I need to have the ability to create user accounts on my Linux (Fedora 10) and automatically assign a password via a bash script(or otherwise, if need be).
It's easy to create the user via Bash e.g.:
[whoever#server ]# /usr/sbin/useradd newuser
Is it possible to assign a password in Bash, something functionally similar to this, but automatically:
[whoever#server ]# passwd newuser
Changing password for user testpass.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[whoever#server ]#
You could also use chpasswd:
echo username:new_password | chpasswd
so, you change password for user username to new_password.
You can run the passwd command and send it piped input. So, do something like:
echo thePassword | passwd theUsername --stdin
I was asking myself the same thing, and didn't want to rely on a Python script.
This is the line to add a user with a defined password in one bash line:
useradd -p $(openssl passwd -crypt $PASS) $USER
The code below worked in Ubuntu 14.04. Try before you use it in other versions/linux variants.
# quietly add a user without password
adduser --quiet --disabled-password --shell /bin/bash --home /home/newuser --gecos "User" newuser
# set password
echo "newuser:newpassword" | chpasswd
I liked Tralemonkey's approach of echo thePassword | passwd theUsername --stdin though it didn't quite work for me as written. This however worked for me.
echo -e "$password\n$password\n" | sudo passwd $user
-e is to recognize \n as new line.
sudo is root access for Ubuntu.
The double quotes are to recognize $ and expand the variables.
The above command passes the password and a new line, two times, to passwd, which is what passwd requires.
If not using variables, I think this probably works.
echo -e 'password\npassword\n' | sudo passwd username
Single quotes should suffice here.
The following works for me and tested on Ubuntu 14.04. It is a one liner that does not require any user input.
sudo useradd -p $(openssl passwd -1 $PASS) $USERNAME
Taken from #Tralemonkey
Single liner to create a sudo user with home directory and password.
useradd -m -p $(openssl passwd -1 ${PASSWORD}) -s /bin/bash -G sudo ${USERNAME}
You can use the -p option.
useradd -p encrypted_password newuser
Unfortunately, this does require you to hash the password yourself (where passwd does that for you). Unfortunately, there does not seem to be a standard utility to hash some data so you'll have to write that yourself.
Here's a little Python script I whipped up to do the encryption for you. Assuming you called it pcrypt, you would then write your above command line to:
useradd -p $(pcrypt ${passwd}) newuser
A couple of warnings to be aware of.
While pcrypt is running, the plaintext will be visible to any user via the ps command.
pcrypt uses the old style crypt function - if you are using something more moderns like an MD5 hash, you'll need to change pcrypt.
and here's pcrypt:
#!/usr/bin/env python
import crypt
import sys
import random
saltchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
def salt():
return random.choice(saltchars) + random.choice(saltchars)
def hash(plain):
return crypt.crypt(arg, salt())
if __name__ == "__main__":
random.seed()
for arg in sys.argv[1:]:
sys.stdout.write("%s\n" % (hash(arg),))
--stdin doesn't work on Debian. It says:
`passwd: unrecognized option '--stdin'`
This worked for me:
#useradd $USER
#echo "$USER:$SENHA" | chpasswd
Here we can find some other good ways:
http://www.debian-administration.org/articles/668
You can use expect in your bash script.
From http://www.seanodonnell.com/code/?id=21
#!/usr/bin/expect
#########################################
#$ file: htpasswd.sh
#$ desc: Automated htpasswd shell script
#########################################
#$
#$ usage example:
#$
#$ ./htpasswd.sh passwdpath username userpass
#$
######################################
set htpasswdpath [lindex $argv 0]
set username [lindex $argv 1]
set userpass [lindex $argv 2]
# spawn the htpasswd command process
spawn htpasswd $htpasswdpath $username
# Automate the 'New password' Procedure
expect "New password:"
send "$userpass\r"
expect "Re-type new password:"
send "$userpass\r"
I know I'm coming at this years later, but I can't believe no one suggested usermod.
usermod --password `perl -e "print crypt('password','sa');"` root
Hell, just in case someone wants to do this on an older HPUX you can use usermod.sam.
/usr/sam/lbin/usermod.sam -F -p `perl -e "print crypt('password','sa');"` username
The -F is only needed if the person executing the script is the current user. Of course you don't need to use Perl to create the hash. You could use openssl or many other commands in its place.
I've tested in my own shell script.
$new_username means newly created user
$new_password means newly password
For CentOS
echo "$new_password" | passwd --stdin "$new_username"
For Debian/Ubuntu
echo "$new_username:$new_password" | chpasswd
For OpenSUSE
echo -e "$new_password\n$new_password" | passwd "$new_username"
Here is a script that will do it for you .....
You can add a list of users (or just one user) if you want, all in one go and each will have a different password. As a bonus you are presented at the end of the script with a list of each users password. .... If you want you can add some user maintenance options
like:
chage -m 18 $user
chage -M 28 $user
to the script that will set the password age and so on.
=======
#!/bin/bash
# Checks if you have the right privileges
if [ "$USER" = "root" ]
then
# CHANGE THIS PARAMETERS FOR A PARTICULAR USE
PERS_HOME="/home/"
PERS_SH="/bin/bash"
# Checks if there is an argument
[ $# -eq 0 ] && { echo >&2 ERROR: You may enter as an argument a text file containing users, one per line. ; exit 1; }
# checks if there a regular file
[ -f "$1" ] || { echo >&2 ERROR: The input file does not exists. ; exit 1; }
TMPIN=$(mktemp)
# Remove blank lines and delete duplicates
sed '/^$/d' "$1"| sort -g | uniq > "$TMPIN"
NOW=$(date +"%Y-%m-%d-%X")
LOGFILE="AMU-log-$NOW.log"
for user in $(more "$TMPIN"); do
# Checks if the user already exists.
cut -d: -f1 /etc/passwd | grep "$user" > /dev/null
OUT=$?
if [ $OUT -eq 0 ];then
echo >&2 "ERROR: User account: \"$user\" already exists."
echo >&2 "ERROR: User account: \"$user\" already exists." >> "$LOGFILE"
else
# Create a new user
/usr/sbin/useradd -d "$PERS_HOME""$user" -s "$PERS_SH" -m "$user"
# passwdgen must be installed
pass=$(passwdgen -paq --length 8)
echo $pass | passwd --stdin $user
# save user and password in a file
echo -e $user"\t"$pass >> "$LOGFILE"
echo "The user \"$user\" has been created and has the password: $pass"
fi
done
rm -f "$TMPIN"
exit 0
else
echo >&2 "ERROR: You must be a root user to execute this script."
exit 1
fi
===========
Hope this helps.
Cheers,
Carel
The solution that works on both Debian and Red Hat. Depends on perl, uses sha-512 hashes:
cat userpassadd
#!/usr/bin/env bash
salt=$(cat /dev/urandom | tr -dc A-Za-z0-9/_- | head -c16)
useradd -p $(perl -e "print crypt('$2', '\$6\$' . '$salt' . '\$')") $1
Usage:
userpassadd jim jimslongpassword
It can effectively be used as a one-liner, but you'll have to specify the password, salt and username at the right places yourself:
useradd -p $(perl -e "print crypt('pass', '\$6\$$salt\$')") username
From IBM (https://www.ibm.com/support/knowledgecenter/ssw_aix_61/com.ibm.aix.cmds1/chpasswd.htm):
Create a text file, say text.txt and populate it with user:password pairs as follows:
user1:password1
user2:password2
...
usern:passwordn
Save the text.txt file, and run
cat text.txt | chpassword
That's it. The solution is (a) scalable and (b) does not involve printing passwords on the command line.
Tralemonkey's solution almost worked for me as well ... but not quite. I ended up doing it this way:
echo -n '$##password##$' | passwd myusername --stdin
2 key details his solution didn't include, the -n keeps echo from adding a \n to the password that is getting encrypted, and the single quotes protect the contents from being interpreted by the shell (bash) in my case.
BTW I ran this command as root on a CentOS 5.6 system in case anyone is wondering.
{ echo $password; echo $password; } | passwd $username
For RedHat / CentOS here's the code that creates a user, adds the passwords and makes the user a sudoer:
#!/bin/sh
echo -n "Enter username: "
read uname
echo -n "Enter password: "
read -s passwd
adduser "$uname"
echo $uname:$passwd | sudo chpasswd
gpasswd wheel -a $uname
usage: ./my_add_user.sh USER PASSWD
code:
#!/bin/bash
# my_add_user.sh
if [ "$#" -lt 2 ]
then
echo "$0 username passwd"
exit
fi
user=$1
passwd=$2
useradd $user -d /data/home/$user -m ;
echo $passwd | passwd $user --stdin;
Kindly run below script with sudo permission for creating a user by script.
Note: This script supports all linux OSs like Redhat, Centos, Ubuntu, suse, kali, Arch, Bitname, BSD....etc
#!/bin/bash
#author: bablish jaiswal
#purpos: Linux user creation with a storng password
clear
#echo "Hi, I am a function to create sudo user with strong password. Kindly share following information"
echo -e "\n\n\n"
printf "\e[6;33mHi, I am a function to create sudo user with a strong password. Kindly share following information\e[0m";echo
read -p "user name:- " name #input name
read -p "complete path for $name home directory? example: /home/$name :- " home #user home path
( useradd -m -d $home $name -s /bin/bash ) > /dev/null 2>&1
pass=$(cat /dev/urandom |tr -dc "[[:graph:]]" |head -c16)
(echo -e "$pass\n$pass" | passwd $name ) > /dev/null 2>&1
echo " "
printf "\e[6;33m-----------------------------Copy below credentials-------------------------\e[0m";echo
echo -e "User:- $name\nHomeDir:- $home\npassword:- $pass"
#svalue=$(cat /etc/sudoers |grep -i root |grep -i all|tail -n1 |awk '{$1=""}1')
svalue=$(cat /etc/sudoers |grep -i root |grep -i all|tail -n1 |awk '{print $2}')
echo "${name} ${svalue} NOPASSWD:ALL" >> /etc/sudoers && echo “Remark:- User $name is a sudo user”
I am trying to create a shell script where it uses the root access to install all the dependencies and after completing it, it exits from the root command and continue executing the script as normal user.
This is the test code:
#!/bin/sh
output=$(whoami)
if [ "$(whoami)" != "root" ]
then
su -c "echo \"hi\""
echo $output
//continue doing some installtion
exit
fi
echo $output //this should show the normal username not the root name
#!/bin/sh
su -c 'echo $(whoami)'
echo $(whoami)
When you pass the command with su following with an option -c it runs as root user, so when you want to install any dependencies you can run the following command as shown in above example.
I have a bash script, hostlist file and an expect script:
Below is the bash script to take inputs from hostlist file and keep looping ssh for multiple servers.
for x in $(cat hostlist); do
./sudoscript.exp $x
done
Below is the expect cum bash script I want to tun and collect outputs of sudo su - command. I just need to get outputs as '0 or non zero values in a file for successful run/execution of 'sudo su - '. I just need to simulate the execution and check if the command runs successfully or not with out actually changing user to admin by doing sudo su -.
#!/bin/bash
#!/usr/bin/expect
spawn ssh [lindex $argv 0]
expect "$"
send "sudo su -\r" exit ; echo $server:$? >> output
Can someone please suggest to complete the script above.
What exactly are you trying to do?
Maybe you're trying to see if it is possible to become root without a password? If that's the case, try:
for x in $(cat hostlist); do
echo $x
ssh $x sudo -l |egrep -w 'NOPASSWD:.*(ALL|/su)'
echo
done
sudo -l will list what you can run. It requires your password unless you have one or more commands that do not require your password (ssh won't run interactively when called with a command and without the -t flag. This is intentional since we don't want that).
The egrep command limits the results to just what can be done without a password as well as either ALL commands or else su itself. (Note, this won't find su if it's in an alias.)
I have a shell script as given below.
#!/bin/bash
sudo -u testuser -H sh -c "
mkdir /usr/local/testdir;
if [ $? -eq 0 ];then
echo "Successfull";
else
echo "Unsuccessfull";
fi
"
I have given privileges to user testuser to execute shell script with sudo, but without asking password.For this I add the below line in /etc/sudoers file,
testuser ALL=(ALL) NOPASSWD: ALL
And it works fine that, I could run commands with sudo, but without asking password. But the above shell script always giving out put ass follows,
mkdir: cannot create directory `/usr/local/testdir': Permission denied
Successfull
And it is not creating directory testdir inside /usr/local. Please advice me what modification shall I need to do to work this script fine.
Thanks.
Two problems:
1.) You told:
sudo -u testuser -H ...
what's mean: run the command as testuser, and he doesn't has permissions to write into the /usr/local therefore you getting permission denied.
When you remove the -u testuser, the command will run as root (as default) (without password for the testuser) and will create the directory.
Seems, you simply misunderstand how the sudo and /etc/sudoers works. The -u user mean
-u user' The -u (user) option causes sudo to run the specified command as a user
other than root. To specify a uid instead of a user name, #uid.
When running commands as a uid, many shells require that the '#' be escaped with a
backslash ('\'). Security policies may restrict uids
to those listed in the password database. The sudoers policy allows
uids that are not in the password database as long as the targetpw
option is not set. Other security policies may not support this.
2.) second problem the Successfull message.
You're using double quotes for sh -c. The Variable expansion is done BEFORE the sh -c even starts. So use single quotes, and will get the correct Unsuccessfull message:
sudo -u testuser -H sh -c '
mkdir /usr/local/testdir
if [ $? -eq 0 ];then
echo "Successfull";
else
echo "Unsuccessfull";
fi
'
and use the next as a solution:
sudo -H sh -c '
mkdir /usr/local/testdir
if [ $? -eq 0 ];then
echo "Successfull";
else
echo "Unsuccessfull";
fi
'
Can I change/su user in the middle of a script?
if [ "$user" == "" ]; then
echo "Enter the table name";
read user
fi
gunzip *
chown postgres *
su postgres
dropdb $user
psql -c "create database $user with encoding 'unicode';" -U dbname template1
psql -d $user -f *.sql
You can, but bash won't run the subsequent commands as postgres. Instead, do:
su postgres -c 'dropdb $user'
The -c flag runs a command as the user (see man su).
You can use a here document to embed multiple su commands in your script:
if [ "$user" == "" ]; then
echo "Enter the table name";
read user
fi
gunzip *
chown postgres *
su postgres <<EOSU
dropdb $user
psql -c "create database $user with encoding 'unicode';" -U dbname template1
psql -d $user -f *.sql
EOSU
Not like this. su will invoke a process, which defaults to a shell. On the command line, this shell will be interactive, so you can enter commands. In the context of a script, the shell will end right away (because it has nothing to do).
With
su user -c command
command will be executed as user - if the su succeeds, which is generally only the case with password-less users or when running the script as root.
Use sudo for a better and more fine-grained approach.
Refer to answers in below question,
You can write between << EOF and EOF as mentioned in answers.
#!/bin/bash
whoami
sudo -u someuser bash << EOF
echo "In"
whoami
EOF
echo "Out"
whoami
How do I use su to execute the rest of the bash script as that user?
No you can't. Or atleast... you can su but su will simply open a new shell at that point and when it's done it will continue with the rest of the script.
One way around it is to use su -c 'some command'
Another interesting idea that I heard today is to do a recursive call on the script, when you run as root and you want to run the script as another user. See the example below:
I am running script "my_script" as "root" and want the script to run as user "raamee"
#!/bin/bash
#Script name is: my_script
user=`whoami`
if [ "$user" == "root" ]; then
# As suggested by glenn jackman. Since I don't have anything to run once
# switching the user, I can modify the next line to:
# exec sudo -u raamee my_script and reuse the same process
sudo -u raamee my_script
fi
if [ "$user" == "raamee" ]; then
#put here the commands you want to perform
do_command_1
do_command_2
do_command_3
fi