LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-29-2008, 10:58 PM   #1
haariseshu
Member
 
Registered: Jan 2008
Location: Noida, India
Distribution: RHEL
Posts: 81

Rep: Reputation: 15
Bulk user add script


Hi Guys,
I'm running postfix mail server. It's using /etc/passwd auth. Everything is working charm and currently I'm in a need to add users in bulk around 2000. It's not possible to add all the users by typing commands. With the users list I have append the useradd command and made a simple script. All the users have added. But now the problem is to set password for those password. I can use the same formula I used to add the users. But in passwd -p option requires the encrypted password. If I can able to set any common password means it's also fine. But user name is different.

Anybody know how to achieve this with script or any easy method?

Thanks a lot in Advance...

--
Hari.
 
Old 12-30-2008, 04:02 AM   #2
kenneho
Member
 
Registered: May 2003
Location: Oslo, Norway
Distribution: Ubuntu, Red Hat Enterprise Linux
Posts: 655

Rep: Reputation: 40
I belive you should be able to use that "passwd" alternative you mentioned. Just create a user X with a password "secret" or something. Copy the encrypted string for user X from /etc/shadow, and use that string as input to the "passwd" or "usermod" command.
 
Old 12-30-2008, 06:27 AM   #3
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,013

Rep: Reputation: 83
You need to use something like crypt to create the encrypted password.

Example perl script:
Code:
#!/usr/bin/perl
use strict;

my $SALT="FEWge%r~aNjg3q4$%";
my $user="testuser1";
my $pass="Testing";
my $encrypted=crypt($pass, $SALT);

system("useradd -p $encrypted -m $user");
Obviously, I am not suggesting that you use such an easy password, or even the same password for each account.

Also you probably should change the salt, but keep in complex.
 
Old 12-30-2008, 06:45 AM   #4
kenneho
Member
 
Registered: May 2003
Location: Oslo, Norway
Distribution: Ubuntu, Red Hat Enterprise Linux
Posts: 655

Rep: Reputation: 40
Quote:
Originally Posted by Disillusionist View Post
You need to use something like crypt to create the encrypted password.
Do you know if there are any (bash) shell commands equivalent to this?
 
Old 12-30-2008, 08:37 AM   #5
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by kenneho View Post
Do you know if there are any (bash) shell commands equivalent to this?
Sure, mkpasswd... a script to do what the original poster asked from a csv file would look like this...

new-user.sh
Code:
#!/bin/bash
for i in `cat unpw.csv`; do
  UN=`echo $i | cut -f1 -d','`
  PW=`echo $i | cut -f2 -d','`
  ENCPW=`echo $PW | mkpasswd -s`
  echo useradd -p $ENCPW -m $UN
done
unpw.csv
Code:
user1,password1
user2,password2
user3,password3
You might want to add --hash=md5 or something similar to mkpasswd to get a better encryption scheme than the default.

It currently will echo what it will output to the system when you run it... to do the process for real remove the echo.

Good luck.

Last edited by rweaver; 12-30-2008 at 08:39 AM.
 
Old 12-30-2008, 09:31 AM   #6
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 230Reputation: 230Reputation: 230
Also look at newusers to do any future job like this, & apg to generate passwords.

Last edited by archtoad6; 12-30-2008 at 09:36 AM. Reason: Add apg
 
Old 12-30-2008, 03:47 PM   #7
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by archtoad6 View Post
Also look at newusers to do any future job like this, & apg to generate passwords.
I forgot about newusers, been ages since I used it. apg is ok but not a default application on many servers. mkpasswd IS installed by default typically.
 
Old 12-31-2008, 06:54 AM   #8
p_s_shah
Member
 
Registered: Mar 2005
Location: India
Distribution: RHEL 3/4, Solaris 8/9/10, Fedora 4/8, Redhat Linux 9
Posts: 228
Blog Entries: 1

Rep: Reputation: 34
Two alternates I know!!

