Shell scripts run critical automation and fail silently when written carelessly. These questions check whether a candidate writes robust, safe scripts.
Hiring a Bash / Shell developer is easy. Telling a real one from a convincing résumé is the hard part — and it’s most of what we do. These are grouped by level, because the same question that stretches a junior is a warm-up for a senior.
Junior Bash / Shell interview questions
0–2 years
Fundamentals.
What is the shebang line?
The #!/bin/bash (or /usr/bin/env bash) at the top telling the system which interpreter to run.
Omits it and the script runs under the wrong shell.
How do variables work in shell?
Assigned with no spaces (x=1) and referenced with $x; everything is a string by default.
Adds spaces around = and it breaks.
Why must you quote variables?
Unquoted variables undergo word-splitting and globbing, breaking on spaces or special characters; quote with "$var".
Uses unquoted variables and scripts break on spaces in paths.
What are exit codes?
A command’s numeric status: 0 for success, non-zero for failure, checkable via $? and used in conditionals.
Ignores exit codes and assumes commands succeed.
What is the difference between $@ and $*?
"$@" preserves each argument as a separate quoted word; "$*" joins them into one — "$@" is almost always what you want.
Uses $* and mangles arguments with spaces.
How do you write a conditional?
if with [[ ... ]] tests, checking strings, numbers or files; understand the difference from [ ].
Mismatched test syntax causes silent bugs.
How do loops work in bash?
for over lists/globs and while reading input; quoting and IFS matter when iterating.
Iterates over unquoted command output and splits wrongly.
What is the difference between single and double quotes?
Single quotes are literal; double quotes allow variable and command expansion.
Expects variables to expand inside single quotes.
Mid-level Bash / Shell interview questions
2–5 years
Robust scripting.
What does set -euo pipefail do?
Exit on error, treat unset variables as errors, and fail a pipeline if any stage fails — a safer default for scripts.
Writes scripts that plough on after failures.
What is command substitution?
Capturing a command’s output with $(...) for use in variables or arguments.
Uses backticks and nests them badly.
How do pipes and redirection work?
Pipes feed stdout to the next command; redirection sends streams to files, with 2>&1 combining stderr and stdout.
Loses error output by redirecting only stdout.
How do you handle errors and cleanup?
Check exit codes, use trap for cleanup on exit/signals, and fail fast rather than continuing in a bad state.
No cleanup; leaves temp files and partial state.
What is the difference between [[ ]] and [ ]?
[[ ]] is a bash builtin with safer parsing and pattern matching; [ ] is the older POSIX test with more pitfalls.
Uses [ ] and hits word-splitting bugs.
How do you read input safely in a loop?
while IFS= read -r line to avoid trimming whitespace and mangling backslashes.
Uses for line in $(cat file) and splits on spaces.
What is the difference between sourcing and executing a script?
Executing runs it in a subshell; sourcing (. script) runs it in the current shell, affecting its environment.
Expects a sub-script to change the parent’s variables.
How do you make scripts portable?
Target a specific shell, avoid bashisms if POSIX sh is needed, and don’t assume GNU-specific tool options.
Assumes bash and GNU tools everywhere.
Senior Bash / Shell interview questions
5+ years
Reliability and maintainability.
When should you stop using bash and switch languages?
When a script grows complex, needs data structures, robust error handling or testing — a real language becomes safer and clearer.
Writes thousand-line unmaintainable bash.
How do you make scripts idempotent?
Check current state before acting so re-running is safe (e.g. create-if-not-exists), important for automation.
Scripts that fail or duplicate work on a second run.
How do you lint and test shell scripts?
Static analysis with ShellCheck and testing frameworks (bats), catching quoting and logic bugs early.
Ships untested scripts and debugs in production.
How do you handle secrets in scripts?
Read from environment or a secrets manager, avoid passing them on the command line (visible in process lists), and never hardcode.
Hardcodes credentials or passes them as visible arguments.
How do you write scripts safe for automation/cron?
Absolute paths, explicit environment, robust error handling, logging, and locking to prevent overlapping runs.
Relies on interactive environment assumptions that fail in cron.
What are common security pitfalls in shell scripts?
Unquoted input, eval on untrusted data, insecure temp files, and command injection via unsanitised variables.
Uses eval on user input.
How do you structure larger shell scripts for maintainability?
Functions, clear naming, set -euo pipefail, usage/help, and separating logic from configuration.
One long flat script with no functions.
How do you debug a failing shell script?
set -x for tracing, checking exit codes at each step, and ShellCheck for latent issues.
Adds echo statements everywhere with no tracing.
Build and score a full interview with our free interview scorecard tool, browse the full question hub, or see how we interview engineers.