Change password shell script

Posted on in Categories Security last updated April 10, 2008

17 comment

  1. Hi,

    best would be to edit the script:

    to

    The script is universally usable after that change. Otherwise the script wont run for german e.g. I edited, and it works perfectly for ubuntu.

    Edited by Admin: Added pre tags to the code.

  2. Ok, I’m trying to create a script that crontab will run every day that changes root pass to a random 20 digit string. (obxnux, I think we’re wanting something similar) I have tried chpasswd, but it doesn’t work, sets root pwd to nill. (don’t worry, I’ve rectified that before this post) My script’s at the end, what am I doing wrong??

    #!/bin/bash
    iam=$(whoami)
    pass=> /root/pass
    cat /root/pass | chpasswd
    rm -f /root/pass
    else
    sudo echo root:$pass >> /root/pass
    sudo cat /root/pass | chpasswd
    sudo rm -f /root/pass
    fi
    exit 0 #the only way you should ever exit script

    1. THAT is not my script?? Lemme try again…

      #!/bin/bash
      iam=$(whoami)
      pass=> /root/pass
      cat /root/pass | chpasswd
      rm -f /root/pass
      else
      sudo echo root:$pass >> /root/pass
      sudo cat /root/pass | chpasswd
      sudo rm -f /root/pass
      fi
      exit 0

      1. I’m begining to think there’s something wrong here, under the “iam” line is supposed to be one that assigns a random 20 digit phrase to $pass?? why won’t it post correctly?
        #!/bin/bash
        iam=$(whoami)
        pass=> /root/pass
        cat /root/pass | chpasswd
        rm -f /root/pass
        else
        sudo echo root:$pass >> /root/pass
        sudo cat /root/pass | chpasswd
        sudo rm -f /root/pass
        fi
        exit 0

  3. All of these are bad ideas. You do not want your password being processed via the shell. Most shells keep a history file of commands executed – and this will show up in them. In general, you do not want your password saved in cleartext anywhere, regardless of file system controls.

    1. The password command doesn’t store the information in clear text. Running a history command will not return with:

      17: passwd 123456

      The user can’t even see if they’re typing in the password correctly so really the only way someone could get the password is if they were watching you type it in and you were a somewhat slow and “distinguished” typist.

  4. chpasswd is your friend:
    echo username:password | chpasswd

    You can even do
    cat passlist.txt | chpasswd
    where passlist.txt is a newline delimited list of username:password pairs.

          1. Doesnt work here 1 :(

            It gave the following error :
            echo one:different | chpasswd ( “one” is username & “different” is the new password i wish to give it )
            Changing password for one.
            chpasswd: (user one) pam_chauthtok() failed, error:
            Authentication token manipulation error
            chpasswd: (line 1, user one) password not changed

            Pls help ….

  5. Um, yea Tamilan – that doesn’t actually work. Did you try it yourself? All it does on my machine is remove a shell from the test user and not change the password.
    The problem I’m running into with the above script is that it isn’t properly returning to the cli when done. In fact it is a pain in the ass to run within another script.

Leave a Comment