1. Using Shell script
Code:
echo $PASS | passwd $USER --stdin
2. Using Perl
Code:
#!/usr/bin/perl 
use Unix::PasswdFile;

$pw = new Unix::PasswdFile "/etc/passwd";
$pw->passwd("monk", $pw->encpass("My-New-Password"));
$pw->commit();
undef $pw;
 
Old 01-02-2009, 02:09 AM   #9
kenneho
Member
 
Registered: May 2003
Location: Oslo, Norway
Distribution: Ubuntu, Red Hat Enterprise Linux
Posts: 655

Rep: Reputation: 40
Quote:
Originally Posted by rweaver View Post
Code:
#!/bin/bash
for i in `cat unpw.csv`; do
  UN=`echo $i | cut -f1 -d','`
  PW=`echo $i | cut -f2 -d','`
  ENCPW=`echo $PW | mkpasswd -s`
  echo useradd -p $ENCPW -m $UN
done
I actually have mkpasswd installed on one of my servers, and as far as I can see (I may of course be wrong) it produces only unenctrypted passwords. What I would like is to be able to create encrypted passwords but not having to do this by creating a users first and using the passwd command. Any suggestions?
 
Old 01-02-2009, 04:46 AM   #10
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,013

Rep: Reputation: 83
As already suggested by ArchToad6 look at newusers.

Create a file containing the users to be created, in my example this is called userlist:
Code:
user1:Passwd1::1000:Test User 1:/home/user1:/bin/bash
user2:Passwd2::1000:Test User 2:/home/user2:/bin/bash
Then use newusers command (as root):
Code:
newusers userlist
Obviously, choose different passwords

passwords are limited to maximum 8 characters (everything after that is ignored)

As userlist contains unencrypted passwords, you must take steps to protect this file (or delete it once it's been used).

EDIT:-

Incidently, I tried mkpasswd and it works for me:
Code:
 echo Password|mkpasswd -s
gave me:
Quote:
6s/SJs4imX6Yw

Last edited by Disillusionist; 01-02-2009 at 05:21 AM.
 
Old 01-02-2009, 05:36 AM   #11
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,013

Rep: Reputation: 83
Alternative bash script:

Code:
#!/bin/bash
awk -F"," '{print $1, $2}' unpw.csv|while read UN PW
do
   ENCPW=$(echo $PW|mkpasswd -s)
   echo useradd -p $ENCPW -m $UN
done
 
Old 01-02-2009, 05:50 AM   #12
kenneho
Member
 
Registered: May 2003
Location: Oslo, Norway
Distribution: Ubuntu, Red Hat Enterprise Linux
Posts: 655

Rep: Reputation: 40
Quote:
Originally Posted by Disillusionist View Post
As already suggested by ArchToad6 look at newusers.

Create a file containing the users to be created, in my example this is called userlist:
Code:
user1:Passwd1::1000:Test User 1:/home/user1:/bin/bash
user2:Passwd2::1000:Test User 2:/home/user2:/bin/bash
Then use newusers command (as root):
Code:
newusers userlist
Obviously, choose different passwords

passwords are limited to maximum 8 characters (everything after that is ignored)

As userlist contains unencrypted passwords, you must take steps to protect this file (or delete it once it's been used).

EDIT:-

Incidently, I tried mkpasswd and it works for me:
Code:
 echo Password|mkpasswd -s
gave me:
Thanks for your reply. I'm not really in need of newusers, as I'm only interested in creating a hashed password and not necessarily a new user.

To me it seems like mkpasswd only creates a random password, not a encrypted password:
Code:
[root@server ]# echo Password|mkpasswd 
7p%awJN9o
An encrypted password, at least for use in the /etc/shadow file, should be prefixed with a "$1$".

An interesting observation is that I don't have an "-s" option available:
Code:
[root@server ]# echo Password|mkpasswd -s 
can't use empty string as operand of "+" 
    while executing 
"if {$minnum + $minlower + $minupper + $minspecial > $length} { 
        puts "impossible to generate $length-character password\ 
                with $minnum numbers, $minl..." 
    (file "/usr/bin/mkpasswd" line 74)
 
Old 01-02-2009, 07:12 AM   #13
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,013

Rep: Reputation: 83
Quote:
Originally Posted by kenneho View Post
To me it seems like mkpasswd only creates a random password, not a encrypted password:
Code:
[root@server ]# echo Password|mkpasswd 
7p%awJN9o
mkpasswd uses a random SALT when one is not provided. If you provide a salt then it gets the same results time after time.

Try:
Code:
mkpasswd Password Sm

Quote:
Originally Posted by kenneho View Post
An encrypted password, at least for use in the /etc/shadow file, should be prefixed with a "$1$".
The encrypted password in the /etc/shadow file does not have to begin "$1$", however, the algorithm that the passwd command uses creates an encrypted password starting "$1$". Passwords that do not start "$1$" will still work.

EDIT:- removed my first question as I realise it did not originate from the OP

Last edited by Disillusionist; 01-02-2009 at 07:16 AM.
 
Old 01-02-2009, 07:23 AM   #14
kenneho
Member
 
Registered: May 2003
Location: Oslo, Norway
Distribution: Ubuntu, Red Hat Enterprise Linux
Posts: 655

Rep: Reputation: 40
Quote:
Originally Posted by Disillusionist View Post
I thought your original post stated "Currently I'm in a need to add users in bulk around 2000" ...

What are you intending to use the hashed password for?
I'm not the one who started the thread - I posted my first question in the middle of the thread. It's not easy keeping track of who posted what. To sum up my question: I'd like to encrypt passwords without having to actually add the clear text password to "passwd".

Anyway, I've come accross cases where I need to create an encrypted password for a user, and to accomplish this I've had to run the clear text password through "passwd <someuser>" to get the hashed password. I've had to use this approach on the few servers we've got that doesn't use LDAP.

Quote:
mkpasswd uses a random SALT when one is not provided. If you provide a salt then it gets the same results time after time.

Try:
Code:
mkpasswd Password Sm
The encrypted password in the /etc/shadow file does not have to begin "$1$", however, the algorithm that the passwd command uses creates an encrypted password starting "$1$". Passwords that do not start "$1$" will still work.
Thanks for the info on passwd and "$1$" - didn't know that omitting "$1$" would work.
 
Old 01-02-2009, 08:01 AM   #15
Disillusionist
Senior Member
 
Registered: Aug 2004
Location: England
Distribution: Ubuntu
Posts: 1,013

Rep: Reputation: 83
Quote:
Originally Posted by kenneho View Post
I'm not the one who started the thread
Sorry, I realised my mistake whilst you were composing your reply.

Quote:
To sum up my question: I'd like to encrypt passwords without having to actually add the clear text password to "passwd".
You could use usermod -p $ENCPW $UN so long as you have a valid encrypted password but you're going to need to create that encrypted password somewhere.

Quote:
Thanks for the info on passwd and "$1$" - didn't know that omitting "$1$" would work.
You can't just remove the begining of the encrypted password. What I was trying to say was that the encrypted password created by the passwd command starts $1$ but if you create an encrypted password (either using crypt as in my perl sample, or through mkpasswd) that will still be valid.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
samba - add user script - User account does not exist itzamecwp Linux - Server 2 01-18-2007 10:52 PM
Add bulk users at a same time mudasar Linux - Networking 1 11-20-2005 01:56 PM
add user script satinet Linux - General 2 10-21-2005 02:48 AM
What add user script you use for Samba 3.0.3-5? subaruwrx Linux - Networking 3 07-19-2004 11:19 AM
add user script? ezra143 Linux - Software 2 10-21-2003 11:21 PM


All times are GMT -5. The time now is 11:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration