i have created 2 sudo users and the users are showing in /etc/sudoers . is there any way to list out all the sudo users in linux .
i tried some commands from google but not worked for me:-
grep '^sudo:.*$' /etc/group | cut -d: -f4
getent group sudo | cut -d: -f4
the user added in /etc/sudoers file is:
kamlesh ALL=(ALL) NOPASSWD: ALL
for usr in $(cut -f 1 -d : /etc/passwd);
do
sudo -l $usr > /dev/null 2&>1 && echo $usr;
done
Extract all the users from /etc/passwd using cut (set field delimiter to ":" with -d and read the first field -f 1) Process each read value into the variable usr using a loop. For each usr, run sudo -l on that user to see if that user can execute any commands with sudo. Redirect stdin and sterr to /dev/null and if the return code is 0, echo the $usr
Related
I need to change the password of "vtm" user to "abcd12345" by using xargs command.
so I wrote this comman
printf "vtm abcd12345 abcd12345" | xargs -t -n1 passwd
but I couldn't change it.
You could use chpasswd command to change password instead.
# 1. find the user id of `vtm`
> sudo grep "vtm" /etc/passwd.
# 2. change password with `chpasswd`
echo 'userid:abcd12345' | chpasswd
Or if you want to change password with echo:
echo -e -n "abcd12345\nabcd12345" | passwd vtm
how do I set a single password for all users in a Linux system? For example, how will I set a password, x, so that it's the password of all users in the system?
I was thinking of a for loop that iterates between each other but then I realised I have no clue on how to go about this.
You could manually change all user accounts in question with the following, it will prompt you for the new password
$ sudo passwd <username>
You could automate this with a script. Or you could use a convoluted command at the command line, which is what I would do. The below example will pull all users from the passwd file, filter out the users that cannot login, and then run a loop to set their password
using cat piped to grep you can get a list of all users and filter out the users with "nologin" or "false" in their config. If you get users that you do not want, change the filter items or add the username to the grep statement to filter them out, separate each filter item with \|
$ cat /etc/passwd | grep -Ev nologin\|false
using awk you can get just the username to print out
$ cat /etc/passwd | grep -Ev nologin\|false | awk '{split($0,a,":");print a[1]}'
running this command in a for loop will let us run a command on each user, to test just echo the username
$ for user in `cat /etc/passwd | grep -Ev nologin\|false | awk '{split($0,a,":");print a[1]}'`; do echo $user; done
the tricky part is passing a password to the passwd command. switch to the root user and then echo the password to the passwd command. Here is an example
$ sudo -i
# (echo 'newpassword'; echo 'newpassword') | passwd <username>
however you do not want the password in your command line history. put the password in a tempfile and then cat it to xargs. As an example, just echo the password using xargs
$ sudo -i
# vi tempfile
enter only one line with the new password
# cat tempfile | xargs -i echo {}
now you'll use xargs to echo to passwd. this is tricky again because you need to run two echo commands correctly, just tell xargs to run the command in a sub shell
$ sudo -i
# cat tempfile | xargs -i /bin/bash -c "(echo '{}'; echo '{}') | sudo passwd <username>"
now add the xargs command in the for loop
$ sudo -i
# for user in `cat /etc/passwd | grep -Ev nologin\|false | awk '{split($0,a,":");print a[1]}'`; do cat tempfile | xargs -i /bin/bash -c "(echo '{}'; echo '{}') | sudo passwd $user"; done
That should be it, let me know if you have questions
I tested this example on ubuntu 20.04 using GNU bash 5.0.17
I have created a useradd script in bash which is running manually(ive to copy script on remote host and run the script).
i want that script to read a host.txt file,where ill mention the ip's on which it must run by login into the remote host
#!/bin/bash
# Unlock the crtical directory for modification
chattr -i /etc/passwd
chattr -i /etc/shadow
chattr -i /etc/group
chattr -i /etc/gshadow
chattr -i /etc/ssh/sshd_config
#Script to Add User
read -p 'Please Enter The Username To Add: ' name
echo "$name" > /tmp/userlist.txt
clear
echo -e "Hello $name\nYour Name Is Added To The List."
userfile=/tmp/userlist.txt
username=$(cat /tmp/userlist.txt | tr 'A-Z' 'a-z')
for user in $username
do
useradd $user -N -s /bin/bash
usermod -aG sudo $user
passwd $user
echo "AllowUsers ${user}" >> /etc/ssh/sshd_config \\Prefix the line with # if username is hard coded
#sed -i 's/tui/tui <hard coded username>/g' /etc/ssh/sshd_config \\remove # if the user is hard coded
#sed -i 's/<hard coded username>.*<hard coded username>/<hard coded username>/g' /etc/ssh/sshd_config \\remove # if the user is hard coded
#sed -i 's/tui/tui <hard coded username>/g' /etc/security/access.conf \\remove # if the user is hard coded
done
echo "=================================="
echo "User $name Have Been Created."
echo "=================================="
tail /etc/passwd | cut -d: -f1
#lock the crtical directory for modification
chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/group
chattr +i /etc/gshadow
chattr +i /etc/ssh/sshd_config
systemctl restart ssh
Lets say you have a file of IP's called ip.txt
while IFS= read -r dest; do
scp useradd.sh "root#$dest:remote/path/"
ssh root#$dest "/bin/bash remote/path/useradd.sh"
done <ip.txt
If root is not available to login (recommended) then substitute with the correct user and than add sudo to the command.
This assumes the login is done via a key file and does not have a password.
If the file is already on the host then skip the scp stage - or you can use xargs like
cat ip.txt | xargs -I{} ssh user#{} sudo remote/path/useradd.sh
Or - I can recommend using ansible.
This script looks for all users that have the string RECHERCHE inside them. I tried running it in sudo and it worked, but then stopped at line 8 (permission denied). Even when removing the sudo from the script, this issue still happens.
#!/bin/bash
#challenge : user search and permission rewriting
echo -n "Enter string to search : "
read RECHERCHE
echo $(cat /etc/passwd | grep "/home" | cut -d: -f5 | grep -i "$RECHERCHE" | sed s/,//g)
echo "Changing permissions"
export RECHERCHE
sudo ./challenge2 $(/etc/passwd) &
The second script then changes permissions of each file belonging to each user that RECHERCHE found, in the background. If you could help me figure out what this isn't doing right, it would be of great service. I
#!/bin/bash
while read line
do
if [-z "$(grep "/home" | cut -d: -f5 | grep -i "$RECHERCHE")" ]
then
user=$(cut -f: -f1)
file=$(find / -user $(user))
if [$(stat -c %a file) >= 700]
then
chmod 700 file 2>> /home/$(user)/challenge.log
fi
if [$(stat -c %a file) < 600]
then
chmod 600 file 2>> /home/$(user)/challenge.log
fi
umask 177 2>> /home/$(user)/challenge.log
fi
done
I have to idea what I'm doing.
the $(...) syntax means command substitution, that is: it will be replaced by the output of the command within the paranthesis.
since /etc/passwd is no command but just a text-file, you cannot execute it.
so if you want to pass the contents of /etc/passwd to your script, you would just call it:
./challenge2 < /etc/passwd
or, if you need special permissions to read the file, something like
sudo cat /etc/passwd | ./challenge2
also in your challenge2 script, you are using $(user) which is wrong as you really only want to expand the user variable: use curly braces for this, like ${user}
/etc/passwd?
not what you were asking, but you probably should not read /etc/passwd directly anyhow.
if you want to get a list of users, use the following command:
$ getent passwd
this will probably give you more users than those stored in /etc/passwd, as your system might use other PAM backends (ldap,...)
I have started writing a small piece of code to print all the list of users available in the linux box. But I want to pass one by one user into my command to display each user details together.
to list all users
root#bt# getent passwd | grep /home/ | cut -d ':' -f 1
root
san
postgres
Now I want to pass one by user in to the below command to display each user details together.
root#bt# chage -l ${user1} ; chage -l ${user2} etcc.
should I need to user for loop or while loop here?
can any one help me in suggesting how to write the same?
You can use the while loop:
getent passwd | grep /home/ | cut -d ':' -f 1 | \
while read user ; do
chage -l "$user"
done
or the for loop:
for user in $(getent passwd | grep /home/ | cut -d ':' -f 1) ; do
chage -l "$user"
done
or xargs:
getent passwd | grep /home/ | cut -d ':' -f 1 | \
xargs -n1 chage -l
I would use xargs, which runs a command on each output item of the previous pipe:
getent passwd | grep /home/ | cut -d ':' -f 1 | sudo xargs -I % sh -c '{ echo "User: %"; chage -l %; echo;}'
sudo is used to get information about all users, if you don't have access to this information then you can remove sudo
-I % is used to specify that % is a placeholder for the input item (in your case a user)
sh -c '{ command1; command2; ...;}' is the command executed by xargs on every % item; in turn, the command sh -c allows multiple shell commands to be executed
'{ echo "User: %"; chage -l %; echo;}' echoes the current user in %, then runs chage -l on this user and finished with a final empty echo to format the ouput