So I would like to make a script that create users from users.txt running
useradd -m -s /bin/false users_in_the_users.txt
and fill the password from passwords.txt twice (to confirm the passwords)
This is the script
#!/bin/bash
# Assign file descriptors to users and passwords files
exec 3< users.txt
exec 4< passwords.txt
exec 5< passwords.txt
# Read user and password
while read iuser <&3 && read ipasswd <&4 ; do
# Just print this for debugging
printf "\tCreating user: %s with password: %s\n" $iuser $ipasswd
# Create the user with adduser (you can add whichever option you like)
useradd -m -s /bin/false $iuser
# Assign the password to the user, passwd must read it from stdin
passwd $iuser
done
The problem is, it does not fill the passwords. And 1 more thing, I want the script to fill the passwords twice.
Any suggestions?
You have to supply the password on stdin. Replace:
passwd $iuser
with:
passwd "$iuser" <<<"$ipasswd
$ipasswd"
or, as suggested by mklement0:
passwd "$iuser" <<<"$ipasswd"$'\n'"$ipasswd"
The incantation <<< creates a here-string. The string that follows the <<< is provided as standard in to the command which precedes the <<<. In this case we provide the two copies of the password that the passwd command wants.
(The script reads these passwords from a plain text file. I will assume that your situation is some special case for which this is not as dangerous as it normally would be.)
John1024's answer is the correct one - his warning about reading passwords from plain-text files bears repeating.
Let me show the solution in context, without the file-descriptor acrobatics (exec 3<, ...):
#!/bin/bash
# NOTE: Be sure to run this script with `sudo`.
# Read user and password
while read iuser ipasswd; do
# Just print this for debugging.
printf "\tCreating user: %s with password: %s\n" $iuser $ipasswd
# Create the user with adduser (you can add whichever option you like).
useradd -m -s /bin/false $iuser
# Assign the password to the user.
# Password is passed via stdin, *twice* (for confirmation).
passwd $iuser <<< "$ipasswd"$'\n'"$ipasswd"
done < <(paste users.txt passwords.txt)
paste users.txt passwords.txt reads corresponding lines from the two files and puts them on a single line, separated with \t.
The result is piped to stdin via a process substitution (<(...)).
This allows read to read from a single source.
$\n is an ANSI C-quoted string that produces a (literal) newline.
#! /bin/bash
for i in {1..100}
do
`sudo mkdir -p /root/Desktop/userm$i`
`sudo useradd -m -d /root/Desktop/userm$i -s /bin/bash userm$i`
echo "userm$i:userm$i" | chpasswd
done
this will create 100 users. user name will be (userm1-userm100). home directory will be /root/Desktop/(userm1-user100)
password will be (userm1-userm100)
Instead of using this line:
useradd -m -s /bin/false $iuser
Try this one:
useradd -m -s /bin/false -p $ipasswd $iuser
You don't actually need this:
passwd $iuser <<< "$ipasswd"$'\n'"$ipasswd"
Kindly run the below script.
#!/bin/bash
#purpose: bash script to create multiple users with pre-defined passwords at once.
#Read_Me: The import file should be in two columns, first users name and second passwords.
#author: Bablish Jaiswal
#contact: linux.cnf#gmail.com
read -p "Kindly import/type Users Name-password file with location:- " creation_info
cat $creation_info |while read i p
do
( useradd $i && echo -e "${p}\n${p}" | passwd $i ) > /dev/null 2>&1 && echo $user ${i} created and password is ${p} || echo ${i} failed
done
Related
I have to write a useradd script which adds a new user and sets for him a home directory.
#!/bin/bash
echo "Name:"
read name
echo "Password:"
read password
echo "Group:"
read group
useradd -m -G $group -s /bin/bash -p $password $name
Everything works as intended but I have problems with the password in the following line -
useradd -m -G $group -s /bin/bash -p $password $name
It does not work so I need to use later in terminal passwd command.
How can I rebuild my script so I won't need to use passwd to setup password correctly? I have read that you can use stdin but I was not able to do this correctly.
If you prefer to pipe the user's password from STDIN, use chpasswd utility which is quick and simple.
as suggested by #Ardit.
This script should work for your purpose, assuming you meet the following conditions-
You are interacting as the root user
You have an existing group created for the purpose of your new user
#!/bin/bash
echo "Name:"
read name
echo "Password:"
read password
echo "Group:" # group must exist
read group
# add new user, set group, create new home directory
useradd -G $group -m $name
# update new user password by piping from STDIN
echo ""$name":"$password"" | chpasswd
# change the default user shell to bash
chsh -s /bin/bash $name
First we execute useradd command to create the new user and assign it to an existing group.
Then we pipe the name and password into chpasswd. If you're wondering why wrap those variable expansions with double quotes, check this answer out .
Finally chsh utility is used to update the user shell.
Why not execute everything in a single statement?
I prefer subdividing a problem into smaller tasks for easier understanding.
I'm trying to interpret this block of code. Searched google to see what these commands mean and no luck. I put my interpretation of what each line/block means to me. If I am wrong, please correct me. I am new to unix commands. Code:
#!/bin/bash
# input 1st command line argument for the version.
export VERSION=$1
# if user didn't input a version, print the echo message and exit (not sure what -n means but I am assuming)
if [[ ! -n "$VERSION" ]]; then
echo "Missing Version"
exit 1
fi
# creating variable UNAME that tells who the person is (their name)
export UNAME='whoami'
# no idea what -s and -p mean but i think this prints the message "enter password for $UNAME" and stores it in a new variable named PASSWORD. the $UNAME will print whatever whoami said.
read -s -p "Enter password for $UNAME: " PASSWORD
echo ""
The -p flag issues a prompt before reading input into a variable
The -s flag stop the typed response from being shown (i.e. for a sensitive password)
More information is available here:
https://linuxhint.com/bash_read_command/
-p
prompt output the string PROMPT without a trailing newline before
attempting to read.
-s
do not echo input coming from a terminal.
I'm trying to make the following script in Ubuntu 11.
I'm a novice in this ... The script should receive parameters.
What I intend is, as a test, create two users, move a series of files, and assign a password by default, which will be the same login, and force change it once you log in.
I would like it to be encrypted, but I do not know how to pass that encrypted password to a command, for example to usermod -p, or assign a variable with the output of the command.
Since I do not get it, another option is to assign it with passwd using EOF so that it is not done interactively. So I use it in the way I indicated it, but I do not know how it is done that does not set the password I want.
Somebody can help me? Thank you very much
#!/bin/bash
usuario=`whoami`
if [ $usuario != "root" ]; then
echo El script tiene que ejecutarse con usuario root
exit 1
fi
if [ $# -lt 3 ]; then
echo NĂºmero de parĂ¡metros insuficiente
exit 2
fi
groupadd "$3"
useradd -m -g "$3" $1
useradd -m -G "$3" $2
echo " Usuarios y grupo creados "
cp /var/backups/* /home/"$1"
echo " Copia de backups realizada "
mv /home/"$1"/*bak /home/"$2"
passwd -e $1 && passwd $2<<EOF
$1
$1
$2
$2
EOF
#clave1=`openssl passwd -crypt "$1"`
#clave2=`openssl passwd -crypt "$2"`
#usermod -p clave1 $1
#usermod -p clave2 $2
#openssl passwd -crypt "$2" | usermod -p "$2" $2
The last 5 lines, are comments, rather attempts to create an encrypted key
Your best bet to pass the encrypted password to useradd.
You can get an encrypted password using the chpasswd command.
echo ":plaintextpassword" | chpasswd -S
The : is required as it separated a balnk user from the new password in the input to chpasswd.
Then everything after the : in the output that can be stored in the script and passed to useradd:
pwd='encryptedpasswd'
useradd -m -p "${pwd}" "${user}"
I am using below code to ssh to different nodes and find if an user exists or not. If the user doesn't exist it will create it.
The script works fine if I don't do ssh but it fails if I do ssh.
How can I go through different nodes using this script?
for node in `nodes.txt`
usr=root
ssh $usr#$node
do
if [ $(id -u) -eq 0 ]; then
read -p "Enter username : " username
read -s -p "Enter password : " password
egrep "^$username" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
echo "$username exists!"
exit 1
else
pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
useradd -m -p $pass $username
[ $? -eq 0 ] && echo "User has been added to system!" || echo "F
ailed to add a user!"
fi
else
echo "Only root may add a user to the system"
exit 2
fi
done
Your script has grave syntax errors. I guess the for loop at the beginning is what you attempted to add but you totally broke the script in the process.
The syntax for looping over lines in a file is
while read -r line; do
.... # loop over "$line"
done <nodes.txt
(or marginally for line in $(cat nodes.txt); do ... but this has multiple issues; see http://mywiki.wooledge.org/DontReadLinesWithFor for details).
If the intent is to actually run the remainder of the script in the ssh you need to pass it to the ssh command. Something like this:
while read -r node; do
read -p "Enter user name: " username
read -p -s "Enter password: "
ssh root#"$node" "
# Note addition of -q option and trailing :
egrep -q '^$username:' /etc/passwd ||
useradd -m -p \"\$(perl -e 'print crypt(\$ARGV[0], \"password\")' \"$password\")" '$username'" </dev/null
done <nodes.txt
Granted, the command you pass to ssh can be arbitrarily complex, but you will want to avoid doing interactive I/O inside a root-privileged remote script, and generally make sure the remote command is as quiet and robust as possible.
The anti-pattern command; if [ $? -eq 0 ]; then ... is clumsy but very common. The purpose of if is to run a command and examine its result code, so this is better and more idiomatically written if command; then ... (which can be even more succinctly written command && ... or ! command || ... if you only need the then or the else part, respectively, of the full long-hand if/then/else structure).
Maybe you should only do the remote tasks via ssh. All the rest runs local.
ssh $user#$node egrep "^$username" /etc/passwd >/dev/null
and
ssh $user#$node useradd -m -p $pass $username
It might also be better to ask for username and password outside of the loop if you want to create the same user on all nodes.
As part of trying to implement a security measure in my root ssh session, I'm trying to devise a method of starting a script after n seconds of root user login, and change the user password and logout the user automatically.
I'm getting stuck at trying to change the password silently. I have the following code:
echo -e "new\nnew" | passwd -q
This instead of changing the password "quietly" as mentioned in man pages, outputs this:
~/php-pastebin-v3 #echo -e "new\nnew" | passwd -q
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
which doesnt help much.
I tried to pipe stdout and stderr, however I think I have misunderstood piping.
~/php-pastebin-v3 #echo -e "new\nnew" | passwd -q > /dev/null
Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
~/php-pastebin-v3 #echo -e "new\nnew" | passwd -q /dev/null 2>&1
passwd: user '/dev/null' does not exist
What's the correct method to change the password via a script, quietly?
If you want to redirect both stdout and sterr:
echo "..." | passwd &> /dev/null
which is the equivalent of
echo "..." | passwd > /dev/null 2>&1
which means "redirect stdout to /dev/null and then redirect (duplicate) stderr to stdout". This way you redirect both stdout and stderr to null ... but it might not be enough (it will be in this case I believe). But theoretically the program might write directly to terminal. For example this script
$ cat test.sh
echo stdout
echo stderr 1 1>&2
echo stderr 2 >/dev/stderr
echo stderr 3 >/dev/fd/2
echo bad luck > /dev/tty
$ ./test.sh &> /dev/null
bad luck
To get rid even of this output you must force the program to run in pseudo terminal, for example http://empty.sourceforge.net/ . But that is just a side note &> /dev/null will work fine.
You can also do it that way:
mkpasswd
# Password:blah
# BVR2Pnr3ro5B2
echo "user:BVR2Pnr3ro5B2" | chpasswd -e
so the password is already encrypted in the script.
This worked for me
echo "passssssword" | passwd root --stdin > /dev/null
Notice: --stdin works for root user only