LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-23-2007, 09:17 AM   #1
chakribobby
Member
 
Registered: Jan 2007
Posts: 49

Rep: Reputation: 15
How to change passwd with in the scrip with out asking in the terminal


Hi
I need to change the password for the user with in the scrip(with in the scrip i have given the password)
While running that scrip it should not ask for password
That scrip is run by root
Thanks in advance
 
Old 11-23-2007, 09:51 AM   #2
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
The passwd command does not accept the password on the command line, as this could be seen by anyone running ps when the command is executing.

The GNU implementation of usermod can accept a pre-hashed passwd using the -p or --password option (which will work on Linux distros, but maybe not on other unix-likes).
 
Old 11-23-2007, 10:37 AM   #3
chakribobby
Member
 
Registered: Jan 2007
Posts: 49

Original Poster
Rep: Reputation: 15
thanks for you reply
can you give me the syntax for the command with example
 
Old 11-24-2007, 12:35 AM   #4
matthewg42
Senior Member
 
Registered: Oct 2003
Location: UK
Distribution: Kubuntu 12.10 (using awesome wm though)
Posts: 3,530

Rep: Reputation: 63
Here's an example which uses the pwgen program to make a nice password and then uses the makepasswd program to generate the hash. The password of the user is then set using the usermod program.

It is important that a cleartext password is never sent to a program as a command line parameter to prevent it being snooped by another user who runs ps at just the right time.

Code:
#!/bin/bash

# Make sure new file which contains password is private
touch pass.txt
chmod 600 pass.txt

# generate a nice secure password and put it in a file
pwgen > pass.txt

# get the password hash
ph=$(makepasswd --clearfrom=pass.txt --crypt-md5 |awk '{print $2}')

# Set the password
usermod -p $ph bob
Note that makepasswd and pwgen are not installed by default in most distros. In Debian/Ubuntu, there are packages with the same names as the programs for them.

Storing the cleartext password in a file like this is also a risky business. Only root can read the file, and anyone sitting in front of a root shell can reset anyone's password anyway, so it's not that big a deal in itself. However, you should be very careful about this file.

Not only do you need to prevent the file getting made publicly readable, but you need to protect the media on which it has been stored. Be aware that even if you have deleted the file, the contents will remain on the disk for some time, and may thus be recovered with the right tools... Writing a cleartext password to a file may contravene your employer's security policy, or other security regulations, and it is generally a Bad Idea.

There are some cases when it is (IMO) acceptable. For example making large numbers of new accounts for a student class, where the password will be printed on some private letter. In such cases you should also set the flag on the account which forces the user to change their password when they first log in so that anyone who has snooped the cleartext password will not be able to use it without you knowing (as they will have to reset the password, and presumably the student would complain when the written password does not work).

Having said all that, there are probably better approaches for that sort of thing too.

May I ask what the situation is which prompted the question?
 
  


Reply

Tags
hash, makepasswd, passwd, security, usermod


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Change Passwd Format shipon_97 Linux - Newbie 1 01-09-2007 08:13 AM
change passwd using squirrelmail shipon_97 Linux - Enterprise 1 12-29-2006 08:53 PM
Initial passwd change liguorir Linux - Software 0 09-24-2004 11:01 AM
need a script that can change the passwd bahadur Linux - Security 1 07-09-2004 05:07 AM
user can change passwd kelper Linux - Software 3 08-28-2003 04:17 AM


All times are GMT -5. The time now is 11:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration