Changing a users password inside a script

Posted by Steve on Mon 30 May 2011 at 15:05

In an ideal world you'd never need to change the password associated with a user account without using passwd, but there are times when it is helpful to script such things.

The naive attempts to automate the use of passwd will fail, so the standard advice has always been to use a tool like expect to interactively call the passwd binary.

But there is an alternative approach which is more sensible which is to use the usermod command to change a password.

Assume you have a user account called guest upon your system and you wish to set the user's password to openaccess you can do this by running:

# hash=$(echo openaccess | openssl passwd -1 -stdin)
# usermod --pass="$hash" guest

If you wish you could combine that into a single line:

# usermod -p $(echo openaccess | openssl passwd -1 -stdin) guest

If a local user can see the commands you're running in the output of "ps", "top", or similar then this is insecure - but if you generate the hash remotely you should probably be safe enough.

 

 


Posted by Anonymous (87.238.xx.xx) on Mon 30 May 2011 at 15:22
You may also want to use chpasswd:

echo username:password | chpasswd

This will change password for user `username' to `password'

-- Makc

[ Parent | Reply to this comment ]

Posted by Steve (82.41.xx.xx) on Mon 30 May 2011 at 15:51
[ View Steve's Scratchpad | View Weblogs ]

Good tip, thanks. I'd never seen that used before - and I agree it is better than the approach presented here.

Steve

[ Parent | Reply to this comment ]

Posted by Anonymous (95.18.xx.xx) on Mon 30 May 2011 at 19:23

Showing the password in a "ps" or storing it in the shell history file is a security no-no. To avoid this, and to also avoid showing the password in the screen:

echo user:$(stty -echo; read pass; stty echo; echo $pass) | chpasswd
unset pass

-- haralder

[ Parent | Reply to this comment ]

Posted by Anonymous (71.174.xx.xx) on Mon 30 May 2011 at 20:49
If you're using bash at least, you can avoid mucking with stty and such:

read -p user: -s pass
echo $pass | chpasswd
unset pass

The -s tells read to do the no-echo part, and -p does the echo for you, helpfully doing it to stderr with a flush before reading input, and only if stdin is a tty (making automation of your script by something else nicer).

Since echo is a shell built-in, you don't need to worry about it showing up in ps listings generally.

[ Parent | Reply to this comment ]

Posted by Martian (195.34.xx.xx) on Mon 13 Jun 2011 at 09:01
Another interesting way using perl script.

echo "PlanTextPassword" | perl -nle 'print crypt($_, "\$1\$".join "", (".", "/", 0..9, "A".."Z", "a".."z")[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64]);'

[ Parent | Reply to this comment ]

Posted by Anonymous (193.190.xx.xx) on Mon 30 May 2011 at 15:49
Or you could use nice things as App::Unix::RPasswd (on CPAN).

[ Parent | Reply to this comment ]

Posted by Steve (82.41.xx.xx) on Mon 30 May 2011 at 15:51
[ View Steve's Scratchpad | View Weblogs ]

Clearly that only works if you're using Perl..

Steve

[ Parent | Reply to this comment ]

Posted by Anonymous (83.134.xx.xx) on Sat 14 Jan 2012 at 20:38
No, I just tried it. It's a program and can be run from the command-line or shell script if you want. And yes, Perl is installed on every Linux or UNIX machine I have come across.

[ Parent | Reply to this comment ]

Posted by Anonymous (194.2.xx.xx) on Tue 31 May 2011 at 10:49
There is another "easy" way to do it:

echo "user:unencrypted_pass" | chpasswd

[ Parent | Reply to this comment ]

Posted by Anonymous (109.172.xx.xx) on Sun 5 Jun 2011 at 10:08
echo password|passwd --stdin username

[ Parent | Reply to this comment ]

Posted by Steve (82.41.xx.xx) on Sun 5 Jun 2011 at 11:21
[ View Steve's Scratchpad | View Weblogs ]
skx@birthday:~$ passwd --stdin skx
passwd: unrecognized option '--stdin'
Usage: passwd [options] [LOGIN]

(That is using Wheezy.)

Steve

[ Parent | Reply to this comment ]

Posted by Anonymous (90.27.xx.xx) on Tue 2 Aug 2011 at 22:50
passwd << EOF
oldpass
newpass
newpass
EOF

works for me on squeeze

[ Parent | Reply to this comment ]

Posted by patryk (79.36.xx.xx) on Tue 16 Aug 2011 at 21:42
try this syntax - must work ;)
echo -e "$password\n$password" | passwd $username

[ Parent | Reply to this comment ]

Posted by patryk (79.36.xx.xx) on Tue 16 Aug 2011 at 21:48
or if u r not root and want to change your own password:
echo -e "$oldPassword\n$newPassword\n$newPassword" | passwd

...sorry for dubble posting ;)

[ Parent | Reply to this comment ]

Posted by Anonymous (195.195.xx.xx) on Fri 30 Sep 2011 at 12:02
useradd {USERNAME} -g {GROUP} -p $(perl -e'print crypt("{PASSWORD}", "RANDOM_STRING")') -d {/home/path} -s {/sbin/shell} -M

where {VALUE} is what is expected from you and RANDOM_STRING is your encryption string to use to encrypt PASSWORD

[ Parent | Reply to this comment ]

Sign In

Username:

Password:

[Register|Advanced]

 

Flattr

 

Current Poll

What do you use for configuration management?








( 817 votes ~ 10 comments )