How to add user on linux bash script with out using useradd or similar command.
Also copy the startup script which located in /etc/skel/, and change password for the user which you have been added.
user1=$1
read -p "Enter your home name" home_name
read -p "Enter your login shell" loginshell
echo "$user1:x:500:500:$user1:/home/$home_name:$loginshell" >> /etc/passwd
echo "$user1:x:500:" >> /etc/group
mkdir /home/$home_name
chmod 744 /home/$home_name
cp -pr /etc/skel/.bashrc /home/$home_name
echo "$user1: " >> /etc/shadow
echo "`passwd` $user1"
The error i have got it after execute this script
passwd: Authentication token manipulation error
Please could you advice me if there any mistakes?
You should explain why you want to do that. In my opnion, it is a bad idea. In particular, because it does not handle well all the various kind of systems (for instance, some Linux system use LDAP for user authentification, etc).
And I believe that your line echo "$user1: " >> /etc/shadow is wrong. Look (with sudo) at the content of the /etc/shadow file, and you'll understand that entries inside are more than just a username followed by a colon.
But really, you should use useradd or adduser to do that. You are risking to break your system entirely.
You should replace
echo "`passwd` $user1"
with
passwd $user1
for entering the first password.
But besides this problem you add all new users with the same user-id and group-id. So there are technically no new users but one user with several "aliases". You have to replace the 500 when writing /etc/passwd and /etc/group to fix that.
Another big problem is, that the user's new home directory and the startup script do not belong to him but to root. You may add a chown -R $user1:$user1 /home/$homename somewhere.
you should also have something like echo "$user1: " >> /etc/gshadow for the group that you are creating. Same as what you have done for the user and the shadow file.
Related
I am trying to giving permission to root user generated file but not able to do this. Can anyone help me how to do this?
I tried:
echo -e 'password'> sudo chmod 777 file.txt
Example:
file.txt rw-r--r-- root
Expected result:
file.txt rwxrwxrwx spate233
First of all, I can't see what you're doing by "echo -e 'password'".
The '>' character means "output redirection", that is, bash will redirect the input of the "echo -e password" command to a file named "sudo" in the directory that you're working. The part "777 file.txt" will be appended to that file(i didn't know this, I just tested it in my PC and that's what happened).
Apart from that: if you want to access a root generated file you have to take into account that root generated files have "root" as owner and "root" as owner group.
If the user that you're trying to give permissions is a sudoer, then you can just operate using "sudo", just like you did in the example.
If it is not, and you want your user to have permissions, it would be enough to set permissions for "other" domain. You can try this:
sudo chmod o+rwx file.txt
This adds all permissions (i.e. rwx) to the other users domain.
However, if you want to give 777 permissions to the file, you just use
sudo chmod 777 file.txt
or also, if you want to use a syntax like the previous one
sudo chmod a+rwx file.txt
If it your desire, then you can also change the owner of the file. Doing this can lead to some security problems, so it is avoided if the file you are dealing with is a system file. I think this is not the case, so you can just do:
sudo chown user:group file
Where user and group are substituted with the new owner and the new group of that file.
I am having an issue with my web host changing the permission of one of my configuration files for my website. No matter how many times I change the permissions, they always revert back to writable after a day or so. The web host has been unable to resolve the issue, so I thought I'd try to use a script to ssh into my account and change the permissions daily.
My only problem so far is that it prompts me for my ssh key password in the terminal when I execute the script. How can I get this to work automatically so that I can set it to run daily from my computer without my intervention?
#!/bin/sh
ssh mydomain 'bash -s' << EOF
cd public_html
chmod 400 configuration.php
EOF
Thanks for any advice!
Add your public key to ~/.ssh/authorized_keys on the remote host. The key you are using should not have a password if you want to use it in this way.
Nowadays, this is simply done with the command
ssh-copy-id user#remote_server
I was able to answer my own question after coming across a script on another user's question. I just had to think of a different way of getting the task done. Instead of logging in to my web host via ssh, I just created a script on my web host account and put it in the crontab.
#!/bin/bash
file=configuration.php
if [ -w "$file" ]
then
chmod 400 "$file" && echo "The file permissions have been set to 400." >> log.txt
elif [ ! -w "$file" ]
echo "The file is not writable." >> log.txt
fi
Is there any suitable shell script for shutting down or restarting a Linux machine? I have tried a shell script for shutdown, but when I enter sudo shutdown it will ask for the password. How we can enter the password using the script?
Another, in my opinion cleaner approach:
Create a new file in /etc/sudoers.d/ with content:
%users ALL=NOPASSWD: /sbin/shutdown
%users ALL=NOPASSWD: /sbin/reboot
This causes sudo to not ask for the password, if any user of group "users" tries to execute a shutdown or reboot. Of course you can also specify another group, maybe a newly created group for finer control of reboot permissions.
More information about the other possible settings for sudo can be found in the Manpage.
