What is the "eval" command in bash?

What can you do with the eval command? Why is it useful? Is it some kind of a built-in function in bash? There is no man page for it..

Asked By: LanceBaynes


eval has no man page because it is not a separate external command, but rather a shell built-in, meaning a command internal to and known only by the shell (bash). The relevant part of the bash man page says:

eval [arg ...]
    The args are read and concatenated together into a single command.  
    This command is then  read  and executed by the shell, and its exit 
    status is returned as the value of eval.  If there are no args, or only 
    null arguments, eval returns 0

In addition, the output if help eval is:

eval: eval [arg ...]
    Execute arguments as a shell command.

    Combine ARGs into a single string, use the result as input to the shell,
    and execute the resulting commands.

    Exit Status:
    Returns exit status of command or success if command is null.

eval is a powerful command and if you intend to use it you should be very careful to head off the possible security risks that come with it.

Answered By: jw013

Yes, eval is a bash internal command so it is described in bash man page.

eval [arg ...]
    The  args  are read and concatenated together into a single com-
    mand.  This command is then read and executed by the shell,  and
    its  exit status is returned as the value of eval.  If there are
    no args, or only null arguments, eval returns 0.

Usually it is used in combination with a Command Substitution. Without an explicit eval, the shell tries to execute the result of a command substitution, not to evaluate it.

Say that you want to code an equivalent of VAR=value; echo $VAR. Note the difference in how the shell handles the writings of echo VAR=value:


    andcoz@...:~> $( echo VAR=value )
    bash: VAR=value: command not found
    andcoz@...:~> echo $VAR
    <empty line>

The subshell executes the echo command and then command substitutes the result, VAR=value, back to the outer shell where it throws the error because "VAR=value" is not a command. The assignment remains ineffective because it was never executed, only echoed.


    andcoz@...:~> eval $( echo VAR=value )
    andcoz@...:~> echo $VAR

The subshell echoes "VAR=value" which is again command substituted back to the outer shell where it is then evaled.

Last but not least, eval can be a very dangerous command. Any input to an eval command must be carefully checked to avoid security problems.

Answered By: andcoz

eval is part of POSIX. It’s an interface which can be a shell built-in.

It’s described in the "POSIX Programmer’s Manual": http://www.unix.com/man-page/posix/1posix/eval/

eval - construct command by concatenating arguments

It will take an argument and construct a command of it, which will then be executed by the shell. This is the example from the manpage:

foo=10 x=foo    # 1
y='$'$x         # 2
echo $y         # 3
eval y='$'$x    # 5
echo $y         # 6
  1. In the first line you define $foo with the value '10' and $x with the value 'foo'.
  2. Now define $y, which consists of the string '$foo'. The dollar sign must be escaped
    with '$'.
  3. To check the result, echo $y.
  4. The result of 1)-3) will be the string '$foo'
  5. Now we repeat the assignment with eval. It will first evaluate $x to the string 'foo'. Now we have the statement y=$foo which will get evaluated to y=10.
  6. The result of echo $y is now the value '10'.

This is a common function in many languages, e.g. Perl and JavaScript.
Have a look at perldoc eval for more examples: http://perldoc.perl.org/functions/eval.html

Answered By: echox

The eval statement tells the shell to take eval’s arguments as command and run them through the command-line. It is useful in a situation like below:

In your script if you are defining a command into a variable and later on you want to use that command then you should use eval:

/home/user1 > a="ls | more"
/home/user1 > $a
bash: command not found: ls | more
/home/user1 > # Above command didn't work as ls tried to list file with name pipe (|) and more. But these files are not there
/home/user1 > eval $a
/home/user1 >
Answered By: Nikhil Gupta

eval is a feature of most interpreted languages (TCL, python, ruby…), not only shells. It’s used to evaluate code dynamically.

In shells, it’s implemented as a shell builtin command.

Basically, eval takes a string as argument and evaluates/interprets the code in it. In shells, eval can take more than one argument, but eval just concatenates those to form the string to evaluate.

It’s very powerful because you can construct code dynamically and run it, something you can’t do in compiled languages like C.


varname=$1 varvalue=$2
eval "$varname=$varvalue" # evaluate a string like "foo=$varvalue"
                           # which in Bourne-like shell language
                           # is a variable assignment.

But it’s also dangerous as it’s important to sanitize the dynamic (externally provided) parts of what is passed to eval for the very reason it’s interpreted as shell code.

For instance, above if $1 is evil-command; var, eval would end-up evaluating the evil-command; var=$varvalue shell code and then run that evil-command.

The evilness of eval is often over-exaggerated.

OK, it’s dangerous, but at least we know it’s dangerous.

A lot of other commands will evaluate shell code in its arguments if not sanitized, like (depending on the shell), [ aka test, export, printf, GNU sed, awk, and of course sh/bash/perl and all interpreters…

Examples (here using uname as the evil-command and $a as externally provided unsanitized data):

$ a='$(uname>&2)' sh -c 'eval "echo $a"'

$ a='x[0$(uname>&2)]' mksh -c 'export "$a=$b"'
$ a='x[0$(uname>&2)]' ksh93 -c 'printf "%dn" "$a"'
$ a='x[0$(uname>&2)]' ksh93 -c '[ "$a" -gt 0 ]'
$ a=$'bar/g;e uname>&2n;s//'; echo foo | sed "s/foo/$a/g"
$ a='";system("uname");"'; awk "BEGIN{print "$a"}"

$ a=';uname'; sh -c "echo $a"


Those sed, export… commands could be considered more dangerous because while it’s obvious eval "$var" will cause the content of $var to be evaluated as shell code, it’s not so obvious with sed "s/foo/$var/" or export "$var=value" or [ "$var" -gt 0 ]. The dangerosity is the same, but it’s concealed in those other commands.

Answered By: Stéphane Chazelas

What is eval?

eval is a shell command which is usually implemented as a builtin.

In POSIX it is listed as part of “2.14. Special Built-In Utilities” at the entry “eval”.
What builtin means is:

The term “built-in” implies that the shell can execute the utility directly and does not need to search for it.

What does it do?

In simple terms: makes an input line to be parsed twice.

How does it do that?

The shell has a sequence of steps that it follows to “process” a line.
You could look at this image and realize that eval is the only line that goes up, back to step 1, on the left.
From the POSIX description:

2.1 Shell Introduction

  1. The shell reads its input ….
  2. The shell breaks the input into tokens: words and operators
  3. The shell parses the input into simple and compound commands.
  4. The shell performs various expansions (separately) …
  5. The shell performs redirection and removes redirection operators and their operands from the parameter list.
  6. The shell executes a function, built-in, executable file, or script …
  7. The shell optionally waits for the command to complete and collects the exit status.

At step 6 a built-in will be executed.
At step 6 eval causes the processed line to be sent back to step 1.
It is the only condition under which the execution sequence goes back.

That is why I say: With eval an input line is parsed twice.

Effects of parsing twice.

The first.

And most important effect to understand. Is that one consequence of the first time a line is subject to the seven shell steps shown above, is quoting. Inside step 4 (expansions), there is also a sequence of steps to perform all expansions, the last of which is Quote Removal:

Quote removal shall always be performed last.

So, always, there is one level of quoting removed.


As consequence of that first effect, additional/different parts of the line become exposed to the shell parsing and all the other steps.



That allows to execute indirect expansions:

a=b b=c    ;    eval echo $$a            ### shall produce "c"

Because on the first loop, the first $ is quoted.
As such, it is ignored for expansions by the shell.
The next $ with the name a is expanded to produce “b”.
Then, one level of quoting is removed, making the first $ unquoted.
End of first loop.

It is then, on the second loop that the string $b is read by the shell.
Then expanded to “c”
And given as an argument to echo.

To “see” what eval will produce on the first loop (to be evaluated again), use echo. Or any command/script/program that clearly shows the arguments:

$ a=b b=c
$ eval echo $$a;

Replace eval by echo to “see” what is happening:

$ echo echo $$a
echo $b

It is also possible to show all the “parts” of a line with:

$ printf '<%s> ' echo $$a
<echo> <$b>

Which, in this example, is only one echo and one variable, but remember it to help in evaluating more complex cases.

A correction.

It must be said that: there is a mistake in the code above, can you see it?.
Easy: there are some quotes missing.

How? you may ask. Simple, let’s change the variables (not the code):

$ a=b b="hi     jk"
$ eval echo $$a
hi jk

See the missing spaces?
That is because the value inside $b was split by the shell.

If that does not convince you, try this:

$ a=b b="hi  *  jk"
$ eval echo $$a              ### warning this will expand to the list  
                              ### of all files in the present directory.


Missing quotes. To make it work correctly (add internal "$a"and external " quotes).
Try this (is perfectly safe):

$ a=b b="hi      *       jk"
$ eval echo " $"$a" "
hi      *       jk

About the manual:

There is no man page for it..

No, there is not an independent man page for this.
The search for manual with man -f eval or even apropos eval show no entry.

It is included inside man bash. As is any built-in.
Search for “SHELL BUILTIN COMMANDS” and then for “eval”.

An easier way to get help is:
In bash, you could do help eval to see the help for the built-in.

Why is eval called evil?

Because it is binding text to code dynamically.

In other words: it converts the list of its arguments (and/or expansions of such arguments) into an executed line. If for any reason, an argument has been set by an attacker, you will be executing attacker code.

Or even simpler, with eval you are telling whoever defined the value of one or several arguments:

C’mon, sit here and type any command line, I will execute it with my powers.

Is that dangerous? Should be clear for everyone that it is.

The safety rule for eval should be:
Only execute eval on variables to which you have given it’s value.

Read more detail here.

Answered By: user79743

This example may shed some light:

echo "$VAR3"
eval echo "$VAR3"
eval eval echo "$VAR3"

Output of the script above:

Answered By: LoMaPh

My experience with eval it can convert string output of command to variable , this example from another question

eval $(ffprobe -v error -of flat=s=_ -select_streams v:0 -show_entries stream=height,width ${FILE})

when I type it directly to the terminal, I got


That stored each one into a new variable to use it inside the script.


This could be useful to benefit, from another command output, before processing the main command (e.g get file properties or remote server status )

Answered By: Salem F

A bit late to the party on this but this little example from my console output shows the behaviour of eval versus running a script. It shows that eval evaluates a string (be it from a file or variable) and runs the command in the current shell it’s in, compared to running a script, which runs in its own shell and exits back to the current shell.
(but also to run a script in the current shell environment, you can just place a dot and a space before the shell script filename)

$ pwd

$ cat myscript.sh
cd Desktop

$ ./myscript.sh

$ pwd

$ eval $(cat myscript.sh)

$ pwd
Answered By: uwalakab

The eval function/macro evaluates Shell code represented as a string and returns its completion value.

The source is parsed as a bash shell.

Answered By: 山茶树和葡萄树

Simply put, eval takes all the arguments provided to it, combines them into a single command, and then executes that command.

eval "$command_part1 $command_part2"

is the same as

ls -l
Answered By: mcmah309
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.