TIL: Bash History not ignoring commands starting with a space

Short anecdote of something I learned today.
I thought I was losing my mind. When I ran commands that were prefixed with a space they were still in my bash session history and written to ~/.bash_history, and I tested on several OS’s (Opnsense 24.7, AlmaLinux 9, Fedora 41).

[topher@router ~]$ echo normal
normal
[topher@router ~]$  echo hidden
hidden
[topher@router ~]$ echo !!
echo  echo hidden
echo hidden

I was beginning to imagine that I was confused and this was never the case that commands prefixed with a space would be ignored. I went through the bash man page and found this is configured with having the ignorespace option in your $HISTCONTROL envvar, which it appears is not default in any of these OSes anymore.

Further testing found that this wasn’t the case in Ubuntu:24.04:

$ docker run -it --rm ubuntu:24.04 /bin/bash
Unable to find image 'ubuntu:24.04' locally
24.04: Pulling from library/ubuntu
de44b265507a: Pull complete 
Digest: sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab
Status: Downloaded newer image for ubuntu:24.04
root@f23f99e71691:/# echo normal
normal
root@f23f99e71691:/#  echo hidden
hidden
root@f23f99e71691:/# echo !!
echo echo normal
echo normal
root@f23f99e71691:/# echo $HISTCONTROL
ignoredups:ignorespace

I’m glad I’m not crazy, but now I’m trying to decide how I feel about this change. I don’t rely on this behavior for any real security reasons, but have used it to avoid clutter.

I’m curious if anyone else knew of this change and had any feelings about it.

3 Likes

If you’re a small team / lone wolf type, you’re generally going to prefer the option to lead with a space to duck the written logs of what you did. There are for sure legitimate reasons for doing that (like issuing commands that have secrets on the command line, although that’s still a bad security practice if those secrets might show up in the command’s mutex), and being denied access to those legitmate uses of the history escape mechanism can be frustrating.

On the other hand, if you’re an enterprise type, you have to work within a large team of people, many or all of whom have access to mission critical things that can cause downtime for tens, hundreds, or thousands of people–and not all of your team members are equally reliable. In this environment, you do not want any of those team members to be able to casually disable any form of logging that might be necessary to reconstruct what led up to a catastrophe, so you disable that behavior, and you get real freakin’ pissy with whichever junior team member whines at you about it later. :slight_smile:

1 Like

Which is why I recommend ending all your embarrasing commands with typing # ^V^[[2K^V^[[F (^x = Ctrl-x). This way, they won’t be easily visible when somebody types history. /s

This brings back memories of using ANSI control codes for various shenanigans and hooliganism on BBSes in the mid nineties… I particularly liked using the codes for pause and backspace, which I’d use to show a thoughtful pause, backspace and rephrase of things for fun!

The zsh equivalent to enable this is setopt HIST_IGNORE_SPACE but the more modern approach is to define zshaddhistory() to prune lines programmatically.

I know I tried that out in the distant past but found that it tended to get triggered unintentionally when pasting lines into a terminal. Passing things like passwords on the command-line should always be avoided because they show up in places like process-listings. The environment isn’t great either.