Advanced Bash: automate routine work safely
Shell scripts glue together binaries, APIs, and files. This lesson covers strict mode, pipes, loops, `find` + `xargs`, cron, and when to stop writing Bash and switch to Python or Ansible.
How to read this lesson: Code explorer explains the first lines you should put in every script. Pipeline is the Unix text-processing pattern (filter → transform → aggregate). Tabbed code contrasts safe file iteration with cron’s minimal environment. Grid cards separate Bash sweet spot from cases where a real language wins.
Start every script with guardrails
Without `set -euo pipefail`, a failed command inside an `if` test or a pipeline can silently continue—scripts appear to work while half the steps did nothing. pipefail is critical: otherwise only the last command’s exit status counts.
Each line sets a contract: shebang → strict mode → optional IFS. Click explanations to see why silent failures are the default in shell.
bash
1
#!/usr/bin/env bash
▼
2
set -euo pipefail
▼
3
IFS=$'\n\t'
▼
4
# ... your commands ...
▼
Data flows through pipes
A pipeline connects stdout of one program to stdin of the next. That is the Unix philosophy: small tools, composable. Use `| tee log.txt` when you need both a file and the next stage.
Pipeline widget: left to right is data flow. grep narrows lines; awk/cut projects columns; sort | uniq -c is the classic frequency count pattern. Redirect at the end captures the final stream—remember `2>&1` to merge stderr for logs.
Mental model: bytes flow left→right; each step must read stdin and write stdout for the chain to work. Broken pipe (SIGPIPE) happens if downstream closes early.
📄
Source
cat, tail -f, journalctl
→
🔍
grep -E
line filter / regex
→
✂️
awk / cut
fields & transforms
→
📊
sort | uniq
dedupe, counts
→
📁
>
file or next pipe
find + xargs: act on many files
Print paths under /var/log
bash
find /var/log -type f -name '*.log' -print0 | \
xargs -0 -I{} ls -lh {}Parallelism (use with care)
bash
find . -type f -name '*.txt' -print0 | \
xargs -0 -P 4 gzipWhen Bash is enough—and when it is not
Bash excels at orchestrating programs that already exist. When you start parsing nested JSON with regex, reach for `jq`, Python, or a task runner—readability and error handling win.
Left card = glue scripts; right card = programs with state and APIs. If you need unit tests for logic, not integration tests for CLIs, leave Bash.
✅
Good fit for Bash
⚠️
Consider Python/Go/Ansible
Habits that prevent 3 a.m. pages
Quote variables: "$file" not $file—always. After pipelines, check `${PIPESTATUS[@]}` if you disabled pipefail for one line. Use echo >&2 or a logging helper for messages so stdout stays clean for pipes. Extract functions with `local` variables inside.
Run shellcheck (IDE plugin or CI)—it flags unquoted vars, missing shebang, unreachable code.
Never curl | bash a remote installer without checksum or vendor trust—supply-chain risk.
For long loops over find, use -print0 and read -d '' to handle weird filenames.
⚠️Running scripts as root multiplies mistakes: use least privilege, test in a VM or container first.