How to Execute a Shell Script in a Clean Environment Without Inheriting Parent Variables


2 views

When executing shell scripts in Unix/Linux systems, child processes automatically inherit all environment variables from their parent process. This behavior can cause issues when:

  • Scripts require a clean environment for reproducibility
  • Conflicting variables exist in the parent environment
  • Security-sensitive operations need isolation

Here are several effective methods to execute shell scripts without environment variable inheritance:

Method 1: Using env -i

The most straightforward solution is using the env command with the -i flag:

env -i /path/to/your/script.sh

This completely clears the environment before execution. You can optionally pass specific variables:

env -i PATH=/usr/bin:/bin LANG=en_US.UTF-8 /path/to/script.sh

Method 2: Subshell with Unset

For more control within the script itself:

#!/bin/bash
(
    # Clear all environment variables
    unset $(compgen -v)
    
    # Set only what you need
    export PATH=/usr/bin:/bin
    
    # Your script commands here
    echo "Running in clean environment"
)

Method 3: Using Docker Containers

For complete isolation, consider containerization:

docker run --rm -v $(pwd):/script alpine sh -c "cd /script && ./your_script.sh"

When working with clean environments:

  • Essential variables like PATH, HOME, and LANG often need explicit setting
  • Debugging becomes more challenging without environment context
  • Security-sensitive applications benefit most from this approach

Here's a complete example for testing configuration files:

#!/bin/bash
# test_config.sh

# Run in clean environment
env -i PATH=/usr/bin:/bin bash <<'EOF'
# Configuration test begins
source /etc/environment
echo "Testing with clean environment:"
env | sort
EOF

This approach ensures your configuration tests aren't affected by your development environment variables.

When executing shell scripts, child processes typically inherit all environment variables from the parent shell. This behavior is fundamental to Unix-like systems but can sometimes cause issues when you need a clean execution environment.

The most straightforward method is using env -i which clears the environment before execution:

env -i /path/to/script.sh

This command starts with an empty environment. You can selectively add variables:

env -i PATH=/usr/bin:/bin /path/to/script.sh

Another approach involves creating an isolated subshell:

(unset $(compgen -v); /path/to/script.sh)

This unsets all variables in the subshell before execution. Note that some shells may preserve special variables.

When testing scripts, you might want to ensure they work without specific environment variables:

#!/bin/bash
# Test script that should work without inherited vars
env -i ./test_script.sh

For privileged execution with a clean environment:

sudo -H env -i PATH=/usr/bin:/bin /path/to/script.sh

The -H flag ensures a clean environment while preserving essential paths.

  • Some programs require specific environment variables to function
  • Shell builtins might behave differently in clean environments
  • Absolute paths become crucial when PATH is cleared

For complete isolation, consider using Docker:

docker run --rm -v $(pwd):/script alpine /script/test.sh

This provides a pristine environment with only the variables you explicitly set.