of conditional command evaluation.
Process Management (a.k.a., "Job control")Edit
The Bash shell has two modes of execution for commands: batch (asynchronous), and concurrent (synchronous).
To execute commands in batch mode (i.e., in sequence) they must be separated by the character ";", or on separate lines:
<syntaxhighlight lang="bash"> command1; command2 command3 </syntaxhighlight>
In this example, when command1 is finished, command2 is executed, and when command2 has completed, command3 will execute.
A background execution of command1 can occur using (symbol &) at the end of an execution command, and process will be executed in background while immediately returning control to the shell and allowing continued execution of commands. <syntaxhighlight lang="bash">command1 &</syntaxhighlight>
Or to have a concurrent execution of command1 and command2, they must be executed in the Bash shell in the following way:
<syntaxhighlight lang="bash"> command1 & command2 </syntaxhighlight>
In this case command1 is executed in the background & symbol, returning immediately control to the shell that executes command2 in the foreground.
A process can be stopped and control returned to bash by typing Template:Key press while the process is running in the foreground.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
A list of all processes, both in the background and stopped, can be achieved by running jobs:
<syntaxhighlight lang="console">
$ jobs
[1]- Running command1 &
[2]+ Stopped command2
</syntaxhighlight>
In the output, the number in brackets refers to the job id. The plus sign signifies the default process for bg and fg. The text "Running" and "Stopped" refer to the process state. The last string is the command that started the process.
The state of a process can be changed using various commands. The fg command brings a process to the foreground, while bg sets a stopped process running in the background. bg and fg can take a job id as their first argument, to specify the process to act on. Without one, they use the default process, identified by a plus sign in the output of jobs. The kill command can be used to end a process prematurely, by sending it a signal. The job id must be specified after a percent sign:
<syntaxhighlight lang="bash"> kill %1 </syntaxhighlight>
Portability with POSIXEdit
Invoking Bash with the --posix option or stating set -o posix in a script causes Bash to conform very closely with the POSIX 1003.2 standard.<ref name="tldp">{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref> Bash shell scripts intended for portability should take into account at least the POSIX shell standard. Some bash features not found in POSIX are:<ref name="tldp" /><ref name="deb">{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref>
- Certain extended invocation options
- Brace expansion
- Arrays and associative arrays
- The double bracket <syntaxhighlight lang="text" class="" style="" inline="1"> ... </syntaxhighlight> extended test construct and its regex matching
- The double-parentheses arithmetic-evaluation construct (only <syntaxhighlight lang="text" class="" style="" inline="1">(( ... ))</syntaxhighlight>; <syntaxhighlight lang="text" class="" style="" inline="1">$(( ... ))</syntaxhighlight> is POSIX)
- Certain string-manipulation operations in parameter expansion
- <syntaxhighlight lang="text" class="" style="" inline="1">local</syntaxhighlight> for scoped variables
- Process substitution
- Bash-specific builtins
- Coprocesses
- $EPOCHSECONDS and $EPOCHREALTIME variables<ref>{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref> Template:Div col end
If a piece of code uses such a feature, it is called a "bashism" – a problem for portable use. Debian's <syntaxhighlight lang="text" class="" style="" inline="1">checkbashisms</syntaxhighlight> and Vidar Holen's <syntaxhighlight lang="text" class="" style="" inline="1">shellcheck</syntaxhighlight> can be used to make sure that a script does not contain these parts.<ref name="checkbashisms, ManKier man page">Template:Man</ref><ref name="shellcheck, ManKier man page">Template:Man</ref> The list varies depending on the actual target shell: Debian's policy allows some extensions in their scripts (as they are in the dash shell),<ref name=deb/> while a script intending to support pre-POSIX Bourne shells, like autoconf's <syntaxhighlight lang="text" class="" style="" inline="1">configure</syntaxhighlight>, are even more limited in the features they can use.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
Brace ExpansionEdit
Brace expansion, also called alternation, is a feature copied from the C shell. It generates a set of alternative combinations. Generated results need not exist as files. The results of each expanded string are not sorted and left to right order is preserved:
<syntaxhighlight lang="console"> $ echo a{p,c,d,b}e ape ace ade abe $ echo {a,b,c}{d,e,f} ad ae af bd be bf cd ce cf </syntaxhighlight> Users should not use brace expansions in portable shell scripts, because the Bourne shell does not produce the same output.
<syntaxhighlight lang="console"> $ # bash shell $/bin/bash -c 'echo a{p,c,d,b}e' ape ace ade abe $ # A traditional shell does not produce the same output $ /bin/sh -c 'echo a{p,c,d,b}e' a{p,c,d,b}e </syntaxhighlight>
When brace expansion is combined with wildcards, the braces are expanded first, and then the resulting wildcards are substituted normally. Hence, a listing of JPEG and PNG images in the current directory could be obtained using:
<syntaxhighlight lang="bash"> ls *.{jpg,jpeg,png} # expands to *.jpg *.jpeg *.png – after which,
# the wildcards are processed
echo *.{png,jp{e,}g} # echo just shows the expansions –
# and braces in braces are possible.
</syntaxhighlight>
In addition to alternation, brace expansion can be used for sequential ranges between two integers or characters separated by double dots. Newer versions of Bash allow a third integer to specify the increment.
<syntaxhighlight lang="console"> $ echo {1..10} 1 2 3 4 5 6 7 8 9 10 $ echo {01..10} 01 02 03 04 05 06 07 08 09 10 $ echo file{1..4}.txt file1.txt file2.txt file3.txt file4.txt $ echo {a..e} a b c d e $ echo {1..10..3} 1 4 7 10 $ echo {a..j..3} a d g j </syntaxhighlight>
When brace expansion is combined with variable expansion (A.K.A. parameter expansion and parameter substitution) the variable expansion is performed after the brace expansion, which in some cases may necessitate the use of the eval built-in, thus:
<syntaxhighlight lang="console"> $ start=1; end=10 $ echo {$start..$end} # fails to expand due to the evaluation order {1..10} $ eval echo {$start..$end} # variable expansion occurs then resulting string is evaluated 1 2 3 4 5 6 7 8 9 10 </syntaxhighlight>
Configurable execution environment(s)Edit
Shell and Session Startup Files (a.k.a., "Dot Files")Edit
When Bash starts, it executes the commands in a variety of dot files.<ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref> Unlike Bash shell scripts, dot files do typically have neither the execute permission enabled nor an interpreter directive like #!/bin/bash.
Legacy-compatible Bash startup exampleEdit
The example ~/.bash_profile below is compatible with the Bourne shell and gives semantics similar to csh for the ~/.bashrc and ~/.bash_login. The [ -r filename ] && cmd is a short-circuit evaluation that tests if filename exists and is readable, skipping the part after the && if it is not.
<syntaxhighlight lang="bash"> [ -r ~/.profile ] &&. ~/.profile # set up environment, once, Bourne-sh syntax only if [ -n "$PS1" ]; then # are we interactive?
[ -r ~/.bashrc ] &&. ~/.bashrc # tty/prompt/function setup for interactive shells [ -r ~/.bash_login ] &&. ~/.bash_login # any at-login tasks for login shell only
fi # End of "if" block </syntaxhighlight>
Operating system issues in Bash startupEdit
Some versions of Unix and Linux contain Bash system startup scripts, generally under the /etc directory. Bash executes these files as part of its standard initialization, but other startup files can read them in a different order than the documented Bash startup sequence. The default content of the root user's files may also have issues, as well as the skeleton files the system provides to new user accounts upon setup. The startup scripts that launch the X window system may also do surprising things with the user's Bash startup scripts in an attempt to set up user-environment variables before launching the window manager. These issues can often be addressed using a ~/.xsession or ~/.xprofile file to read the ~/.profile — which provides the environment variables that Bash shell windows spawned from the window manager need, such as xterm or Gnome Terminal.
Settings and Shell OptionsEdit
The set Built-inEdit
- Xtrace: [
set -x|set -o xtrace]
The shell's primary means of debugging. Both xtrace and verbose can be turned off at the same time with the command set -.
