I have a script that takes windows compatible passwords and uses them to create an account for the user on the computer with that as their system password.
I have run into an issue where if I escape them and pass it to create the account it is taken literally. Single ' and double " quotes are allowed in windows.
Example user enters hello'world
escaped as hello\'world and stored in the database as hello\'world.
user inputs hello'world login.
Computer expects hello\'world as the correct password, user can not login.
Adding code:
echo "somepass" | sudo -S /Applications/Setup\ user.app/Contents/Resources/nugget "Joe User" "juser" "ju$er'Pa$$".345"
Essentially the account for the user is created, another admin account has to be used and the password set from the gui where ju$er'Pa$$".345 is entered and from there the user can login fine.
Does this do what you want? (Obviously you need a safe method to retrieve the password, either from read input or by reading from a file handle or pipe).
neech#nicolaw.uk:~ $ read -r password ; printf '%q\n' "$password"
ju$er'Pa$$".345
ju\$er\'Pa\$\$\".345
neech#nicolaw.uk:~ $
Related
If you run a command in Terminal, say
rsync -avuP [SourcPath] [DestPath]
That command will get logged in, say .bash_history, .zsh_history, .bash_sessions, etc.
So if you make use of something as notoriously insecure as sshpass
say sshpass -P password -p MySecetPassword [Some command requiring std input], that too will be logged.
But what happens when you do the equivalent when spawning a process using Node JS?
passw = functionThatRetrievesPasswordSecurely();
terminalCmd = "sshpass";
terminalArgs = ["-P, "password", "-p", passw, "command", "requiring", "a", "password", "entry"];
spawn = require("child_process").spawn(terminalCmd, terminalArgs);
spawn.stdout.on("data", data => {console.log("stdout, no details"});
spawn.stderr.on("data", data => {console.log("stderr, no details"});
spawn.on("close", data => {console.log("Process complete, no details"});
Are the terminalCmd or terminalArgs logged anywhere?
If so, where?
If not, is this a secure way to make use opf sshpass?
There isn't a node specific history file for execs unless you created one by logging the arguments. There can be lower level OS logging that captures this type of data, like an audit log.
Passing a password on the command line is still considered the least secure way.
Try -f to pass a file or -d for a file descriptor instead (or ssh keys should always be the first port of call)
The man page explains...
The -p option should be considered the least secure of all of sshpass's options. All system users can see the password in the command line with a simple "ps" command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass are encouraged to use one of the other password passing techniques, which are all more secure.
In particular, people writing programs that are meant to communicate the password programatically are encouraged to use an anonymous pipe and pass the pipe's reading end to sshpass using the -d option.
i am using "getent" command to fetch user information in my linux file system.
I have a user with the username "10798" and another user with the username "user" and user ID "10798",i am using getent command to fetch the user info of user with the name "10798"
but the command is not giving any output
I think the command "getent" will only look for the user id number if you give all numeric value as input to the command
here is the scenario
# cat /etc/passwd
10798:x:10799:10799::/home/10798:/bin/bash
user:x:10798:10798::/home/user:/bin/bash
# getent passwd 10798
user:x:10798:10798::/home/user:/bin/bash
how to get the user with the username 10798 using the getent command
passwd When no key is provided, use setpwent(3), getpwent(3),
and endpwent(3) to enumerate the passwd database. When
one or more key arguments are provided, pass each
numeric key to getpwuid(3) and each nonnumeric key to
getpwnam(3) and display the result.
I got this from the linux man page is there a way to redirect numeric keys to getpwnam
ls already performs that lookup. You can perform a user information lookup from the command line with getent passwd.
If ls shows a user ID instead of a user name, it's because there's no user by that name. Filesystems store user IDs, not user names. If you mount a filesystem from another system, or if a file belongs to a now-deleted user, or if you passed a numerical user ID to chown, you can have a file that belongs to a user ID that doesn't have a name.
On a shared host, you may have access to some files that are shared between several virtual machines, each with their user database. This is a bit weird (why share files but not the users that own them?), but it's technically possible.
I am trying to figure out how to make a shell script that will generate new users, a randomly generated password using openssl rand -base64 12, UID, GID, Any description, and the Home directory for the users in chronological order then pipe to new users in a different command with correct syntax.
To make it simple I need to run the script using the standard input from the command newusers for the first user then generate the other 4 users by adding 1 seen below. The output will be something similar to:
user01:generatedpassword:1001:1001:Description:/home/user01:/bin/bash
user02:generatedpassword:1002:1002:Description:/home/user02:/bin/bash
user03:generatedpassword:1003:1003:Description:/home/user03:/bin/bash
user04:generatedpassword:1004:1004:Description:/home/user04:/bin/bash
user05:generatedpassword:1005:1005:Description:/home/user05:/bin/bash
I'm a little confused by what you mean but you should add a variation of the following lines to your script:
useradd usr01
and then
password=`openssl rand -base64 12`
echo $password | passwd --stdin usr01
This will mean you can see the password and it just doesn't assign it to the usr01 without you knowing what it is.
I was just wondering, is it possible to export the raw text password into a file using echo "$password" >> /home/user/Desktop/file name. I know that the password is validated against the shadow file by pam_unix.so. Can the username and password exported before the raw text is being converted?
Of course you can substitute the login(1) command with one of your own and do the thing. You are in an opensource system. You are free to reprogram it. I have done it for fun. You can do also.
What is the best way to check if a root linux password is correct,from a c program.One solution is tu run a command like : echo \"myPass\n"\ | sudo -S mySudoPassword and somehow check stderr to see if contains data.I am looking forward to get an elegant solution
You can validate that a given password is correct for a given username using the shadow file.
See Given a linux username and a password how can I test if it is a valid account? for the mechanics of how this is done. It should be possible to perform the same operations in a C program.