Solved

Create a Bash Script to Reset Linux Password

Posted on 2011-02-25
11
815 Views
Last Modified: 2012-05-11
Experts,

       I have a powershell script that does exactly what I need it to do in Windows. I'm having trouble changing over the logic to a bash file. I want this script to live on the Linux box. The script I created in Powershell is below - but I need the exact logic translated to bash.

Thanks, Missymadi
# Ask for a username

$Username = Read-Host "Enter UserName"

# Search for the user(s)

$Users = Get-QADUser -SamAccountName $Username | Select-Object Name, DN, 
  PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires, 
  UserMustChangePassword, PasswordIsExpired, PasswordStatus

# Display the user(s)

$Users

If ($Users) {

  # Ask if they wish to proceed

  $Response = Read-Host "Do you want to reset the user's password?`n[1] Yes, [2] No"

  If ($Response -eq "1") {

    # Ask for password 

    $SecurePassword1 = Read-Host "Please enter a password to use" -AsSecureString
    $SecurePassword2 = Read-Host "Please re-enter the password to confirm" -AsSecureString

    $Password1 = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
      [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword1))
    $Password2 = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
      [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword2))

    If ($Password1 -ne $Password2) {

      Write-Host "Passwords do not match. Aborting script." -ForegroundColor Red

    } Else {

      # Perform work

      # For each user we found earlier, set the password. Log a few things and the name of the 
      # user running this script 

      $Users | ForEach-Object { 
        Set-QADUser $_.DN -UserPassword $Password1
        Write-Host "Password reset for $($_.Name)"
      } | Select-Object SamAccountName, PasswordLastSet, @{n='SetBy';e={ $Env:Username }} |
        Out-File c:\PwdChanged.txt -Append
    }
  }
} Else {

  Write-Host "No users found" -ForegroundColor Red

}

Open in new window

0
Comment
Question by:missymadi
  • 5
  • 5
11 Comments
 
LVL 76

Expert Comment

by:arnold
ID: 34981088
You wold need to run the script with SUID set.

prompt the user for a password, you would then need to encrypt the password in MD5 format
and then use
You would need to include logic to make sure the user running the script does not reset root's password.
usermod -p $encrypted_password username.

Your powershell script can be used to reset the Administrator's password.

This is a bad idea.  Are you looking to delegate the right to a group of users?
configure the user/group with  deny sudo passwd root  sudo /bin/passwd root while allowing sudo passwd /bin/passwd for all other users.

Within windows you can delegate this right within the AD or within the workstation.
0
 

Author Comment

by:missymadi
ID: 34981194
This is only to be run by Admin.

I'm looking for examples of Linux scripts to reset passwords.
0
 
LVL 76

Expert Comment

by:arnold
ID: 34981491
can the admin run passwd username?
and then type the new password?

Not sure why you would need to work on a script where a single command does the work.
the issue is that you need to encrypt the password if you use moduser -p 'encrypted_password' username.
0
 

Author Comment

by:missymadi
ID: 34981617
"can the admin run passwd username?
and then type the new password?" Yes, this script is run by the logged in administrator.

The Powershell  script was written to fulfill specified requirements. I only do what I'm told here. This script does exactly what the requestor wanted. I need to know how to fulfill the requirements in the Linux (RHEL5) side. I'm learning Linux but I need to get this script out quickly and looking for help in getting the script completed.

Thanks,
Missymadi
0
 
LVL 5

Expert Comment

by:balasundaram_s
ID: 34981651
Are you trying to hack the passwords?   You might consider doing system level programming, rather than high level shell scripting.

0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:missymadi
ID: 34981776
No, no hacking.
 I need scripts that will live and run locally on a server(PDC)  and reset users passwords. The target for the script is only Admins. We're looking for one script that will run on PDC, and remotely set all passwords on remote RHEL5 /Thin Clients/ VSMs, even though they are not part of the domain. This Powershell script does exactly what I want it to do on the windows side. Now I'm looking for the Linux script to do the same. THEN, I will create a Powershell script that will SSH into each server on the network.
For example:
# If servers are Windows

If $Computer = “Windows” do the following

$ArrComputers = "Computer1", "Computer2", "Computer3"
foreach ($Computer in $ArrComputers)
{ write-host "
" write-host "===================================="
write-host
"Computer: $Computer"
write-host "====================================" write-host "-----------------------------------"
 write-host "Win32_PnPEntity instance"
 write-host "-----------------------------------"

Run a Windows Powershell script
Exit
}

#If servers are RHEL5 Servers

If $Computer = “RHEL5” do the following

ssh

#if servers are VM host

Connect-viserver –server <server> -user <user> -password<pwd>
(use the Connect-VIServer cmdlet and provide a value to the server parameter

For this open question, I really just need the equivalent of the Powershell script in Linux format.
0
 
LVL 76

Expert Comment

by:arnold
ID: 34982639
To use passwd you have to use expect which is an interactive scripting process where you can prompt the Admin for the username, password and then have an expect script that will run passwd username and then wait for the password prompt at which point it will provide the first instance of the password and then wait for the second and provide the second.

You should compare the password prior to calling the expect process.
0
 

Author Comment

by:missymadi
ID: 34982876
Examples please. I cannot use telnet. It must be SSH.
0
 
LVL 76

Expert Comment

by:arnold
ID: 34983353
The script does not deal with how you connect into the shell.

http://bash.cyberciti.biz/security/change-password-shell-script/
0
 

Author Comment

by:missymadi
ID: 34983536
I have already been to the link you posted. I feel like I'm going in circles with this post. I need the equivilent for my script above!

How do you do this is Linux???
$Username = Read-Host "Enter UserName"
# Search for the user(s)
$Users = Get-QADUser -SamAccountName $Username | Select-Object Name, DN,
  PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires,
  UserMustChangePassword, PasswordIsExpired, PasswordStatus

How do you do this in Linux
If ($Users) {

  # Ask if they wish to proceed

  $Response = Read-Host "Do you want to reset the user's password?`n[1] Yes, [2] No"

etc.....

0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 34983743
You can use expect to prompt the user for data and then proceed with the script that will actually perform the change.

You can create a shell script
#/bin/bash
echo "Input Username"
read username
#performCheck
echo "input password"
read password1
echo "input password again to confirm"
read password2
#check that the passwords match
if [ "$password" = "$password2"] ; then
#run the expect script modfied i.e. username and password are passed on the line.
else
echo "Error the passwords do not match"
exit 1
fi
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now