LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Change account passwd in one command (https://www.linuxquestions.org/questions/linux-newbie-8/change-account-passwd-in-one-command-592800/)

christopher_c 10-18-2007 01:00 PM
Change account passwd in one command
 
Hey everyone

is it possible to change an account password without having to type it in twice like the 'passwd' command does?(ie verify)

I checked the man pages for passwd but doesnt seem to have an option to do so.

ilikejam 10-18-2007 01:40 PM
Hi.

Try:
Code:
echo n3wP4ssW0rd | passwd --stdin christopher_c
Dave

Tinkster 10-18-2007 01:55 PM
Caution: not all versions of passwd understand the --stdin. The one
in Slackware (from shadow-4.0.3-i486-14) doesn't. Neither does the one
in SLES, nor the one in Solaris 8 or 10...

Which version of Linux *DOES*? :}



Cheers,
Tink

b0uncer 10-18-2007 01:57 PM
Only the above method isn't too safe, because you type the password in clear-text, and secondly because it's pretty surely saved into command history of your shell. You can always remove the history file, but I still don't recommend typing passwords in clear-text.

ilikejam 10-18-2007 02:00 PM
Hmmm.

RedHat/Fedora's understands --stdin , but only allows it for root (so the security hazard from shell histories is somewhat lessened).

Another RedHatism, it would appear. I thought these sorts of differences went away a long time ago too...

An alternative (assuming you don't care about the afore mentioned shell history / ps listing issue) is to do
Code:
echo -e 'n3wP4ssW0rd\nn3wP4ssW0rd' | passwd christopher_c
Dave

pixellany 10-18-2007 02:47 PM
this is one of those things that's nice to know, but not a good idea to actually DO....If you are "very clever", you can make it easy to make a typo in your password and then get locked out of your system.

It strikes me that the solution being discussed will take more time to type than simply entering the password twice.

ilikejam 10-18-2007 02:51 PM
Think large scale deployment.
Code:
for go in `cat bigListOfServersWithPasswordlessSSHKeys`; do ssh $go "echo -e 'n3wP4ssW0rd\nn3wP4ssW0rd' | passwd christopher_c"; done
I wish we were able to do this sort of thing from a secured box at work. It would save me ~3 hours repetative strain injury time a month.

Dave

Tinkster 10-18-2007 03:10 PM
I appreciate that LDAP or NIS/NIS+ may not be an option for everyone or every
account, so the brute distribution of passwords can make sense.

Why not change the password on one machine and then sed it with the method above
in the shadow files on the target machines? ;}



Cheers,
Tink

ilikejam 10-18-2007 03:17 PM
I like the way you think.

There'd have to be some jiggery-pokery with the password expire times too though. Also, a mix of AIX, Sol8,9,10 and Linux would make it a bit more horrific. ;)

Dave

Tinkster 10-18-2007 03:21 PM
Quote:
Originally Posted by ilikejam (Post 2928857)
I like the way you think.

There'd have to be some jiggery-pokery with the password expire times too though. Also, a mix of AIX, Sol8,9,10 and Linux would make it a bit more horrific. ;)


Dave
Heh. That's three loops, then, one for each OS-type ;} with a
somewhat different incantation ...



Cheers,
Tink (inherently lazy - slacker for life)

matthewg42 10-18-2007 03:46 PM
Kubuntu 7.04 doesn't recognise --stdin.

chrism01 10-19-2007 12:26 AM
Try the expect tool, it's designed to handle ie automate issues like this


All times are GMT -5. The time now is 10:36 AM.