LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   System Wide Passwd Reset or Force (https://www.linuxquestions.org/questions/linux-security-4/system-wide-passwd-reset-or-force-261008/)

outspoken 11-30-2004 02:05 PM
System Wide Passwd Reset or Force
 
Ok, I know about 'chage' to age passwords on the system, but what I need to do is force a password reset system wide instantly at any given time by invoking some command or script. does anyone have such a script or know of a command that I can use for this?

The system will not be using PAM for authentication, only /etc/passwd

Thanks! (p.s. - aging is not installed on this system)

one other thing, this system has hundreds of users so maybe there is a way to strip the /etc/passwd file of all characters before the first ':' and put them into a temp file that gets read by another script which executes the 'passwd -f <username>' function on each name (which would probably take some)?

thanks again! hope to hear from someone about this one, would save some major headaches.

secesh 11-30-2004 02:11 PM
wow... i can almost see an application for what you are trying to do... but not for EVERY user on the system... what if you accidentially automatically reset root pwd?

i would script something to generate/change given usernames' passwords... perhaps maintain a file of usernames for this purpose...

outspoken 11-30-2004 02:14 PM
maintaining a userfile would be a good idea, but what would the script look like for it? =) im giving google a good work out trying to find some examples on this.

secesh 11-30-2004 02:29 PM
here's my two second untested solution... hope it sets you in the right direction...

Code:
#!/bin/bash
FILENAME=/root/users
## where one line= one username

for user in $FILENAME
do
  passwd $user new!pass
done

## won't work right away: not strong enough password
## to work without re-prompt

outspoken 11-30-2004 02:31 PM
very cool. thank you, i will give it a try right now.

actually would using 'passwd -f $user' work also? this is actually all i really need to do as this would force the users to choose their new password on next login.

secesh 11-30-2004 02:34 PM
sure... again, i wouldn't recommend sticking with that script... it's only meant to get you started

outspoken 11-30-2004 02:40 PM
for now it will do the job. what concerns do you have that would make me want to change anything about it?

secesh 11-30-2004 02:44 PM
the same password for every user is #1

outspoken 11-30-2004 02:45 PM
ok, i just thought of using awk to check for uid above a certain number to play safe. ill be changing the script a bit more.

thanks again!

secesh 11-30-2004 02:52 PM
if you're maintaining the user file, and only root has access to it, i wouldn't worry about the uid range... but a "failsafe" might be to include a clause for not resetting root pwd (but if a normal user was able to run this in the first place, i'd assume they already did major damage, and couldn't get much worse). good thought -- nice to know you're actively trying to solve this, rather than relying on my casual input.

BlinkEye 12-12-2004 07:16 AM
i think you mean
Code:
passwd -e $user
this is the option which expires a users password and forces him to renew it upon next login


All times are GMT -5. The time now is 07:45 PM.