The Genie in the Shell: Mastering Bash Quoting for Your Coding Interview

Junior/Mid Engineer Asked at: FAANG, Startups, All Linux Environments

Q: You have a script with the line `rm -rf $TARGET_DIR/`. It works fine in testing. A user runs it, but their `$TARGET_DIR` is accidentally unset or empty. The script executes `rm -rf /` and starts wiping the server's root filesystem. Explain the precise shell mechanism that caused this disaster and how you would fix it using quotes.

Why this matters: This isn't a trivia question. It's a test of your fundamental understanding of how the shell—the most powerful tool on the system—actually thinks. Your answer reveals whether you write code that is merely correct, or code that is robust and safe under failure conditions.

Interview frequency: High. This concept is the source of the most legendary and catastrophic bugs in software history.

❌ The Death Trap

The candidate gives a shallow, memorized definition of the different quote types without explaining the underlying expansion and splitting mechanisms that cause the actual danger.

"Most people say: 'Single quotes treat everything as a literal string. Double quotes allow variable expansion. No quotes also allow variables. So to fix it, you should probably use double quotes.'"

This is a weak answer. It's technically true but misses the two critical concepts: word splitting and pathname expansion (globbing). It fails to explain *why* the disaster happened.

🔄 The Reframe

What they're really asking: "The shell is a powerful genie that tries to grant your wishes by interpreting your commands. Quoting is how you control its interpretation. Explain the three levels of control you have over the genie, and why losing control can be catastrophic."

This transforms the question from one about syntax to one about intent and control. It shows you think about the shell not as a simple command executor, but as a complex language interpreter where ambiguity is a weapon that can turn against you.

🧠 The Mental Model

Your command is a wish, and the shell is the genie. Quotes are the binding rules on that wish.

🧞

Wish 1: No Quotes (The Eager Genie)

cat $PWD/*.txt
You give a vague wish. The genie does *everything* for you. First, it substitutes the variable (`$PWD` becomes `/home/user`). Second, it splits the result into words based on spaces. Third, it expands any wildcards (`*` becomes `a.txt b.txt`). It grants what it *thinks* you want, which is powerful but dangerous.

🗣️

Wish 2: Double Quotes (The Listening Genie)

cat "$PWD/*.txt"
You give a more specific wish. The genie listens for variables (`$PWD` becomes `/home/user`) but refuses to perform any other magic. It prevents word splitting and wildcard expansion. The wish becomes a single, solid string: `/home/user/*.txt`. It will look for a file literally named `*.txt`.

📜

Wish 3: Single Quotes (The Literal Genie)

cat '$PWD/*.txt'
You hand the genie a scroll and command it to read it verbatim. It performs *no magic at all*. The wish is the literal, exact string `$PWD/*.txt`. It will look for a file with that precise, bizarre name.

📖 The War Story

Situation: "The catastrophic `rm -rf $TARGET_DIR/*` bug is the perfect 'war story.' The command relies on the 'Eager Genie' interpretation."

Challenge: "When `$TARGET_DIR` is empty, the command `rm -rf $TARGET_DIR/*` is first interpreted by the genie. The variable substitution step results in `rm -rf /*`. The genie then sees the wildcard and eagerly expands `/*` to match every file and directory in the root of the filesystem."

Stakes: "The result is the shell executing `rm -rf /bin /etc /home /usr...`. This is the digital equivalent of a nuclear bomb. It happens because the engineer gave the genie an ambiguous wish, and the genie's helpful interpretation was destructive."

✅ The Answer

My Thinking Process:

"My first principle when writing shell scripts is to never leave room for interpretation, especially with commands that can cause destruction like `rm`. I must constrain the genie. The failure here is twofold: an unhandled empty variable and a lack of quotes."

The Multi-Layered Fix:

1. The Script's Foundation (Set Unofficial Strict Mode): "First, every robust script should begin with `set -euo pipefail`. The `-u` part is critical here: it treats unset variables as an error and would have caused the script to exit immediately when `$TARGET_DIR` was empty, preventing the disaster entirely."

2. The Quoting Fix (Constraining the Genie): "The correct line is `rm -rf "$TARGET_DIR"/*`. This seems subtle, but it's a world of difference. We are using the 'Listening Genie.' We tell the shell to expand `$TARGET_DIR` inside the quotes, but nothing else. If `$TARGET_DIR` is `/my/path with spaces`, it's correctly treated as one unit. The `/*` glob is *outside* the quotes, so it is expanded *after* the quoted variable is safely resolved. If `$TARGET_DIR` is empty, the command becomes `rm -rf ""/*` which is still `rm -rf /*`. This is why the `set -u` is the primary safety net."

3. The Ultimate Fix (Defensive Programming): "The truly robust solution combines both with a check: #!/bin/bash set -euo pipefail TARGET_DIR="${1:-}" # Default to empty if not provided if [[ -z "$TARGET_DIR" ]]; then echo "Error: Target directory not specified." >&2 exit 1 fi echo "Deleting contents of '$TARGET_DIR'" rm -rf "$TARGET_DIR"/*"

What This Demonstrates:

"This approach shows a layered defense. We use the shell's built-in safety features (`set -u`), explicit checks for critical variables, and correct quoting to ensure our intent is always translated precisely into action, leaving no room for the 'genie' to make a fatal interpretation."

🎯 The Memorable Hook

"Unquoted variables are a negotiation with the shell. Double quotes are a command. Single quotes are a transcript. A senior engineer knows when to negotiate, when to command, and when to demand a literal transcript."

This frame elevates the technical detail into a philosophy of communication with the system. It shows you understand that different contexts require different levels of precision and control.

💭 Inevitable Follow-ups

Q: "When would you ever actually want `cat $PWD/*.txt` (no quotes)?"

Be ready: "This is the common interactive use case. You're in your shell, you know the path has no spaces, and you *want* the shell to do the work of finding all the `.txt` files and listing them as separate arguments to `cat`. It's a powerful shortcut, but it belongs on the command line, not in a robust script that might run in an unknown context."

Q: "Give me a practical example where single quotes are the only correct choice."

Be ready: "When you're passing code to another program. For example, `ssh user@host 'awk "{print \$1}" /etc/passwd'`. You need single quotes to prevent your *local* shell from interpreting the `$` and `{}`. You're telling your local genie, 'Do not touch this; deliver this message to the remote host exactly as I've written it.'"