Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 376
  • Last Modified:

Shell or Perl script in Linux to update a password in scripts / environment files

I have a RHES 4.6 which has Perl installed:
# which perl
/usr/bin/perl


I'll need to update lots of scripts & environment data files (called by scripts
to set variables) with a new password.

The script needs to prompt me for the current existing password & then
prompt for the new password & then update those files.

/db/jobdir1/xxxxx.yyy
/db/jobdir2/iiiiii.jjj
/db/jobdir3/aaaaa.bbb

where xxxxx.yyy, iiiii.jjj & aaaaa.bbb are filenames of the
environment files or scripts & the lines in them which have
the current existing passwords can come in various formats:

PASS="aaa!@#$6789"    change to ===>  PASS="BBB!_#$3210"
(in above case the password is enclosed in double-quotes)

SVR_PASS=aaa!@#$6789   change to ===> SVR_PASS=aaa!@#$6789
(in above case the password follows


The difficulty I faced is the password can contain special characters
such as _, @, |, #, $, %, ^, &, *, (, ), {, }, [, ], ;, \, :, ?, numeric digits & alphabets
but we'll avoid double-quotes & single quote & =


So, kindly provide me a Shell or Perl script to handle these updates
as I may now be required to change the passwords every 3 months



0
sunhux
Asked:
sunhux
  • 7
  • 4
1 Solution
 
arnoldCommented:
Instead of updating the password, why not add a line to your perl script that includes a single configuration file where that information is set while removing the variable setting.

require "configuration.pl";

#configuration.pl
#!/usr/bin/perl
$PASS="";
$SVR_PASS="";
1;
 

This approach will mean you only have to modify the scripts once.
0
 
sunhuxAuthor Commented:

Hi Arnold, I don't have any script currently, so I'll need a script.

Don't quite get your message.  Perhaps let me give a more detailed
example:

/db/abc_job/script1.sh  
/db/def_job/def_env.dat
/db/ghk_job/ghk_script.scr
......

So the above 3 files, script1.sh, def_env.dat & ghk_script.scr (can be a
Shell script or any other scripts)  will contain the password.


You may assume that the current password & the new password
are unique, ie there's no commands or filenames or directory names
that are the same as these passwords.


Btw, there's one more important requirement which I missed:
the script that updates the passwords in all those files must
retain the permissioning, owner & group of the file.

Suppose a file containing the password has the ownership
oracle:dba  with rw-r--r-- , then after updating the file, it
should still has these attributes.


0
 
arnoldCommented:
Instead of having each script contain the username/password, you would use a common file that will set the parameter used in all.
i.e. for .sh
#!/bin/sh
#configuration.sh
PASS="password"
SVR_PASS="Password"

in the shell scripts

your second or third line will be
source configuration.sh

This way when you need to make the change, you will make it in these include configuration files which will reduce the number of scripts.

Because it sounds as through the existing scripts are a mix, using perl to go line by line of each file looking for a parameter, is extremely risky.

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
sunhuxAuthor Commented:

Ok, I got what you mean but I have only 5-10 minutes to update
that password in all the files (about 60 of them) as we have
jobs running every 10 minutes.

So I'll still need a script as what I originally need.

To use the common file, I'll still need to amend quite a number of
items to refer to this common file & this is going to take me more
than 10 minutes.
0
 
arnoldCommented:
Ok, you create the replacement configuration files

as applicable for .sh, .pl presumably these are the variations.
Do all use the same script?

http://perldoc.perl.org/functions/stat.html
This is how you can copy and preserver the ownership, mode of the script.

Are the entries necessarily on their own line?

password=test
perl -ibak -pe 's/^(PASS|SVR_PASS)=\"(.*)\"$/\$1=\"$password\"/' list_of_files



perl -i.bak -pe '$password="newpassword"; s/^(PASS|SVR_PASS)=\"(.*)\"$/$1=\"$password\"/'

Open in new window

0
 
sunhuxAuthor Commented:

How is the "list_of_files" substituted?  


Or shall I do :

password=newpassword
perl -ibak -pe 's/^(PASS|SVR_PASS)=\"(.*)\"$/\$1=\"$password\"/' /path1/file1
perl -ibak -pe 's/^(PASS|SVR_PASS)=\"(.*)\"$/\$1=\"$password\"/' /path2/file2
perl -ibak -pe 's/^(PASS|SVR_PASS)=\"(.*)\"$/\$1=\"$password\"/' /path3/file3
. . . . .
0
 
sunhuxAuthor Commented:
Also, if the new password contains special characters,
I won't be able to set a value at all as shown below :

$ newpassword=!~321;:()=
-bash: !~321: event not found

$ newpassword="!~321;:()="
-bash: !~321: event not found
0
 
sunhuxAuthor Commented:
> Are the entries necessarily on their own line?

Browsing through that dozens of files (scripts & environment data files), all
the entries  (ie   SVR_PASS=current_passwd   &  PASS="current_passwd" )
are on a line by themselves ie there's no other preceding text/characters &
no other text/characters at the end of the line or anywhere in between


I tested the perl script given on one single file & it gave an error :

script g.sh that contains the password:
-----------------------------------------------
any test line
SVR_PASS=xxx@!#_8989
PASS="xxx@!#_8989"

PAS
pass=
PASS=
<<<<<< end of the file g.sh >>>>>>


upd_passwd.pl :
------------------
password=p&*()@wD
perl -ibak -pe 's/^(PASS|SVR_PASS)=\"(.*)\"$/\$1=\"$password\"/' ./g.sh


./upd_passwd.pl :
$ ./chgpw.pl
./chgpw.pl: line 1: syntax error near unexpected token `@wX'
./chgpw.pl: line 1: `passwd=p&*()@wX'


0
 
sunhuxAuthor Commented:

Slight typo, corrected below upd_passwd.pl :
------------------------------------------------------
passwd=p&*()@wD
perl -ibak -pe 's/^(PASS|SVR_PASS)=\"(.*)\"$/\$1=\"$passwd\"/' .
0
 
arnoldCommented:
Sorry, it seems that I left two options while I only meant to do the one that works. for your example you need to escape the reserved characters

The setting of the variable within the shell did not work, so I tried setting the variable in the script.

find | xargs perl -i.bak.... {} \; might work as well.
Note the line of perl command line find/replace is below.
perl -i.bak -pe '$password="p\&\*\(\)\@wD"; s/^(PASS|SVR_PASS)=\"(.*)\"$/$1=\"$password\"/' file1 file2 file3 file4

Open in new window

0
 
sunhuxAuthor Commented:
excellent
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now