LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   How to generate a "masked" root password? (http://www.linuxquestions.org/questions/linux-newbie-8/how-to-generate-a-masked-root-password-820738/)

deibertine 07-19-2010 12:05 PM

How to generate a "masked" root password?
 
Just wondering if its possible to "mask" a root password?
I have a script that starts up an application.
Running the application within the script requires me to reveal the root password.
I was wondering if there's a way to mask the password via encryption (secretpw) or such tools that are out there I can use to mask the real password with an encrypted line?
Using CentOS.
Please advise.
Cheers,
DB

GrapefruiTgirl 07-19-2010 12:10 PM

Do you mean, the script asks for the password, but you don't want the password shown on the screen as you type it? Are you using the shell built-in "read" to ask for the password? If so, `read -s` is silent mode, which does not echo the entered characters to the screen as you type.

If I've missed the idea here completely, please clarify :)

deibertine 07-19-2010 12:19 PM

Quote:

Originally Posted by GrapefruiTgirl (Post 4038308)
Do you mean, the script asks for the password, but you don't want the password shown on the screen as you type it? Are you using the shell built-in "read" to ask for the password? If so, `read -s` is silent mode, which does not echo the entered characters to the screen as you type.

If I've missed the idea here completely, please clarify :)

Sorry for not clarifying but the password is not as I type.
The password itself is inputted in the script:
-u root -p TeslaR3vv!
Can I generate an encrypted root password using a tool of some sort then input that encrypted password to the script instead of the real actual password ??

Tnx

TB0ne 07-19-2010 12:52 PM

Quote:

Originally Posted by deibertine (Post 4038321)
Sorry for not clarifying but the password is not as I type.
The password itself is inputted in the script:
-u root -p TeslaR3vv!
Can I generate an encrypted root password using a tool of some sort then input that encrypted password to the script instead of the real actual password ??

Tnx

Spell out your words.

And I'm sure many others will point out how horribly unsafe this is, so I'm not going to go there. While you *CAN* generate an encrypted string, you'll still have to DEcrypt it, before you can use it. That method will have to be 'callable' and/or easily reversible. So much so, it's pointless to do it.

The best option I can think of right away, is that you can put your 'regular' user into the sudoers file, and give it access to that ONE command you'd like to run. Have your script then check the UID to see if it's running as root or not, and if so, execute. That way, the root password is safe, and not hard coded into a program (which can be a problem later), and isn't exposed. And if someone compromises your 'regular' user ID, they STILL can't get root access, since the only thing it can do is run that ONE command.


All times are GMT -5. The time now is 06:12 PM.