LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-30-2004, 03:05 PM   #1
outspoken
LQ Newbie
 
Registered: Nov 2004
Distribution: Gentoo
Posts: 24

Rep: Reputation: 15
System Wide Passwd Reset or Force


Ok, I know about 'chage' to age passwords on the system, but what I need to do is force a password reset system wide instantly at any given time by invoking some command or script. does anyone have such a script or know of a command that I can use for this?

The system will not be using PAM for authentication, only /etc/passwd

Thanks! (p.s. - aging is not installed on this system)

one other thing, this system has hundreds of users so maybe there is a way to strip the /etc/passwd file of all characters before the first ':' and put them into a temp file that gets read by another script which executes the 'passwd -f <username>' function on each name (which would probably take some)?

thanks again! hope to hear from someone about this one, would save some major headaches.
 
Old 11-30-2004, 03:11 PM   #2
secesh
Senior Member
 
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
wow... i can almost see an application for what you are trying to do... but not for EVERY user on the system... what if you accidentially automatically reset root pwd?

i would script something to generate/change given usernames' passwords... perhaps maintain a file of usernames for this purpose...
 
Old 11-30-2004, 03:14 PM   #3
outspoken
LQ Newbie
 
Registered: Nov 2004
Distribution: Gentoo
Posts: 24

Original Poster
Rep: Reputation: 15
maintaining a userfile would be a good idea, but what would the script look like for it? =) im giving google a good work out trying to find some examples on this.
 
Old 11-30-2004, 03:29 PM   #4
secesh
Senior Member
 
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
here's my two second untested solution... hope it sets you in the right direction...

Code:
#!/bin/bash
FILENAME=/root/users
## where one line= one username

for user in $FILENAME
do
  passwd $user new!pass
done

## won't work right away: not strong enough password
## to work without re-prompt
 
Old 11-30-2004, 03:31 PM   #5
outspoken
LQ Newbie
 
Registered: Nov 2004
Distribution: Gentoo
Posts: 24

Original Poster
Rep: Reputation: 15
very cool. thank you, i will give it a try right now.

actually would using 'passwd -f $user' work also? this is actually all i really need to do as this would force the users to choose their new password on next login.
 
Old 11-30-2004, 03:34 PM   #6
secesh
Senior Member
 
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
sure... again, i wouldn't recommend sticking with that script... it's only meant to get you started
 
Old 11-30-2004, 03:40 PM   #7
outspoken
LQ Newbie
 
Registered: Nov 2004
Distribution: Gentoo
Posts: 24

Original Poster
Rep: Reputation: 15
for now it will do the job. what concerns do you have that would make me want to change anything about it?
 
Old 11-30-2004, 03:44 PM   #8
secesh
Senior Member
 
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
the same password for every user is #1
 
Old 11-30-2004, 03:45 PM   #9
outspoken
LQ Newbie
 
Registered: Nov 2004
Distribution: Gentoo
Posts: 24

Original Poster
Rep: Reputation: 15
ok, i just thought of using awk to check for uid above a certain number to play safe. ill be changing the script a bit more.

thanks again!
 
Old 11-30-2004, 03:52 PM   #10
secesh
Senior Member
 
Registered: Sep 2004
Location: Savannah, GA
Distribution: Ubuntu, Gentoo, Mythbuntu, ClarkConnect
Posts: 1,154

Rep: Reputation: 47
if you're maintaining the user file, and only root has access to it, i wouldn't worry about the uid range... but a "failsafe" might be to include a clause for not resetting root pwd (but if a normal user was able to run this in the first place, i'd assume they already did major damage, and couldn't get much worse). good thought -- nice to know you're actively trying to solve this, rather than relying on my casual input.
 
Old 12-12-2004, 08:16 AM   #11
BlinkEye
Member
 
Registered: Jul 2003
Distribution: gentoo
Posts: 71

Rep: Reputation: 15
i think you mean
Code:
passwd -e $user
this is the option which expires a users password and forces him to renew it upon next login
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to modify the system-wide PATH jayhel Slackware - Installation 8 04-22-2005 04:00 AM
System wide KHTML colors ProtoformX Linux - Software 1 04-02-2005 11:13 AM
System Wide Permission lmanwarren Linux - General 1 03-29-2005 09:15 PM
Where are system-wide blackbox configs? Erik Thorsson Linux - Software 1 01-30-2005 09:41 PM
*system-wide* KDE install, how? webvandals Linux - Software 5 03-06-2004 12:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:13 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration