Skip to content
Learn Netverks

Lesson

Step 33/36 92% through track

security-bash

Shell security

Last reviewed May 28, 2026 Content v20260528
Track mode
none
Means
Read / quiz
Reading
~1 min
Level
intermediate

This lesson

This lesson teaches Shell security: the syntax, patterns, and safety habits you need before advancing in Bash.

Teams still ship Shell security in Bash codebases—skipping it leaves gaps in debugging and code reviews.

You will apply Shell security in contexts like: Server hardening, chmod/chown fixes, and safe script defaults in production.

Read each lesson, copy bash examples into your own terminal, and complete the lesson MCQs—there is no in-browser runner for security reasons.

Toward the end of the track—consolidate before interview prep and production checklist lessons.

Shell is powerful and dangerous: injection, unsafe temp files, and world-readable secrets cause incidents. Treat all external input as hostile.

Quote variables

user="$1"
# BAD: eval "rm -rf $user"
# GOOD:
rm -rf -- "${user:?missing arg}"

Never eval untrusted data. Use -- to end option parsing before paths.

Temp files safely

tmp=$(mktemp)
trap 'rm -f "$tmp"' EXIT
echo "data" > "$tmp"

mktemp avoids predictable /tmp/myapp races.

curl pipe bash

Installing via curl | bash without reviewing the script is risky—download, read, then run. Align with security practices in Tools and your organization's policy.

Important interview questions and answers

  1. Q: Why eval is dangerous?
    A: Executes arbitrary strings—attacker-controlled input becomes code.
  2. Q: mktemp benefit?
    A: Creates unique file names atomically, reducing symlink attacks.

Self-check

  1. What does rm -rf -- protect against?
  2. Why avoid curl | bash for production installs?

Pitfall: Never eval on data from users, HTTP, or git diffs without strict validation.

Interview prep

eval risk?

Executes arbitrary strings—code injection vector.

mktemp?

Creates unique temp paths safely.

Interview tip Lesson completion confidence

Can you explain this lesson in 30 seconds without reading notes?

Not saved yet.

Check yourself

Multiple choice — immediate feedback.

Discussion

Past discussion is visible to everyone. Only logged-in users can post comments and replies.

Starter discussion topics

  • curl | bash risk?
  • eval never?

Sign up or log in to post comments and sync lesson progress across devices.

No discussion yet. Be the first to ask a question.

Jump

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36