Solved

Create a Bash Script to Reset Linux Password

Posted on 2011-02-25
11
818 Views
Last Modified: 2012-05-11
Experts,

       I have a powershell script that does exactly what I need it to do in Windows. I'm having trouble changing over the logic to a bash file. I want this script to live on the Linux box. The script I created in Powershell is below - but I need the exact logic translated to bash.

Thanks, Missymadi
# Ask for a username

$Username = Read-Host "Enter UserName"

# Search for the user(s)

$Users = Get-QADUser -SamAccountName $Username | Select-Object Name, DN, 
  PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires, 
  UserMustChangePassword, PasswordIsExpired, PasswordStatus

# Display the user(s)

$Users

If ($Users) {

  # Ask if they wish to proceed

  $Response = Read-Host "Do you want to reset the user's password?`n[1] Yes, [2] No"

  If ($Response -eq "1") {

    # Ask for password 

    $SecurePassword1 = Read-Host "Please enter a password to use" -AsSecureString
    $SecurePassword2 = Read-Host "Please re-enter the password to confirm" -AsSecureString

    $Password1 = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
      [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword1))
    $Password2 = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
      [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword2))

    If ($Password1 -ne $Password2) {

      Write-Host "Passwords do not match. Aborting script." -ForegroundColor Red

    } Else {

      # Perform work

      # For each user we found earlier, set the password. Log a few things and the name of the 
      # user running this script 

      $Users | ForEach-Object { 
        Set-QADUser $_.DN -UserPassword $Password1
        Write-Host "Password reset for $($_.Name)"
      } | Select-Object SamAccountName, PasswordLastSet, @{n='SetBy';e={ $Env:Username }} |
        Out-File c:\PwdChanged.txt -Append
    }
  }
} Else {

  Write-Host "No users found" -ForegroundColor Red

}

Open in new window

0
Comment
Question by:missymadi
  • 5
  • 5
11 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 34981088
You wold need to run the script with SUID set.

prompt the user for a password, you would then need to encrypt the password in MD5 format
and then use
You would need to include logic to make sure the user running the script does not reset root's password.
usermod -p $encrypted_password username.

Your powershell script can be used to reset the Administrator's password.

This is a bad idea.  Are you looking to delegate the right to a group of users?
configure the user/group with  deny sudo passwd root  sudo /bin/passwd root while allowing sudo passwd /bin/passwd for all other users.

Within windows you can delegate this right within the AD or within the workstation.
0
 

Author Comment

by:missymadi
ID: 34981194
This is only to be run by Admin.

I'm looking for examples of Linux scripts to reset passwords.
0
 
LVL 77

Expert Comment

by:arnold
ID: 34981491
can the admin run passwd username?
and then type the new password?

Not sure why you would need to work on a script where a single command does the work.
the issue is that you need to encrypt the password if you use moduser -p 'encrypted_password' username.
0
 

Author Comment

by:missymadi
ID: 34981617
"can the admin run passwd username?
and then type the new password?" Yes, this script is run by the logged in administrator.

The Powershell  script was written to fulfill specified requirements. I only do what I'm told here. This script does exactly what the requestor wanted. I need to know how to fulfill the requirements in the Linux (RHEL5) side. I'm learning Linux but I need to get this script out quickly and looking for help in getting the script completed.

Thanks,
Missymadi
0
 
LVL 5

Expert Comment

by:balasundaram_s
ID: 34981651
Are you trying to hack the passwords?   You might consider doing system level programming, rather than high level shell scripting.

0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:missymadi
ID: 34981776
No, no hacking.
 I need scripts that will live and run locally on a server(PDC)  and reset users passwords. The target for the script is only Admins. We're looking for one script that will run on PDC, and remotely set all passwords on remote RHEL5 /Thin Clients/ VSMs, even though they are not part of the domain. This Powershell script does exactly what I want it to do on the windows side. Now I'm looking for the Linux script to do the same. THEN, I will create a Powershell script that will SSH into each server on the network.
For example:
# If servers are Windows

If $Computer = “Windows” do the following

$ArrComputers = "Computer1", "Computer2", "Computer3"
foreach ($Computer in $ArrComputers)
{ write-host "
" write-host "===================================="
write-host
"Computer: $Computer"
write-host "====================================" write-host "-----------------------------------"
 write-host "Win32_PnPEntity instance"
 write-host "-----------------------------------"

Run a Windows Powershell script
Exit
}

#If servers are RHEL5 Servers

If $Computer = “RHEL5” do the following

ssh

#if servers are VM host

Connect-viserver –server <server> -user <user> -password<pwd>
(use the Connect-VIServer cmdlet and provide a value to the server parameter

For this open question, I really just need the equivalent of the Powershell script in Linux format.
0
 
LVL 77

Expert Comment

by:arnold
ID: 34982639
To use passwd you have to use expect which is an interactive scripting process where you can prompt the Admin for the username, password and then have an expect script that will run passwd username and then wait for the password prompt at which point it will provide the first instance of the password and then wait for the second and provide the second.

You should compare the password prior to calling the expect process.
0
 

Author Comment

by:missymadi
ID: 34982876
Examples please. I cannot use telnet. It must be SSH.
0
 
LVL 77

Expert Comment

by:arnold
ID: 34983353
The script does not deal with how you connect into the shell.

http://bash.cyberciti.biz/security/change-password-shell-script/
0
 

Author Comment

by:missymadi
ID: 34983536
I have already been to the link you posted. I feel like I'm going in circles with this post. I need the equivilent for my script above!

How do you do this is Linux???
$Username = Read-Host "Enter UserName"
# Search for the user(s)
$Users = Get-QADUser -SamAccountName $Username | Select-Object Name, DN,
  PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires,
  UserMustChangePassword, PasswordIsExpired, PasswordStatus

How do you do this in Linux
If ($Users) {

  # Ask if they wish to proceed

  $Response = Read-Host "Do you want to reset the user's password?`n[1] Yes, [2] No"

etc.....

0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 34983743
You can use expect to prompt the user for data and then proceed with the script that will actually perform the change.

You can create a shell script
#/bin/bash
echo "Input Username"
read username
#performCheck
echo "input password"
read password1
echo "input password again to confirm"
read password2
#check that the passwords match
if [ "$password" = "$password2"] ; then
#run the expect script modfied i.e. username and password are passed on the line.
else
echo "Error the passwords do not match"
exit 1
fi
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now