All posts
September 14, 20252 min read

Command Whitelisting in Zsh: A Safety Net for Your Shell

I’d typed a command I’d typed a thousand times before. This time, it almost destroyed production. Command whitelisting in Zsh isn’t just a neat trick. It’s a guardrail for your shell, a way to make execution safe by design. By pre-approving only the commands you trust, you remove the risk of a fat-fingered disaster or a malicious payload getting through. Zsh powers many development setups and CI pipelines, yet most shells run wide open. A single typo in a destructive command can erase work, cra

Free White Paper

Just-in-Time Access + GCP Security Command Center: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

I’d typed a command I’d typed a thousand times before. This time, it almost destroyed production.

Command whitelisting in Zsh isn’t just a neat trick. It’s a guardrail for your shell, a way to make execution safe by design. By pre-approving only the commands you trust, you remove the risk of a fat-fingered disaster or a malicious payload getting through. Zsh powers many development setups and CI pipelines, yet most shells run wide open. A single typo in a destructive command can erase work, crash systems, or leak secrets. Command whitelisting changes that.

At its core, command whitelisting in Zsh is about intercepting execution. You define an allowed list in your shell configuration, then override Zsh’s command execution to check against it. Any command not on the list is blocked, logged, or both. The mechanic is simple: hook into preexec or wrap builtins with functions that validate against your whitelist.

Here’s the flow:

  1. Create an array of approved commands.
  2. Use a function to intercept command calls.
  3. Compare each command’s root name to the array.
  4. Permit or deny execution accordingly.

Setting it up is fast:

Continue reading? Get the full guide.

Just-in-Time Access + GCP Security Command Center: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.
# .zshrc
WHITELIST=("ls""git""make""kubectl""vim")

function whitelisted() {
 cmd=$1
 for allowed in "${WHITELIST[@]}"; do
 if [[ "$cmd"== "$allowed"]]; then
 return 0
 fi
 done
 return 1
}

preexec() {
 local basecmd=${1%% *}
 if ! whitelisted "$basecmd"; then
 echo "Blocked: $basecmd not in whitelist."
 return 1
 fi
}

Load your shell, test it, and see how even an accidental rm -rf / won’t run. This is not a bulletproof security model. It’s a precision tool that reduces mistyped or unauthorized commands where it counts: your development machine, your server sessions, or your container shells.

Command whitelisting in Zsh becomes even more powerful when combined with audit logging, environment-specific lists, and team-wide dotfile management. You can sync whitelist rules over git, control access for junior engineers on staging boxes, or lock down your CI workers so that only a scoped set of build and deploy commands can run.

The performance impact is negligible. The safety net is immediate. Once in place, you can develop and operate with confidence, knowing the shell itself enforces your boundaries before your infrastructure takes the hit.

You can roll your own scripts, or you can skip to running this in a live, secure environment with full guardrails, pipelines, and instant policy enforcement. That’s where hoop.dev comes in. You can see a live, working version of safe shell command execution—deployed in minutes.

Do it now. A single wrong command is all it takes. In Zsh, that’s optional. For the rest of us, it’s preventable.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts