I am trying to figure out how to make a shell script that will generate new users, a randomly generated password using openssl rand -base64 12, UID, GID, Any description, and the Home directory for the users in chronological order then pipe to new users in a different command with correct syntax.
To make it simple I need to run the script using the standard input from the command newusers for the first user then generate the other 4 users by adding 1 seen below. The output will be something similar to:
user01:generatedpassword:1001:1001:Description:/home/user01:/bin/bash
user02:generatedpassword:1002:1002:Description:/home/user02:/bin/bash
user03:generatedpassword:1003:1003:Description:/home/user03:/bin/bash
user04:generatedpassword:1004:1004:Description:/home/user04:/bin/bash
user05:generatedpassword:1005:1005:Description:/home/user05:/bin/bash
I'm a little confused by what you mean but you should add a variation of the following lines to your script:
useradd usr01
and then
password=`openssl rand -base64 12`
echo $password | passwd --stdin usr01
This will mean you can see the password and it just doesn't assign it to the usr01 without you knowing what it is.
Related
If you run a command in Terminal, say
rsync -avuP [SourcPath] [DestPath]
That command will get logged in, say .bash_history, .zsh_history, .bash_sessions, etc.
So if you make use of something as notoriously insecure as sshpass
say sshpass -P password -p MySecetPassword [Some command requiring std input], that too will be logged.
But what happens when you do the equivalent when spawning a process using Node JS?
passw = functionThatRetrievesPasswordSecurely();
terminalCmd = "sshpass";
terminalArgs = ["-P, "password", "-p", passw, "command", "requiring", "a", "password", "entry"];
spawn = require("child_process").spawn(terminalCmd, terminalArgs);
spawn.stdout.on("data", data => {console.log("stdout, no details"});
spawn.stderr.on("data", data => {console.log("stderr, no details"});
spawn.on("close", data => {console.log("Process complete, no details"});
Are the terminalCmd or terminalArgs logged anywhere?
If so, where?
If not, is this a secure way to make use opf sshpass?
There isn't a node specific history file for execs unless you created one by logging the arguments. There can be lower level OS logging that captures this type of data, like an audit log.
Passing a password on the command line is still considered the least secure way.
Try -f to pass a file or -d for a file descriptor instead (or ssh keys should always be the first port of call)
The man page explains...
The -p option should be considered the least secure of all of sshpass's options. All system users can see the password in the command line with a simple "ps" command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass are encouraged to use one of the other password passing techniques, which are all more secure.
In particular, people writing programs that are meant to communicate the password programatically are encouraged to use an anonymous pipe and pass the pipe's reading end to sshpass using the -d option.
I have a script that takes windows compatible passwords and uses them to create an account for the user on the computer with that as their system password.
I have run into an issue where if I escape them and pass it to create the account it is taken literally. Single ' and double " quotes are allowed in windows.
Example user enters hello'world
escaped as hello\'world and stored in the database as hello\'world.
user inputs hello'world login.
Computer expects hello\'world as the correct password, user can not login.
Adding code:
echo "somepass" | sudo -S /Applications/Setup\ user.app/Contents/Resources/nugget "Joe User" "juser" "ju$er'Pa$$".345"
Essentially the account for the user is created, another admin account has to be used and the password set from the gui where ju$er'Pa$$".345 is entered and from there the user can login fine.
Does this do what you want? (Obviously you need a safe method to retrieve the password, either from read input or by reading from a file handle or pipe).
neech#nicolaw.uk:~ $ read -r password ; printf '%q\n' "$password"
ju$er'Pa$$".345
ju\$er\'Pa\$\$\".345
neech#nicolaw.uk:~ $
What is the best way to check if a root linux password is correct,from a c program.One solution is tu run a command like : echo \"myPass\n"\ | sudo -S mySudoPassword and somehow check stderr to see if contains data.I am looking forward to get an elegant solution
You can validate that a given password is correct for a given username using the shadow file.
See Given a linux username and a password how can I test if it is a valid account? for the mechanics of how this is done. It should be possible to perform the same operations in a C program.
I'd like to prepare a simple script for connecting to some VPN network. The password to the network consists of two elements: pretty complicated pass + randomized token. I don't want to remember this password but store it encrypted in some secure directory. Now, the script I need should ask me for a passphrase and some token, read decrypt a pass from a file and run some commands. All those are pretty easy except one thing: is it possible to decrypt a file to a variable instead of file? I mean I'd like to get something like
PASS=`mdecrypt password.nc`
but as far as I know mdecrypt generates a file as a result instead of returning value. I know I could run something like
`mdecrypt password.nc`
PASS=`cat password`
`unlink password`
but is there some easier (one liner) solution?
uset the -F option
-F Force output on standard output or input from stdin if that is a
terminal. By default mcrypt will not output encrypted data to
terminal
I have a script that needs to know what username it is run from.
When I run it from shell, I can easily use $ENV{"USER"}, which is provided by bash.
But apparently - then the same script is run from cron, also via bash - $ENV{"USER"} is not defined.
Of course, I can:
my $username = getpwuid( $< );
But it doesn't look nice - is there any better/nicer way? It doesn't have to be system-independent, as the script is for my personal use, and will be only run on Linux.
Try getting your answer from several places, first one wins:
my $username = $ENV{LOGNAME} || $ENV{USER} || getpwuid($<);
crontab sets $LOGNAME so you can use $ENV{"LOGNAME"}. $LOGNAME is also set in my environment by default (haven't looked where it gets set though) so you might be able to use only $LOGNAME instead of $USER.
Although I agree with hacker, don't know what's wrong about getpwuid.
Does this look prettier?
use English qw( −no_match_vars );
my $username = getpwuid $UID;
Sorry, why doesn't that "look nice"? That's the appropriate system call to use. If you're wanting an external program to invoke (e.g. something you could use from a bash script too), there are the tools /usr/bin/id and /usr/bin/whoami for use.
Apparently much has changed in Perl in recent years, because some of the answers given here do not work for fetching a clean version of "current username" in modern Perl.
For example, getpwuid($<) prints a whole bunch of stuff (as a list in list context, or pasted-together as a string in scalar context), not just the username, so you have to use (getpwuid($<))[0] instead if you want a clean version of the username.
Also, I'm surprised no one mentioned getlogin(), though that doesn't always work. For best chance of actually getting the username, I suggest:
my $username = getlogin() || (getpwuid($<))[0] || $ENV{LOGNAME} || $ENV{USER};