- Verbose: [
set -v|set -o verbose]
Prints a command to the terminal as Bash reads it. Bash reads constructs all at once, such as compound commands which include if-fi and case-esac blocks. If a set -v is included within a compound command, then "verbose" will be enabled the next time Bash reads code as input, i.e., after the end of the currently executing construct.<ref>Template:Cite mailing list</ref> Both xtrace and verbose can be turned off at the same time with the command set -.
The shopt Built-inEdit
- expand-aliases
On by default in interactive shells. Some developers discourage its use in scripts.
Programmable CompletionEdit
Bash supports programmable completion via built-in complete, <syntaxhighlight lang="text" class="" style="" inline="1">compopt</syntaxhighlight>, and compgen commands.<ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref> The feature has been available since the beta version of 2.04 released in 2000.<ref name="auto1"/><ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref> These commands enable complex and intelligent completion specification for commands (i.e. installed programs), functions, variables, and filenames.<ref name=":1">{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref>
The complete and <syntaxhighlight lang="text" class="" style="" inline="1">compopt</syntaxhighlight> two commands specify how arguments of some available commands or options are going to be listed in the readline input. As of version 5.1 completion of the command or the option is usually activated by the Template:Key keystroke after typing its name.<ref name=":1" />
Keyboard shortcuts with ReadlineEdit
{{#invoke:Labelled list hatnote|labelledList|Main article|Main articles|Main page|Main pages}}
Bash uses GNU Readline to provide keyboard shortcuts for command line editing using the default (Emacs) key bindings. Vi-bindings can be enabled by running set -o vi.<ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref>
DocumentationEdit
As the standard upon which bash is based, the POSIX Standard, or IEEE Std 1003.1,<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> et seq, is especially informative.
The Linux "man page"<ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref><ref>{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref> is intended to be the authoritative explanatory technical document for the understanding of how bash operates. It is usually available by running man bash.
The GNU manual is sometimes considered more user-friendly for reading. "You may also find information about Bash by running info bash ... or by looking at /usr/share/doc/bash/, /usr/local/share/doc/bash/, or similar directories on your system. A brief summary is available by running bash --help.<ref name="auto">{{#invoke:citation/CS1|citation
|CitationClass=web
}}</ref>
" If a user invoke RUNCOM without any arguments it prints some instructions on how to use it and stops, returning the user to the supervisor's (system's) command line.(RUNCOM)"
On modern Linuxes, information on shell built-in commands can be found by executing help, help [built-in name] or man builtins at a terminal prompt where bash is installed. Some commands, such as echo, false, kill, printf, test or true, depending on your system and on your locally installed version of bash, can refer to either a shell built-in or a system binary executable file. When one of these command name collisions occurs, bash will by default execute a given command line using the shell built-in. Specifying a binary executable's absolute path (i.e., /bin/printf) is one way of ensuring that the shell uses a system binary. This name collision issue also effects any "help summaries" viewed with kill --help and /bin/kill --help. Shell built-ins and system binary executable files of the same name often have differing options.
"The project maintainer also has a Bash page which includes Frequently Asked Questions",<ref>Template:Multiref</ref><ref name="auto" /> this FAQ is current as of bash version 5.1 and is no longer updated.
Security and VulnerabilitiesEdit
Root ScriptsEdit
Running any shell scripts as the root user has, for years, been widely criticized as poor security practice. One commonly given reason is that, when a script is executed as root, the negative effects of any bugs in a script would be magnified by root's elevated privileges.
One common example: a script contains the command, rm -rf ${dir}/, but the variable $dir is left undefined. In Linux, if the script was executed by a regular user, the shell would attempt to execute the command rm -rf / as a regular user, and the command would fail. However, if the script was executed by the root user, then the command would likely succeed and the filesystem would be erased.
It is recommended to use sudo on a per-command basis instead.
DebuggingEdit
| Feature | POSIX 2024 | Description | Bash ver. | |||
|---|---|---|---|---|---|---|
| Grammar type | Formal name | Syntax | ||||
| Parameter Expansions | Indicate Null or Unset | <syntaxhighlight lang="bash" class="" style="" inline="1">"${parameter:?[word]}"</syntaxhighlight> | Template:Yes | "Where the expansion of [word], perhaps an error message or a line number, is written to STDERR and the shell exits with a non-zero exit code." | Template:Dunno | |
| Special Parameters | Exit Status | <syntaxhighlight lang="bash" class="" style="" inline="1">"$?"</syntaxhighlight> | Template:Yes | "Expands to the shortest representation of the decimal exit status." | Template:Dunno | |
| Special Parameters | PID of Invoked Shell | <syntaxhighlight lang="bash" class="" style="" inline="1">"$$"</syntaxhighlight> | Template:Yes | "Expands to the shortest representation of the decimal process ID of the invoked shell." | Template:Dunno | |
| Special Built-In Utility | set :: xtrace | <syntaxhighlight lang="bash" class="" style="" inline="1">set -x</syntaxhighlight> | Template:Yes | The shell's primary means of debugging. It "writes to standard error a trace for each command after it expands the command and before it executes it." | Template:Dunno | |
| Special Built-In Utility | set :: verbose | <syntaxhighlight lang="bash" class="" style="" inline="1">set -v</syntaxhighlight> | Template:Yes | "Writes its input to standard error as it is read." | Template:Dunno | |
| Special Built-In Utility | set :: pipefail | <syntaxhighlight lang="bash" class="" style="" inline="1">set -o pipefail</syntaxhighlight> | Template:Yes | "Derive the exit status of a pipeline from the exit statuses of all of the commands in the pipeline, not just the last (rightmost) command." | Template:Dunno | |
| Special Built-In Utility | set :: nounset | <syntaxhighlight lang="bash" class="" style="" inline="1">set -u</syntaxhighlight> | Template:Yes | When enabled, will cause the shell to exit with an error message when it encounters an unset variable expansion. Its use has a number of counter-intuitive pitfalls. | Template:Dunno | |
| Special Built-In Utility | set :: errexit | <syntaxhighlight lang="bash" class="" style="" inline="1">set -e</syntaxhighlight> | Template:Yes | ErrExit, is a setting that, when enabled, will, under certain very specific conditions, cause the shell to exit without an error message whenever the shell receives a non-zero exit code. Its use is somewhat controversial, to the extent that any somewhat obscure computer program can be considered controversial. Adherents claim that ErrExit provides an assurance of verifiability in situations where shell scripts "must not fail." However, opponents claim that its use is unreliable, deceptively simple, highly counter-intuitive, rife with gotchas and pitfalls, and in essence "security theater." Numerous developers of Bash have strongly discouraged the use of this particular setting. | Template:Dunno | |
| Special Built-In Utility | trap :: EXIT | <syntaxhighlight lang="bash" class="" style="" inline="1">trap '[arg]' EXIT</syntaxhighlight> | Template:Yes | "If a [sigspec] (signal specifier) is 0 or EXIT, [arg] is executed when the shell exits." If [arg] contains expansions, then [arg] should be in single quotes. | Template:Dunno | |
| Utility | printf | <syntaxhighlight lang="bash" class="" style="" inline="1">printf '<%s>\n' "${var}"</syntaxhighlight> | Template:Yes | A means of reliably printing the contents of a variable. | Template:Dunno | |
| Bash Variables | BASHPID | <syntaxhighlight lang="bash" class="" style="" inline="1">"${BASHPID}"</syntaxhighlight> | Template:No | "Expands to the process ID of the current bash process."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Bash Variables | BASH_ARGC | <syntaxhighlight lang="bash" class="" style="" inline="1">"${BASH_ARGC[@]}"</syntaxhighlight> | Template:No | "An array variable whose values are the number of parameters in each frame of the current bash execution call stack."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Bash Variables | BASH_ARGV | <syntaxhighlight lang="bash" class="" style="" inline="1">"${BASH_ARGV[@]}"</syntaxhighlight> | Template:No | "An array variable containing all of the parameters in the current bash execution call stack."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Bash Variables | BASH_LINENO | <syntaxhighlight lang="bash" class="" style="" inline="1">"${BASH_LINENO[@]}"</syntaxhighlight> | Template:No | "An array variable whose members are the line numbers in source files where each corresponding member of FUNCNAME was invoked."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Bash Variables | BASH_REMATCH | <syntaxhighlight lang="bash" class="" style="" inline="1">"${BASH_REMATCH[@]}"</syntaxhighlight> | Template:No | "An array variable whose members are assigned by the =~ binary operator to the [[ conditional command."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Bash Variables | BASH_SOURCE | <syntaxhighlight lang="bash" class="" style="" inline="1">"${BASH_SOURCE}"</syntaxhighlight> | Template:No | "An array variable whose members are the source filenames where the corresponding shell function names in the FUNCNAME array variable are defined."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Bash Variables | BASH_XTRACEFD | <syntaxhighlight lang="bash" class="" style="" inline="1">"${BASH_XTRACEFD}"</syntaxhighlight> | Template:No | "If set to an integer corresponding to a valid file descriptor, Bash will write the trace output generated when ‘set -x’ is enabled to that file descriptor."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Bash Variables | EPOCHREALTIME | <syntaxhighlight lang="bash" class="" style="" inline="1">"${EPOCHREALTIME}"</syntaxhighlight> | Template:No | "Each time this parameter is referenced, it expands to the number of seconds since the Unix Epoch (see time(3)) as a floating point value with micro-second granularity."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Bash Variables | FUNCNAME | <syntaxhighlight lang="bash" class="" style="" inline="1">"${FUNCNAME[@]}"</syntaxhighlight> | Template:No | "An array variable containing the names of all shell functions currently in the execution call stack."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Bash Variables | LINENO | <syntaxhighlight lang="bash" class="" style="" inline="1">"${LINENO}"</syntaxhighlight> | Template:No | "Each time this parameter is referenced, the shell substitutes a decimal number representing the current sequential line number (starting with 1) within a script or function."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Bash Variables | PIPESTATUS | <syntaxhighlight lang="bash" class="" style="" inline="1">"${PIPESTATUS[@]}"</syntaxhighlight> | Template:No | "An array variable containing a list of exit status values from the processes in the most-recently-executed foreground pipeline (which may contain only a single command)."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Bash Variables | PPID | <syntaxhighlight lang="bash" class="" style="" inline="1">"${PPID}"</syntaxhighlight> | Template:No | "The process ID of the shell's parent."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Bash Variables | PS4 | <syntaxhighlight lang="bash" class="" style="" inline="1">"${PS4}"</syntaxhighlight> | Template:No | "The value of this parameter is expanded as with PS1 and the value is printed before each command bash displays during an execution trace."<ref>{{#invoke:citation/CS1|citation | CitationClass=web
}}</ref> |
Template:Dunno |
| Shell Builtin | set :: restricted | <syntaxhighlight lang="bash" class="" style="" inline="1">set -r</syntaxhighlight> | Template:No | Restricted mode is intended to improve the security of an individual shell instance from a malicious human with physical access to a machine. As threat models have changed, it has become less commonly used now than it once was. | Template:Dunno | |
| Shell Builtin | shopt :: extdebug | <syntaxhighlight lang="bash" class="" style="" inline="1">shopt -s extdebug</syntaxhighlight> | Template:No | "Behavior intended for use by debuggers." | Template:Dunno | |
| Shell Builtin | trap :: DEBUG | <syntaxhighlight lang="bash" class="" style="" inline="1">trap '[arg]' DEBUG</syntaxhighlight> | Template:No | "If a sigspec is DEBUG, the command arg is executed before" certain kinds of commands. | Template:Dunno | |
| Shell Builtin | trap :: ERR | <syntaxhighlight lang="bash" class="" style="" inline="1">trap '[arg]' ERR</syntaxhighlight> | Template:No | "If a sigspec is ERR, the command arg is executed whenever..." certain kinds of commands "return a non-zero exit status", subject to similar restrictions as with ErrExit. | Template:Dunno | |
