I made a script to add one same user with one same password to many servers:
#!/bin/bash
password=`cat /root/scripts/password`
for i in `cat /root/scripts/LIST_TEST.txt`
do
printf "Serveur : $i \n"
ssh -tt -o PasswordAuthentication=no $i
adduser newuser
yes `echo $password` | passwd newuser
exit 0
done
Also I'm in root when using this script, it seems that the user is created but the password doesn't get changed, as I cannot login when I try ssh newuser#server.
What is bothering me is that when I manually log into the server as root, and do the command yes `echo $password` | passwd newuser and then logout and try again newuser#server, it works...
The script looks like this now it is a bit clearer but it still doesn't add the right password, I don't know what it gives as a new password...
#!/bin/bash
password=`cat /root/scripts/password`
for i in `cat /root/scripts/LIST_TEST.txt`
do
printf "Serveur : $i \n"
ssh $i 'adduser newuser; yes $password | passwd newuser'
echo $password
done
Try to create a script which will be changing the passwords and execute that in the remote machine like this:
Change your fist script:
#!/bin/bash
password=`cat /root/scripts/password`
for i in `cat /root/scripts/LIST_TEST.txt`
do
printf "Serveur : $i \n"
#Password is passed as $1 to the next script
cat ./paschange.sh $passwd | ssh $i #Command to excecute the script
echo $password
done
And paschange.sh will be:
#!/bin/bash
adduser newuser
yes $1 | passwd newuser #Password is passed as $1
Note that this assumes:
You will create a user named: 'newuser' with the same name in ALL servers
He will have the same password for all servers
You are using the same name to login yourself to all those servers to run the script, which the username you have on the computer you are currently executing this script.
Related
I'm trying to make the following script in Ubuntu 11.
I'm a novice in this ... The script should receive parameters.
What I intend is, as a test, create two users, move a series of files, and assign a password by default, which will be the same login, and force change it once you log in.
I would like it to be encrypted, but I do not know how to pass that encrypted password to a command, for example to usermod -p, or assign a variable with the output of the command.
Since I do not get it, another option is to assign it with passwd using EOF so that it is not done interactively. So I use it in the way I indicated it, but I do not know how it is done that does not set the password I want.
Somebody can help me? Thank you very much
#!/bin/bash
usuario=`whoami`
if [ $usuario != "root" ]; then
echo El script tiene que ejecutarse con usuario root
exit 1
fi
if [ $# -lt 3 ]; then
echo NĂºmero de parĂ¡metros insuficiente
exit 2
fi
groupadd "$3"
useradd -m -g "$3" $1
useradd -m -G "$3" $2
echo " Usuarios y grupo creados "
cp /var/backups/* /home/"$1"
echo " Copia de backups realizada "
mv /home/"$1"/*bak /home/"$2"
passwd -e $1 && passwd $2<<EOF
$1
$1
$2
$2
EOF
#clave1=`openssl passwd -crypt "$1"`
#clave2=`openssl passwd -crypt "$2"`
#usermod -p clave1 $1
#usermod -p clave2 $2
#openssl passwd -crypt "$2" | usermod -p "$2" $2
The last 5 lines, are comments, rather attempts to create an encrypted key
Your best bet to pass the encrypted password to useradd.
You can get an encrypted password using the chpasswd command.
echo ":plaintextpassword" | chpasswd -S
The : is required as it separated a balnk user from the new password in the input to chpasswd.
Then everything after the : in the output that can be stored in the script and passed to useradd:
pwd='encryptedpasswd'
useradd -m -p "${pwd}" "${user}"
I am using below code to ssh to different nodes and find if an user exists or not. If the user doesn't exist it will create it.
The script works fine if I don't do ssh but it fails if I do ssh.
How can I go through different nodes using this script?
for node in `nodes.txt`
usr=root
ssh $usr#$node
do
if [ $(id -u) -eq 0 ]; then
read -p "Enter username : " username
read -s -p "Enter password : " password
egrep "^$username" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
echo "$username exists!"
exit 1
else
pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
useradd -m -p $pass $username
[ $? -eq 0 ] && echo "User has been added to system!" || echo "F
ailed to add a user!"
fi
else
echo "Only root may add a user to the system"
exit 2
fi
done
Your script has grave syntax errors. I guess the for loop at the beginning is what you attempted to add but you totally broke the script in the process.
The syntax for looping over lines in a file is
while read -r line; do
.... # loop over "$line"
done <nodes.txt
(or marginally for line in $(cat nodes.txt); do ... but this has multiple issues; see http://mywiki.wooledge.org/DontReadLinesWithFor for details).
If the intent is to actually run the remainder of the script in the ssh you need to pass it to the ssh command. Something like this:
while read -r node; do
read -p "Enter user name: " username
read -p -s "Enter password: "
ssh root#"$node" "
# Note addition of -q option and trailing :
egrep -q '^$username:' /etc/passwd ||
useradd -m -p \"\$(perl -e 'print crypt(\$ARGV[0], \"password\")' \"$password\")" '$username'" </dev/null
done <nodes.txt
Granted, the command you pass to ssh can be arbitrarily complex, but you will want to avoid doing interactive I/O inside a root-privileged remote script, and generally make sure the remote command is as quiet and robust as possible.
The anti-pattern command; if [ $? -eq 0 ]; then ... is clumsy but very common. The purpose of if is to run a command and examine its result code, so this is better and more idiomatically written if command; then ... (which can be even more succinctly written command && ... or ! command || ... if you only need the then or the else part, respectively, of the full long-hand if/then/else structure).
Maybe you should only do the remote tasks via ssh. All the rest runs local.
ssh $user#$node egrep "^$username" /etc/passwd >/dev/null
and
ssh $user#$node useradd -m -p $pass $username
It might also be better to ask for username and password outside of the loop if you want to create the same user on all nodes.
So I would like to make a script that create users from users.txt running
useradd -m -s /bin/false users_in_the_users.txt
and fill the password from passwords.txt twice (to confirm the passwords)
This is the script
#!/bin/bash
# Assign file descriptors to users and passwords files
exec 3< users.txt
exec 4< passwords.txt
exec 5< passwords.txt
# Read user and password
while read iuser <&3 && read ipasswd <&4 ; do
# Just print this for debugging
printf "\tCreating user: %s with password: %s\n" $iuser $ipasswd
# Create the user with adduser (you can add whichever option you like)
useradd -m -s /bin/false $iuser
# Assign the password to the user, passwd must read it from stdin
passwd $iuser
done
The problem is, it does not fill the passwords. And 1 more thing, I want the script to fill the passwords twice.
Any suggestions?
You have to supply the password on stdin. Replace:
passwd $iuser
with:
passwd "$iuser" <<<"$ipasswd
$ipasswd"
or, as suggested by mklement0:
passwd "$iuser" <<<"$ipasswd"$'\n'"$ipasswd"
The incantation <<< creates a here-string. The string that follows the <<< is provided as standard in to the command which precedes the <<<. In this case we provide the two copies of the password that the passwd command wants.
(The script reads these passwords from a plain text file. I will assume that your situation is some special case for which this is not as dangerous as it normally would be.)
John1024's answer is the correct one - his warning about reading passwords from plain-text files bears repeating.
Let me show the solution in context, without the file-descriptor acrobatics (exec 3<, ...):
#!/bin/bash
# NOTE: Be sure to run this script with `sudo`.
# Read user and password
while read iuser ipasswd; do
# Just print this for debugging.
printf "\tCreating user: %s with password: %s\n" $iuser $ipasswd
# Create the user with adduser (you can add whichever option you like).
useradd -m -s /bin/false $iuser
# Assign the password to the user.
# Password is passed via stdin, *twice* (for confirmation).
passwd $iuser <<< "$ipasswd"$'\n'"$ipasswd"
done < <(paste users.txt passwords.txt)
paste users.txt passwords.txt reads corresponding lines from the two files and puts them on a single line, separated with \t.
The result is piped to stdin via a process substitution (<(...)).
This allows read to read from a single source.
$\n is an ANSI C-quoted string that produces a (literal) newline.
#! /bin/bash
for i in {1..100}
do
`sudo mkdir -p /root/Desktop/userm$i`
`sudo useradd -m -d /root/Desktop/userm$i -s /bin/bash userm$i`
echo "userm$i:userm$i" | chpasswd
done
this will create 100 users. user name will be (userm1-userm100). home directory will be /root/Desktop/(userm1-user100)
password will be (userm1-userm100)
Instead of using this line:
useradd -m -s /bin/false $iuser
Try this one:
useradd -m -s /bin/false -p $ipasswd $iuser
You don't actually need this:
passwd $iuser <<< "$ipasswd"$'\n'"$ipasswd"
Kindly run the below script.
#!/bin/bash
#purpose: bash script to create multiple users with pre-defined passwords at once.
#Read_Me: The import file should be in two columns, first users name and second passwords.
#author: Bablish Jaiswal
#contact: linux.cnf#gmail.com
read -p "Kindly import/type Users Name-password file with location:- " creation_info
cat $creation_info |while read i p
do
( useradd $i && echo -e "${p}\n${p}" | passwd $i ) > /dev/null 2>&1 && echo $user ${i} created and password is ${p} || echo ${i} failed
done
As part of trying to implement a security measure in my root ssh session, I'm trying to devise a method of starting a script after n seconds of root user login, and change the user password and logout the user automatically.
I'm getting stuck at trying to change the password silently. I have the following code:
echo -e "new\nnew" | passwd -q
This instead of changing the password "quietly" as mentioned in man pages, outputs this:
~/php-pastebin-v3 #echo -e "new\nnew" | passwd -q
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
which doesnt help much.
I tried to pipe stdout and stderr, however I think I have misunderstood piping.
~/php-pastebin-v3 #echo -e "new\nnew" | passwd -q > /dev/null
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
~/php-pastebin-v3 #echo -e "new\nnew" | passwd -q /dev/null 2>&1
passwd: user '/dev/null' does not exist
What's the correct method to change the password via a script, quietly?
If you want to redirect both stdout and sterr:
echo "..." | passwd &> /dev/null
which is the equivalent of
echo "..." | passwd > /dev/null 2>&1
which means "redirect stdout to /dev/null and then redirect (duplicate) stderr to stdout". This way you redirect both stdout and stderr to null ... but it might not be enough (it will be in this case I believe). But theoretically the program might write directly to terminal. For example this script
$ cat test.sh
echo stdout
echo stderr 1 1>&2
echo stderr 2 >/dev/stderr
echo stderr 3 >/dev/fd/2
echo bad luck > /dev/tty
$ ./test.sh &> /dev/null
bad luck
To get rid even of this output you must force the program to run in pseudo terminal, for example http://empty.sourceforge.net/ . But that is just a side note &> /dev/null will work fine.
You can also do it that way:
mkpasswd
# Password:blah
# BVR2Pnr3ro5B2
echo "user:BVR2Pnr3ro5B2" | chpasswd -e
so the password is already encrypted in the script.
This worked for me
echo "passssssword" | passwd root --stdin > /dev/null
Notice: --stdin works for root user only
I'm working on a project that needs to determine the username currently logged into a Windows workstation from a Linux client. The Linux client has the IP address / hostname of the workstation, and can potentially access the Active Directory domain controller, but has nothing else.
I understand that the "psloggedon \hostname" utility from Windows would do the job, but I'm looking for a Linux/Unix alternative.
Any suggestions?
This is the script I'm using. It requires Samba, i think at least version 3.x, it only asks for domain admin password once per run, not really secure but its better than hardcoding into the script.
#!/bin/bash
ADMIN_USER='DOMAIN_NAME\Administrator'
DOMAIN_CONTROLLER='hostname.of.domain.controller'
#
die () {
echo >&2 "$#"
exit 1
}
# Die if computer name missing
[ "$#" -eq 1 ] || die "Usage: loggedon <computer>"
COMPUTER=$1
# Store domain admin password in a variable to avoid asking every time.
read -s -p "Please provide domain administrator password: " ADMIN_PASSWORD
echo
# Store all sids logged on $COMPUTER inside an array
# Notice I'm using PASSWD= environement variable to push the admin password
# to net command, this way it won't ask for it.
#
SIDs=(`PASSWD=$ADMIN_PASSWORD /usr/bin/net rpc registry enumerate 'HKEY_USERS' -S $COMPUTER -U $ADMIN_USER | grep _Classes | cut -d '=' -f2 | sed 's/ //g'`)
if [ "${#SIDs[#]}" -gt 0 ]; then
printf "Found %s logged on $COMPUTER\n" "${SIDs[#]}"
echo
# Retrieves CommonName attribute from DC for each SID
for i in "${SIDs[#]}"
do
:
RAW_USER=`PASSWD=$ADMIN_PASSWORD net ads sid -S $DOMAIN_CONTROLLER -U Administrator $i`
#RAW_USER contains all attributes from ldap, we need to clean it first
USER=`echo $RAW_USER | egrep -o 'cn: (.+)sn:' | sed -e 's/sn\://g'`
echo "$USER is logged on $COMPUTER"
done
else
echo Nobody is logged on $COMPUTER
fi