Link to home
Start Free TrialLog in
Avatar of bozkirli
bozkirli

asked on

Giving passwords from command line

Hi,

I need a utility that will enable me to assign passwords to users from command line.  I.e I want to be able to do something like this

paswd --newpass p asdf user

passwd command on the system is interactive and cannot assign passwords from command line.   We need a way thats reliable, quick and something that can work on a multi user system.

We keep passwords in the shadow file.  I'm working on SunOS 5.6.  We have thousands of users.

Thanks in advance
Avatar of tfewster
tfewster
Flag of United Kingdom of Great Britain and Northern Ireland image
Download and install "expect", a scripting language, from:  
http://dev.scriptics.com/ (sources, binaries, apps & more!)  

Create a shell script looking something like this:

#!/usr/local/bin/expect --

spawn /usr/bin/passwd $1
expect "New password:"
send "$2\r"
expect "Re-enter password:"
send "$2\r"

Execute this script with the username and new password as command line
parameters.

The shadow password file won't be a problem, as you're still using the
standard "passwd" command, but using expect to dummy the input.

For a good manual & examples for expect scripts, look at:
http://www.oreilly.com/catalog/expect/chapter/ch03.html 
Avatar of jlevie
jlevie
Expanding on tfewster's comment...

You need expect and an expect script to set the password. Solaris 2.6 & above have a fancier passwd command than previous versions, which you might need to take advantage of. The expect script below can selectively set a user's password in any of the authentication services Solaris supports via passwd. As a bonus, it also works on Linux

---snip, snip, - begin newpass---
#!/usr/bin/expect --
#
# NAME
#       newpass - set user's passwd from the command line non-interactively
#
# SYNOPSIS
#       newpass user password [files|nis|nisplus]
#
# DESCRIPTION
#       When run as root, this script will interact with passwd and set
#       "password" for the specified "user". The script knows about both
#       Solaris and Linux and, in the case of Solaris, can explicitly
#       set the password in any of the three possible services
#       (files, nis, or nisplus). If not specified, the system default
#       for authentication is used.
#
# Author: Jim Levie (jlevie@bellsouth.net)
#
log_user 0
set LinuxOS 0
set svc "default"
if {[exec uname -s] == "Linux"} { set LinuxOS 1 }
if {!$LinuxOS && $argc == 3} {
    if {[lindex $argv 2] == "files" || [lindex $argv 2] == "nis"
      || [lindex $argv 2] == "nisplus"} {
      set svc "[lindex $argv 2]"
    } else {
      send_error "Usage: newpass user passwd \[files|nis|nisplus\]\n"
      exit 1
    }
} elseif {$LinuxOS && $argc != 2} {
    send_error "Usage: newpass user passwd\n"
    exit 1
} elseif {$argc < 2 || $argc >3} {
    send_error "Usage: newpass user passwd \[files|nis|nisplus\]\n"
    exit 1
}
set user [lindex $argv 0]
set pass [lindex $argv 1]
#
# Solaris 2.6 & later needs the -r option to specify which
# password service (files, nis, nisplus) see man passwd.  Linux
# has passwd in a different location and doesn't need the
# service specification. (Note that I no longer have anything
# earlier than 2.6 to test with, you've been warned... there be
# dragons here).
#
# BIG NOTE!!! Linux has to have the "sleep 1" between each of
# the "expect/send" pairs. It puts out the prompt before it's actually
# ready to take input. You can comment them out for Solaris, but
# it doesn't hurt for them to be there and might be a plus
# busy server. (there be really big dragons here...)
#

if {$LinuxOS} {
    spawn -noecho /usr/bin/passwd $user
} else {
    if {$svc == "files"} {
      spawn /bin/passwd -r files $user
    } elseif {$svc == "nis"} {
      spawn /bin/passwd -r nis $user
    } elseif {$svc == "nisplus"} {
      spawn /bin/passwd -r nisplus $user
    } else {
      spawn /bin/passwd $user
    }
}

if {$LinuxOS} { sleep 1 }
expect {
    -re "(.*) does not exist" {
      send_error "unknown user: $user\n"
      exit 1
    } -re "(.*) Unknown user(.*)" {
      send_error "unknown user: $user\n"
      exit 1
    } default {
      send_error "$expect_out(buffer)"
      exit 1
    } -re "New (.*)password:"
}
send "$pass\r"
if {$LinuxOS} { sleep 1 }
expect {
    -re "passwd.SYSTEM.(.*)" {
      send_error "$expect_out(buffer)"
      exit 1
    } -re "BAD(.*)" {
      send_error "$expect_out(buffer)"
      exit 1
    } default {
      send_error "Unknown error from passwd\n"
      exit 1
    } -re "Re(.*) password:"
}
send "$pass\r"
if {$LinuxOS} { sleep 1 }
expect {
    -re "passwd(.*) try again" {
      send_error "$expect_out(buffer)"
      exit 1
    } -re "Sorry,(.*)" {
      send_error "$expect_out(buffer)"
      exit 1
    } default {
      send_error "Unknown error from passwd\n"
      exit 1
    } -re "(.*) successfully changed (.*)" {
      send_user "Password changed\n"
      exit 0
    } -re "(.*) updated successfully" {
      send_user "Password changed\n"
      exit 0
    }
}
close
wait
send_user "\n"

Avatar of tfewster
tfewster
Flag of United Kingdom of Great Britain and Northern Ireland image
Nice one Jim - BTW, take a look at https://www.experts-exchange.com/jsp/qShow.jsp?ta=unixprog&qid=10306983  - another Q. on "expect" & I'm way out of my depth

  __|__
  \___/
~~~~~~~~
 O
  o
   .
  :(
ASKER CERTIFIED SOLUTION
Avatar of Gastone Canali
Gastone Canali
Flag of Italy image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jlevie
jlevie
Yeah, I've done that too, how are you going to handle NIS+, what about systems using MD5 authentication via pam? The expect script does as it uses the system password program...