| Shell Builtin | trap :: RETURN | <syntaxhighlight lang="bash" class="" style="" inline="1">trap '[arg]' RETURN</syntaxhighlight> | Template:No | "If a sigspec is RETURN, the command arg is executed each time a shell function or a script executed with the. or source builtins finishes executing." | Template:Dunno | |
- Shell features specified by POSIX:
- Parameter Expansions:<ref>Template:Multiref</ref>
- Special Parameters:<ref name="GNU Bash Manual, 3.4.2 Special Parameters">{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref><ref name="POSIX 2024, 2.5.2 Special Parameters">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
- Special Built-In Utility <syntaxhighlight lang="bash" class="" style="" inline="1">set</syntaxhighlight>:<ref name="the_set">Template:Multiref</ref><ref name="bash(1), SHELL BUILTIN COMMANDS">{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref>
- Special Built-In Utility <syntaxhighlight lang="bash" class="" style="" inline="1">trap [-lp] [arg] [sigspec …]</syntaxhighlight>:<ref name="GNU Bash Manual, 4.1 Bourne Shell Builtins: trap">{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref><ref name="bash(1), SHELL BUILTIN COMMANDS" />
- Utility <syntaxhighlight lang="bash" class="" style="" inline="1">printf</syntaxhighlight>: a means of reliably printing the contents of a variable:
- Bash features not specified by POSIX:
- Bash Variables:<ref name="GNU Bash Manual, 5.2 Bash Variables">{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref><ref name="bash(1): Shell Variables">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
- Shell Builtin <syntaxhighlight lang="bash" class="" style="" inline="1">set</syntaxhighlight>:<ref name="the_set" /><ref name="bash(1), SHELL BUILTIN COMMANDS" />
- Shell Builtin <syntaxhighlight lang="bash" class="" style="" inline="1">shopt</syntaxhighlight>:<ref name="GNU Bash Manual, 4.3.2 The Shopt Builtin">{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref><ref name="bash(1), SHELL BUILTIN COMMANDS" />
- Shell Builtin <syntaxhighlight lang="bash" class="" style="" inline="1">trap [-lp] [arg] [sigspec …]</syntaxhighlight>:<ref name="GNU Bash Manual, 4.1 Bourne Shell Builtins: trap" /><ref name="bash(1), SHELL BUILTIN COMMANDS" /> While POSIX does specify certain uses of the <syntaxhighlight lang="bash" class="" style="" inline="1">trap</syntaxhighlight> builtin, the following signal specs are Bash extensions.
- Third party debugging utilities:
- ShellCheck: Shell script analysis tool;<ref name="ShellCheck">Template:Multiref2</ref><ref name="shellcheck, ManKier man page" />
- devscripts-checkbashisms: Check whether a /bin/sh script contains any common bash-specific constructs;<ref name="Package: devscripts: scripts to make the life of a Debian Package maintainer easier">{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref><ref name="checkbashisms, ManKier man page" />
- kcov: Code coverage tool without special compilation options;<ref name="Kcov - code coverage">Kcov - code coverage</ref>
- Bashdb: The Bash symbolic debugger.<ref name="Debugging with the BASH debugger">{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref><ref name="Documentation of Project Homepage">Template:Cite mailing list</ref>
ExamplesEdit
With the <syntaxhighlight lang="bash" class="" style="" inline="1">:?</syntaxhighlight> parameter expansion, an unset or null variable can halt a script.
- ex.sh
- <syntaxhighlight lang="bash">
- !/bin/bash
bar="foo is not defined" echo "${foo:?$bar}" echo this message doesn't print </syntaxhighlight>
- <syntaxhighlight lang="console">
$ ./ex.sh ./ex.sh: line 3: foo: foo is not defined </syntaxhighlight>
Reliably printing the contents of an array that contains spaces and newlines first in a portable syntax, and then the same thing in Bash. Note that in Bash, the number of spaces before the newline is made clear.
- <syntaxhighlight lang="console">
$ # In POSIX shell: $ array=( "a" "b" " > c " ) $ printf ',%s,\n' "${array[@]}" ,a, , b, ,
c,
</syntaxhighlight>
- <syntaxhighlight lang="bash">
- In Bash:
declare -p array declare -a array=([0]="a" [1]=" b" [2]=$' \n c ') </syntaxhighlight>
Printing an error message when there's a problem.
- error.sh
- <syntaxhighlight lang="bash">
if ! lsblk | grep sdb then
echo Error, line $LINENO
fi </syntaxhighlight>
- <syntaxhighlight lang="console">
$ ./error.sh Error, line 130 </syntaxhighlight>
Using xtrace. If errexit had been enabled, then <syntaxhighlight lang="bash" class="" style="" inline="1">echo quux</syntaxhighlight> would not have been executed.
- test.sh
- <syntaxhighlight lang="bash">
- !/bin/bash
set -x foo=bar; echo $foo false echo quux </syntaxhighlight>
- <syntaxhighlight lang="console">
$ ./test.sh + foo=bar + echo bar bar + false + echo quux quux </syntaxhighlight>
Deprecated syntaxEdit
- Back-tick style command substitutions:
`...`is deprecated in favor of$(...); - Use of -a or -o in
test/[/[[commands,- for example,
[ -r ./file -a ! -l ./file ]is deprecated in favor of[ -r ./file ] && ! [ -l ./file ];
- for example,
- Use of the arithmetic syntax
$[...]is deprecated in favor of$((...))or((...)), as appropriate; - Use of
^as a pipeline is deprecated in favor of|; - Any uses of
exprorlet.
ShellshockEdit
In September 2014, a security bug was discovered<ref>Template:Cite news</ref> in the program. It was dubbed "Shellshock." Public disclosure quickly led to a range of attacks across the Internet.<ref name="TR-20140924">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><ref name="NYT-20140925-NP">Template:Cite news</ref><ref name="ZDN-20140929">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
Exploitation of the vulnerability could enable arbitrary code execution in CGI scripts executable by certain versions of Bash. The bug involved how Bash passed function definitions to subshells through environment variables.<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> The bug had been present in the source code since August 1989 (version 1.03)<ref name="Seclists-20141004">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> and was patched in September 2014 (version 4.3).
Patches to fix the bugs were made available soon after the bugs were identified. Upgrading to a current version is strongly advised.
It was assigned the Common Vulnerability identifiers Template:CVE, among others. Under CVSS Metrics 2.x and 3.x, the bug is regarded as "high" and "critical", respectively.
Bug reportingEdit
An external command called bashbug reports Bash shell bugs. When the command is invoked, it brings up the user's default editor with a form to fill in. The form is mailed to the Bash maintainers (or optionally to other email addresses).<ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref><ref>{{#invoke:citation/CS1|citation |CitationClass=web }}</ref>
See alsoEdit
- Comparison of command shells
- Template:Section link, exec_com: the first command processor.<ref name="Multics History, info segment on exec_com" />
Unix ShellsEdit
- Almquist shell (ash)
- Bourne shell (sh)
- BusyBox
- C shell (csh)
- Debian-Almquist Shell (dash)
- Fish shell: Friendly Interactive Shell
- Google Shell (goosh) – a UNIX-like front-end for Google Search.
- Korn shell (ksh), of which there are numerous variations.
- nsh – "A command-line shell like fish, but POSIX compatible"; available on Arch.<ref name="Arch Linux, Command-line shell">{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref>
- osh – "Oil Shell is a Bash-compatible UNIX command-line shell"; available on Arch.
- Mashey or Programmer's Workbench shell
- Qshell for IBM i
- rc from Plan 9
- RUNCOM
- rush – Restricted User Shell, available on Debian.<ref name="Debian Wiki: Shell">{{#invoke:citation/CS1|citation
|CitationClass=web }}</ref>
- Stand-alone shell (sash)
- scsh – The Scheme Shell.
- TENEX C shell (tcsh)
- Thompson shell (tsh)
- Toybox
- yash – Yet Another Shell, aims "to be the most POSIX-compliant shell in the world"; available on Arch.
- Z shell (zsh)
Further readingEdit
- {{#invoke:citation/CS1|citation
|CitationClass=web }}
- Template:Cite book
- {{#invoke:citation/CS1|citation
|CitationClass=web }}
- {{#invoke:citation/CS1|citation
|CitationClass=web }}
- {{#invoke:citation/CS1|citation
|CitationClass=web }}
- {{#invoke:citation/CS1|citation
|CitationClass=web }}
- {{#invoke:citation/CS1|citation
|CitationClass=web }}
- {{#invoke:citation/CS1|citation
|CitationClass=web }}
ReferencesEdit
Template:GNU Template:Unix shells Template:Programming languages Template:Authority control