Solved

Create a Bash Script to Reset Linux Password

Posted on 2011-02-25
11
833 Views
Last Modified: 2012-05-11
Experts,

       I have a powershell script that does exactly what I need it to do in Windows. I'm having trouble changing over the logic to a bash file. I want this script to live on the Linux box. The script I created in Powershell is below - but I need the exact logic translated to bash.

Thanks, Missymadi
# Ask for a username

$Username = Read-Host "Enter UserName"

# Search for the user(s)

$Users = Get-QADUser -SamAccountName $Username | Select-Object Name, DN, 
  PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires, 
  UserMustChangePassword, PasswordIsExpired, PasswordStatus

# Display the user(s)

$Users

If ($Users) {

  # Ask if they wish to proceed

  $Response = Read-Host "Do you want to reset the user's password?`n[1] Yes, [2] No"

  If ($Response -eq "1") {

    # Ask for password 

    $SecurePassword1 = Read-Host "Please enter a password to use" -AsSecureString
    $SecurePassword2 = Read-Host "Please re-enter the password to confirm" -AsSecureString

    $Password1 = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
      [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword1))
    $Password2 = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
      [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword2))

    If ($Password1 -ne $Password2) {

      Write-Host "Passwords do not match. Aborting script." -ForegroundColor Red

    } Else {

      # Perform work

      # For each user we found earlier, set the password. Log a few things and the name of the 
      # user running this script 

      $Users | ForEach-Object { 
        Set-QADUser $_.DN -UserPassword $Password1
        Write-Host "Password reset for $($_.Name)"
      } | Select-Object SamAccountName, PasswordLastSet, @{n='SetBy';e={ $Env:Username }} |
        Out-File c:\PwdChanged.txt -Append
    }
  }
} Else {

  Write-Host "No users found" -ForegroundColor Red

}

Open in new window

0
Comment
Question by:missymadi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 34981088
You wold need to run the script with SUID set.

prompt the user for a password, you would then need to encrypt the password in MD5 format
and then use
You would need to include logic to make sure the user running the script does not reset root's password.
usermod -p $encrypted_password username.

Your powershell script can be used to reset the Administrator's password.

This is a bad idea.  Are you looking to delegate the right to a group of users?
configure the user/group with  deny sudo passwd root  sudo /bin/passwd root while allowing sudo passwd /bin/passwd for all other users.

Within windows you can delegate this right within the AD or within the workstation.
0
 

Author Comment

by:missymadi
ID: 34981194
This is only to be run by Admin.

I'm looking for examples of Linux scripts to reset passwords.
0
 
LVL 78

Expert Comment

by:arnold
ID: 34981491
can the admin run passwd username?
and then type the new password?

Not sure why you would need to work on a script where a single command does the work.
the issue is that you need to encrypt the password if you use moduser -p 'encrypted_password' username.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:missymadi
ID: 34981617
"can the admin run passwd username?
and then type the new password?" Yes, this script is run by the logged in administrator.

The Powershell  script was written to fulfill specified requirements. I only do what I'm told here. This script does exactly what the requestor wanted. I need to know how to fulfill the requirements in the Linux (RHEL5) side. I'm learning Linux but I need to get this script out quickly and looking for help in getting the script completed.

Thanks,
Missymadi
0
 
LVL 5

Expert Comment

by:balasundaram_s
ID: 34981651
Are you trying to hack the passwords?   You might consider doing system level programming, rather than high level shell scripting.

0
 

Author Comment

by:missymadi
ID: 34981776
No, no hacking.
 I need scripts that will live and run locally on a server(PDC)  and reset users passwords. The target for the script is only Admins. We're looking for one script that will run on PDC, and remotely set all passwords on remote RHEL5 /Thin Clients/ VSMs, even though they are not part of the domain. This Powershell script does exactly what I want it to do on the windows side. Now I'm looking for the Linux script to do the same. THEN, I will create a Powershell script that will SSH into each server on the network.
For example:
# If servers are Windows

If $Computer = “Windows” do the following

$ArrComputers = "Computer1", "Computer2", "Computer3"
foreach ($Computer in $ArrComputers)
{ write-host "
" write-host "===================================="
write-host
"Computer: $Computer"
write-host "====================================" write-host "-----------------------------------"
 write-host "Win32_PnPEntity instance"
 write-host "-----------------------------------"

Run a Windows Powershell script
Exit
}

#If servers are RHEL5 Servers

If $Computer = “RHEL5” do the following

ssh

#if servers are VM host

Connect-viserver –server <server> -user <user> -password<pwd>
(use the Connect-VIServer cmdlet and provide a value to the server parameter

For this open question, I really just need the equivalent of the Powershell script in Linux format.
0
 
LVL 78

Expert Comment

by:arnold
ID: 34982639
To use passwd you have to use expect which is an interactive scripting process where you can prompt the Admin for the username, password and then have an expect script that will run passwd username and then wait for the password prompt at which point it will provide the first instance of the password and then wait for the second and provide the second.

You should compare the password prior to calling the expect process.
0
 

Author Comment

by:missymadi
ID: 34982876
Examples please. I cannot use telnet. It must be SSH.
0
 
LVL 78

Expert Comment

by:arnold
ID: 34983353
The script does not deal with how you connect into the shell.

http://bash.cyberciti.biz/security/change-password-shell-script/
0
 

Author Comment

by:missymadi
ID: 34983536
I have already been to the link you posted. I feel like I'm going in circles with this post. I need the equivilent for my script above!

How do you do this is Linux???
$Username = Read-Host "Enter UserName"
# Search for the user(s)
$Users = Get-QADUser -SamAccountName $Username | Select-Object Name, DN,
  PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires,
  UserMustChangePassword, PasswordIsExpired, PasswordStatus

How do you do this in Linux
If ($Users) {

  # Ask if they wish to proceed

  $Response = Read-Host "Do you want to reset the user's password?`n[1] Yes, [2] No"

etc.....

0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 34983743
You can use expect to prompt the user for data and then proceed with the script that will actually perform the change.

You can create a shell script
#/bin/bash
echo "Input Username"
read username
#performCheck
echo "input password"
read password1
echo "input password again to confirm"
read password2
#check that the passwords match
if [ "$password" = "$password2"] ; then
#run the expect script modfied i.e. username and password are passed on the line.
else
echo "Error the passwords do not match"
exit 1
fi
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to send commands to switch via telnet programatically 15 88
Linux MD5 Hash 7 97
NFS v4 7 76
PartedMagic Secure Erase 14 33
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Over the years I've spent many an hour playing on hardened, DMZ'd servers, with only a sub-set of the usual GNU toy's to keep me company; frequently I've needed to save and send log or data extracts from these server back to my PC, or to others, and…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question