Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 04-29-2008, 10:41 AM   #1
Registered: Sep 2006
Posts: 42

Rep: Reputation: 15
Restoring Password Hash

When we delete users on our system, we run a script that archives their mail and stores a copy of their password hash (and other info) in case we need to perform a quick restore. Is there a way to set a user's password based on the password hash, rather than a plain-text password?

We can always manually replace the hash in /etc/shadow with the old one, but I'm writing a script to automate the restore, so I'm looking for an easy way to do this. I don't really want to use sed or anything that manipulates the shadow file directly; I'm hoping there's another way to do it (the passwd command doesn't seem to have this feature). Any ideas?

Old 04-29-2008, 11:27 AM   #2
Senior Member
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
Why don't you just lock their account when you delete users, and unlock them to restore their password?

passwd -l username
passwd -u username

I try not to ever actually remove a user from the system as it leaves any files owned by them with a number as an owner. Also, if another user gets added later and the first user's UID is reused, that user ends up owning all the first user's files.



Last edited by forrestt; 04-29-2008 at 11:28 AM.
Old 04-29-2008, 12:22 PM   #3
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Originally Posted by forrestt
I try not to ever actually remove a user from the system as it leaves any files owned by them with a number as an owner.
I agree that users should be locked/disabled (rather than removed). But I have a longer list of steps to help ensure the person is really 'gone'.
Old 04-29-2008, 12:22 PM   #4
Registered: Sep 2006
Posts: 42

Original Poster
Rep: Reputation: 15
We do sometimes lock accounts for a period of time before deleting them (though we're inconsistent), but we always eventually delete them. I have a feeling the lead sysadmin and our supervisor won't go for the idea of locking the accounts and just leaving them there, but I suppose I can give it a shot and see what they say. They may go for the idea of locking them for a month or so before deleting them, which should be enough time to alert us if we locked something we need to unlock. I'm still open to other ideas, as well, though, in the meantime.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
What is used to create the shadow password hash?? helptonewbie Linux - General 11 08-17-2009 02:02 AM
What type of password hash is this ? memo007 Linux - Security 7 12-26-2007 02:34 AM
Password Hash Query aml1973 Linux - Security 1 12-03-2007 07:50 AM
password hash storage (md5, sha1...) aneroid Programming 6 12-30-2005 10:27 PM
Change Password Hash Algorithm Trano Linux - Security 1 08-23-2005 07:48 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:54 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration