• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 879
  • Last Modified:

Create a Bash Script to Reset Linux Password

Experts,

       I have a powershell script that does exactly what I need it to do in Windows. I'm having trouble changing over the logic to a bash file. I want this script to live on the Linux box. The script I created in Powershell is below - but I need the exact logic translated to bash.

Thanks, Missymadi
# Ask for a username

$Username = Read-Host "Enter UserName"

# Search for the user(s)

$Users = Get-QADUser -SamAccountName $Username | Select-Object Name, DN, 
  PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires, 
  UserMustChangePassword, PasswordIsExpired, PasswordStatus

# Display the user(s)

$Users

If ($Users) {

  # Ask if they wish to proceed

  $Response = Read-Host "Do you want to reset the user's password?`n[1] Yes, [2] No"

  If ($Response -eq "1") {

    # Ask for password 

    $SecurePassword1 = Read-Host "Please enter a password to use" -AsSecureString
    $SecurePassword2 = Read-Host "Please re-enter the password to confirm" -AsSecureString

    $Password1 = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
      [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword1))
    $Password2 = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
      [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword2))

    If ($Password1 -ne $Password2) {

      Write-Host "Passwords do not match. Aborting script." -ForegroundColor Red

    } Else {

      # Perform work

      # For each user we found earlier, set the password. Log a few things and the name of the 
      # user running this script 

      $Users | ForEach-Object { 
        Set-QADUser $_.DN -UserPassword $Password1
        Write-Host "Password reset for $($_.Name)"
      } | Select-Object SamAccountName, PasswordLastSet, @{n='SetBy';e={ $Env:Username }} |
        Out-File c:\PwdChanged.txt -Append
    }
  }
} Else {

  Write-Host "No users found" -ForegroundColor Red

}

Open in new window

0
missymadi
Asked:
missymadi
  • 5
  • 5
1 Solution
 
arnoldCommented:
You wold need to run the script with SUID set.

prompt the user for a password, you would then need to encrypt the password in MD5 format
and then use
You would need to include logic to make sure the user running the script does not reset root's password.
usermod -p $encrypted_password username.

Your powershell script can be used to reset the Administrator's password.

This is a bad idea.  Are you looking to delegate the right to a group of users?
configure the user/group with  deny sudo passwd root  sudo /bin/passwd root while allowing sudo passwd /bin/passwd for all other users.

Within windows you can delegate this right within the AD or within the workstation.
0
 
missymadiAuthor Commented:
This is only to be run by Admin.

I'm looking for examples of Linux scripts to reset passwords.
0
 
arnoldCommented:
can the admin run passwd username?
and then type the new password?

Not sure why you would need to work on a script where a single command does the work.
the issue is that you need to encrypt the password if you use moduser -p 'encrypted_password' username.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
missymadiAuthor Commented:
"can the admin run passwd username?
and then type the new password?" Yes, this script is run by the logged in administrator.

The Powershell  script was written to fulfill specified requirements. I only do what I'm told here. This script does exactly what the requestor wanted. I need to know how to fulfill the requirements in the Linux (RHEL5) side. I'm learning Linux but I need to get this script out quickly and looking for help in getting the script completed.

Thanks,
Missymadi
0
 
balasundaram_sCommented:
Are you trying to hack the passwords?   You might consider doing system level programming, rather than high level shell scripting.

0
 
missymadiAuthor Commented:
No, no hacking.
 I need scripts that will live and run locally on a server(PDC)  and reset users passwords. The target for the script is only Admins. We're looking for one script that will run on PDC, and remotely set all passwords on remote RHEL5 /Thin Clients/ VSMs, even though they are not part of the domain. This Powershell script does exactly what I want it to do on the windows side. Now I'm looking for the Linux script to do the same. THEN, I will create a Powershell script that will SSH into each server on the network.
For example:
# If servers are Windows

If $Computer = “Windows” do the following

$ArrComputers = "Computer1", "Computer2", "Computer3"
foreach ($Computer in $ArrComputers)
{ write-host "
" write-host "===================================="
write-host
"Computer: $Computer"
write-host "====================================" write-host "-----------------------------------"
 write-host "Win32_PnPEntity instance"
 write-host "-----------------------------------"

Run a Windows Powershell script
Exit
}

#If servers are RHEL5 Servers

If $Computer = “RHEL5” do the following

ssh

#if servers are VM host

Connect-viserver –server <server> -user <user> -password<pwd>
(use the Connect-VIServer cmdlet and provide a value to the server parameter

For this open question, I really just need the equivalent of the Powershell script in Linux format.
0
 
arnoldCommented:
To use passwd you have to use expect which is an interactive scripting process where you can prompt the Admin for the username, password and then have an expect script that will run passwd username and then wait for the password prompt at which point it will provide the first instance of the password and then wait for the second and provide the second.

You should compare the password prior to calling the expect process.
0
 
missymadiAuthor Commented:
Examples please. I cannot use telnet. It must be SSH.
0
 
arnoldCommented:
The script does not deal with how you connect into the shell.

http://bash.cyberciti.biz/security/change-password-shell-script/
0
 
missymadiAuthor Commented:
I have already been to the link you posted. I feel like I'm going in circles with this post. I need the equivilent for my script above!

How do you do this is Linux???
$Username = Read-Host "Enter UserName"
# Search for the user(s)
$Users = Get-QADUser -SamAccountName $Username | Select-Object Name, DN,
  PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires,
  UserMustChangePassword, PasswordIsExpired, PasswordStatus

How do you do this in Linux
If ($Users) {

  # Ask if they wish to proceed

  $Response = Read-Host "Do you want to reset the user's password?`n[1] Yes, [2] No"

etc.....

0
 
arnoldCommented:
You can use expect to prompt the user for data and then proceed with the script that will actually perform the change.

You can create a shell script
#/bin/bash
echo "Input Username"
read username
#performCheck
echo "input password"
read password1
echo "input password again to confirm"
read password2
#check that the passwords match
if [ "$password" = "$password2"] ; then
#run the expect script modfied i.e. username and password are passed on the line.
else
echo "Error the passwords do not match"
exit 1
fi
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now