random password script

kernel-P4N1C · 08-06-2009, 04:41 PM

Hello guys...

as the topic suggest; i wrote a bash script that generates a random password for a user... write it on a file and send an email with the file to the user...

it is supposed to be run on cron; and it works pretty good; but i've found a little problem.

while testing; i typed in some userid's that doesn't exist and the script still write the file with the random password and stuff...

how do i break the script if the wrong input is given ?

check my code below

Code:

#!/bin/bash

### This function change the password using the aray generated by randpass
function passchange { echo -e "$pwdxx\n$pwdxx" | (sudo passwd --stdin $USERID);
echo "Password saved on $filename file";}

#### This function generates a random aray of 8 characters... to change, edit "head -cX"
function randpass { pwdxx=`</dev/urandom tr -dc A-Za-z0-9 | head -c8`;}

### This function write the password to a text file
function outputfile { echo -e "ssh access for server $SERVERNAME\n\nuser: $USERID\npasswd: $pwdxx" > $filename;}

#echo "sending file to serverinfo"
#(scp $USER serverinf@sserver:/home/serverinf)


if [ $# -ne 1 ]
then
        echo ""
        echo "Usage -$0 USER"
        echo "  Where USER is the username who password will be change"
        exit 1
fi
##### ----- variables ----- ####
USERID=$1
SERVERNAME=` /usr/local/sbin/./servername`
filename=$SERVERNAME-$USERID

##### ----- Calling functions declared above ----- #####
randpass
outputfile
passchange

chrism01 · 08-06-2009, 08:35 PM

If you call passchange before outputfile, you can check if passwd change failed.
Alternately, if that proves to be too fiddly (what with those subshells, pipes etc), just start with a new fn checkuser, which looks for user in /etc/passwd.
I'd go with the latter myself.

JulianTosh · 08-07-2009, 02:37 AM

This will allow you to check for existing user names...

Code:

grep "^$1:" /etc/passwd > /dev/null
if [ $? = 0 ]; then
  USERID=$1
  SERVERNAME=$(hostname)
  filename=$SERVERNAME-$USERID

  randpass
  outputfile
  passchange
else
  echo "User $1 does not exist."
fi

Also, I dont like how you're writing the credentials to the file system. At minumum, you should do some strict access enforcement (chmod) on the file before writing the password to the file so normal users can have access to it. "shred -n3 -u" to remove the data would have limited use on a journaled filesystem.

Best case, you should pipe the information to gpg, encrypted to each user before it's emailed. But that would require a whole lot more prerequisits... like users having to know how to use pgp.