Overview
The sed (stream editor) command is a powerful utility for dynamically editing text content via pipelines and redirections without the need to open files in a traditional editor. Because it can automate tasks such as string replacement, line extraction, line deletion, and commenting out configuration settings, it plays a central role in shell scripting and system deployment automation.
Specifications (Arguments and Options)
Syntax
BASH
sed [options] [command] [file_name]
Major Options
| Option | Description |
| -n | Suppresses the automatic printing of pattern space. Used with the “p” command to display only specific lines. |
| -e [script] | Explicitly specifies the editing command. Useful for chaining multiple editing operations. |
| -i[extension] | Performs in-place editing, overwriting the file. If an extension is provided, a backup of the original file is created. |
| -f [file] | Reads and executes editing commands from a specified script file. |
| -r, -E | Enables extended regular expressions (standard in modern environments). |
Primary Commands
| Command | Description |
| = | Displays the current line number. |
| a\ [text] | Appends the specified text after the current line. |
| i\ [text] | Inserts the specified text before the current line. |
| q | Immediately quits the sed process. |
| r [file] | Reads and appends the contents of a specified file after the current line. |
| d | Deletes the specified line or lines matching a pattern. |
| l [count] | Displays hidden characters and wraps lines at the specified character count. |
| p | Prints the current pattern space (typically used with the -n option). |
| s/regex/string/ | Replaces occurrences of the regular expression with the specified string. |
Basic Usage
This procedure demonstrates how to extract a specific range of lines from a system audit log. In this scenario, we use the “p” command to display lines 5 through 7 while including line numbers for clarity.
BASH
# Add line numbers and use sed to extract only lines 5 to 7 from an audit log
nl -ba /etc/inventory-service/access-audit.log | sed -n '5,7p'
TEXT
5 sys_admin:x:1001:1001:Admin:/home/sys_admin:/bin/bash
6 service_node:x:1002:1002::/var/lib/node:/usr/sbin/nologin
7 guest_viewer:x:1003:1003::/home/guest:/bin/sh
Practical Command Scenarios
The following examples illustrate how to perform bulk replacements or comment out specific sections of a configuration file. Here, we comment out the first three lines of a deployment list while simultaneously creating a backup.
BASH
# Insert "# " at the start (^) of lines 1 through 3 and save in-place (creating a .bak backup)
sudo sed -i.bak -e "1,3s/^/# /" /etc/inventory-service/node-deployment.conf
# Execute multiple replacements at once and filter logs for specific administrative activity
sed -e "{s/sys_admin/ADMIN_USER/g; s/root/SUPERUSER/g}" /var/log/inventory-service/security-trace.log | grep -iE "ADMIN_USER|SUPERUSER"
TEXT
# node-alpha.internal
# node-beta.internal
# node-gamma.internal
[2026-01-28] User ADMIN_USER accessed the SUPERUSER terminal.
Customization Tips
When defining the editing range, you can use patterns like /PATTERN/s to target only lines containing specific strings rather than relying solely on line numbers like 1,3s. You can also use the exclamation mark ! for inverse matching, such as 2,10!p, which outputs every line except those within the specified range. For improved readability when your text contains slashes, such as file paths, you can change the delimiter to a different symbol, like s|/usr/bin|/usr/local/bin|g, to avoid excessive backslash escaping.
Important Notes
The -i option is destructive because it modifies the original file directly. When you are unfamiliar with the operation, always specify an extension like -i.bak to preserve a backup or use redirection to output to a separate file for verification. Be aware that the behavior of -i differs between GNU sed (common on Linux) and BSD sed (common on macOS), which can impact script portability. Additionally, note that using an address of 0 in a range like 0,/pattern/ may cause errors in older versions of sed; using 1,/pattern/ is a more reliable way to start from the beginning of a file.
Advanced Applications
For complex management tasks, you can define editing rules in a separate text file and apply them to large volumes of log data in a single operation.
BASH
# Create a script file (sed-rules.txt) to define processing logic
cat << 'EOF' > /tmp/sed-rules.txt
# Mask sensitive user identification in logs
s/sys_admin:[^:]*/sys_admin:******** /g
# Remove redundant whitespace for cleaner analysis
s/ */ /g
EOF
# Process the log file by reading the rules from the external script
sed -n -f /tmp/sed-rules.txt /var/log/inventory-service/deployment-debug.log | head -n 5
TEXT
[DEBUG] User sys_admin:******** accessed secure_vault.
[INFO] Connection established for sys_admin:******** .
[WARN] Multiple attempts from sys_admin:******** noted.
Summary
The sed command is one of the most flexible and powerful tools for stream processing, ranging from quick command-line edits to complex batch replacement scripts. Its ability to automate configuration updates through in-place editing and extract specific patterns using regular expressions is essential for reducing manual errors and improving the reproducibility of system operations. Mastering the use of backslashes for escaping meta-characters and developing the habit of using backups with the -i option are critical steps toward safe and efficient professional system administration.
