Shell or Perl script in Linux to update a password in scripts / environment files

Posted on 2011-04-19
Last Modified: 2012-06-22
I have a RHES 4.6 which has Perl installed:
# which perl

I'll need to update lots of scripts & environment data files (called by scripts
to set variables) with a new password.

The script needs to prompt me for the current existing password & then
prompt for the new password & then update those files.


where xxxxx.yyy, iiiii.jjj & aaaaa.bbb are filenames of the
environment files or scripts & the lines in them which have
the current existing passwords can come in various formats:

PASS="aaa!@#$6789"    change to ===>  PASS="BBB!_#$3210"
(in above case the password is enclosed in double-quotes)

SVR_PASS=aaa!@#$6789   change to ===> SVR_PASS=aaa!@#$6789
(in above case the password follows

The difficulty I faced is the password can contain special characters
such as _, @, |, #, $, %, ^, &, *, (, ), {, }, [, ], ;, \, :, ?, numeric digits & alphabets
but we'll avoid double-quotes & single quote & =

So, kindly provide me a Shell or Perl script to handle these updates
as I may now be required to change the passwords every 3 months

Question by:sunhux
    LVL 76

    Expert Comment

    Instead of updating the password, why not add a line to your perl script that includes a single configuration file where that information is set while removing the variable setting.

    require "";

    This approach will mean you only have to modify the scripts once.

    Author Comment


    Hi Arnold, I don't have any script currently, so I'll need a script.

    Don't quite get your message.  Perhaps let me give a more detailed


    So the above 3 files,, def_env.dat & ghk_script.scr (can be a
    Shell script or any other scripts)  will contain the password.

    You may assume that the current password & the new password
    are unique, ie there's no commands or filenames or directory names
    that are the same as these passwords.

    Btw, there's one more important requirement which I missed:
    the script that updates the passwords in all those files must
    retain the permissioning, owner & group of the file.

    Suppose a file containing the password has the ownership
    oracle:dba  with rw-r--r-- , then after updating the file, it
    should still has these attributes.

    LVL 76

    Expert Comment

    Instead of having each script contain the username/password, you would use a common file that will set the parameter used in all.
    i.e. for .sh

    in the shell scripts

    your second or third line will be

    This way when you need to make the change, you will make it in these include configuration files which will reduce the number of scripts.

    Because it sounds as through the existing scripts are a mix, using perl to go line by line of each file looking for a parameter, is extremely risky.


    Author Comment


    Ok, I got what you mean but I have only 5-10 minutes to update
    that password in all the files (about 60 of them) as we have
    jobs running every 10 minutes.

    So I'll still need a script as what I originally need.

    To use the common file, I'll still need to amend quite a number of
    items to refer to this common file & this is going to take me more
    than 10 minutes.
    LVL 76

    Expert Comment

    Ok, you create the replacement configuration files

    as applicable for .sh, .pl presumably these are the variations.
    Do all use the same script?
    This is how you can copy and preserver the ownership, mode of the script.

    Are the entries necessarily on their own line?

    perl -ibak -pe 's/^(PASS|SVR_PASS)=\"(.*)\"$/\$1=\"$password\"/' list_of_files

    perl -i.bak -pe '$password="newpassword"; s/^(PASS|SVR_PASS)=\"(.*)\"$/$1=\"$password\"/'

    Open in new window


    Author Comment


    How is the "list_of_files" substituted?  

    Or shall I do :

    perl -ibak -pe 's/^(PASS|SVR_PASS)=\"(.*)\"$/\$1=\"$password\"/' /path1/file1
    perl -ibak -pe 's/^(PASS|SVR_PASS)=\"(.*)\"$/\$1=\"$password\"/' /path2/file2
    perl -ibak -pe 's/^(PASS|SVR_PASS)=\"(.*)\"$/\$1=\"$password\"/' /path3/file3
    . . . . .

    Author Comment

    Also, if the new password contains special characters,
    I won't be able to set a value at all as shown below :

    $ newpassword=!~321;:()=
    -bash: !~321: event not found

    $ newpassword="!~321;:()="
    -bash: !~321: event not found

    Author Comment

    > Are the entries necessarily on their own line?

    Browsing through that dozens of files (scripts & environment data files), all
    the entries  (ie   SVR_PASS=current_passwd   &  PASS="current_passwd" )
    are on a line by themselves ie there's no other preceding text/characters &
    no other text/characters at the end of the line or anywhere in between

    I tested the perl script given on one single file & it gave an error :

    script that contains the password:
    any test line

    <<<<<< end of the file >>>>>> :
    perl -ibak -pe 's/^(PASS|SVR_PASS)=\"(.*)\"$/\$1=\"$password\"/' ./

    ./ :
    $ ./
    ./ line 1: syntax error near unexpected token `@wX'
    ./ line 1: `passwd=p&*()@wX'


    Author Comment


    Slight typo, corrected below :
    perl -ibak -pe 's/^(PASS|SVR_PASS)=\"(.*)\"$/\$1=\"$passwd\"/' .
    LVL 76

    Accepted Solution

    Sorry, it seems that I left two options while I only meant to do the one that works. for your example you need to escape the reserved characters

    The setting of the variable within the shell did not work, so I tried setting the variable in the script.

    find | xargs perl -i.bak.... {} \; might work as well.
    Note the line of perl command line find/replace is below.
    perl -i.bak -pe '$password="p\&\*\(\)\@wD"; s/^(PASS|SVR_PASS)=\"(.*)\"$/$1=\"$password\"/' file1 file2 file3 file4

    Open in new window


    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Many time we need to work with multiple files all together. If its windows system then we can use some GUI based editor to accomplish our task. But what if you are on putty or have only CLI(Command Line Interface) as an option to  edit your files. I…
    FreeBSD on EC2 FreeBSD ( is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    This tutorial goes over how to archive and restore FreeBSD jails that are managed by ezjail.

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now