Yes, use the -S switch which reads the password from STDIN:
$echo <password> | sudo -S <command>
So to shut down the machine, your command would be like this (just replace <password> with your password):
$echo <password> | sudo -S poweroff
Exposing your password is generally bad idea search for something that can protect / hide it. In the past I've used Jenkins plugins to do this while executing the scripts regularly.
if you really want to achieve it, you should write a script containing the shutdown command; make root be its owner, then set the SUID bit with the chmod command and give to it executable permission for everybody. When executed, the owner of the script would become root and no password should be asked.
I am trying to create a bash script that starts with the user executing a sudo -s command.
This is my script:
#!/bin/bash
SSH_USER=testuser
SUDO_PASSWD=secretpassword
FILE=/www/a/logs/service.log
MACHINES=( 'machine1' );
for HOST in ${MACHINES[#]}; do
ssh -t -l "$SSH_USER" "$HOST" "echo '$SUDO_PASSWD' | sudo -Ss chmod 777 $FILE"
done
I feel like this script should not prompt me for the password but it does. I do not want to have to input the password 30 different times. I have tried multiple versions where I hard code the password into the script but I still get prompted to enter in a password. HELP ME PLEASE. I'm VERY new at creating bash scripts and need some serious guidance.
The idea you have there will never work as sudo(1) does not read passwords from standard input unless it's a terminal. Hardcoding passwords into a script is also very bad idea, as pointed out repeatedly in comments.
If you really want to make this happen (I recommend against it), you should do edit /etc/sudoers in your target machine to let you run sudo(1) without it asking a password for things you need to be done without a password. For that you should not let yourself run any chmod command lines without a password, but instead create a script in target machine (for example ยด/usr/local/bin/do-my-promiscuous-chmod`) then tell sudo to let you run just that script without asking a password.
For example adding the following to /etc/sudoers will let user "foo" run /usr/local/sbin/do-unsafe without a password and with root privileges:
foo ALL = (root) NOPASSWD: /usr/local/sbin/do-unsafe
Agree with Sami, no hardcoding password in scripts.
more suggestions.
If the script needn't run as root, and can be run by some other application admin account, such as DBA, you should nominate to that user only to limit the permissions, such as:
foo ALL = (dba) NOPASSWD: /usr/local/sbin/do-unsafe
Secondly, don't give any files with 777 permissions, it is unsafe. Think some others way, such as ACL permission set.
chmod 777 $FILE
I'm writing a UNIX shell function that is going to execute a command that will prompt the user for a password. I want to hard-code the password into the script and provide it to the command. I've tried piping the password into the command like this:
function() {
echo "password" | command
}
This may not work for some commands as the command may flush the input buffer before prompting for the password.
I've also tried redirecting standard input to a file containing the password like this, but that doesn't work either:
function() {
echo "password" > pass.tmp
command < pass.tmp
rm pass.tmp
}
I know that some commands allow for the password to be provided as an argument, but I'd rather go through standard input.
I'm looking for a quick and dirty way of piping a password into a command in bash.
How to use autoexpect to pipe a password into a command:
These steps are illustrated with an Ubuntu 12.10 desktop. The exact commands for your distribution may be slightly different.
This is dangerous because you risk exposing whatever password you use to anyone who can read the autoexpect script file.
DO NOT expose your root password or power user passwords by piping them through expect like this. Root kits WILL find this in an instant and your box is owned.
EXPECT spawns a process, reads text that comes in then sends text predefined in the script file.
Make sure you have expect and autoexpect installed:
sudo apt-get install expect
sudo apt-get install expect-dev
Read up on it:
man expect
man autoexpect
Go to your home directory:
cd /home/el
User el cannot chown a file to root and must enter a password:
touch testfile.txt
sudo chown root:root testfile.txt
[enter password to authorize the changing of the owner]
This is the password entry we want to automate. Restart the terminal to ensure that sudo asks us for the password again. Go to /home/el again and do this:
touch myfile.txt
autoexpect -f my_test_expect.exp sudo chown root:root myfile.txt
[enter password which authorizes the chown to root]
autoexpect done, file is my_test_expect.exp
You have created my_test_expect.exp file. Your super secret password is stored plaintext in this file. This should make you VERY uncomfortable. Mitigate some discomfort by restricting permissions and ownership as much as possible:
sudo chown el my_test_expect.exp //make el the owner.
sudo chmod 700 my_test_expect.exp //make file only readable by el.
You see these sorts of commands at the bottom of my_test_expect.exp:
set timeout -1
spawn sudo chown root:root myfile.txt
match_max 100000
expect -exact "\[sudo\] password for el: "
send -- "YourPasswordStoredInPlaintext\r"
expect eof
You will need to verify that the above expect commands are appropriate. If the autoexpect script is being overly sensitive or not sensitive enough then it will hang. In this case it's acceptable because the expect is waiting for text that will always arrive.
Run the expect script as user el:
expect my_test_expect.exp
spawn sudo chown root:root myfile.txt
[sudo] password for el:
The password contained in my_test_expect.exp was piped into a chown to root by user el. To see if the password was accepted, look at myfile.txt:
ls -l
-rw-r--r-- 1 root root 0 Dec 2 14:48 myfile.txt
It worked because it is root, and el never entered a password. If you expose your root, sudo, or power user password with this script, then acquiring root on your box will be easy. Such is the penalty for a security system that lets everybody in no questions asked.
Take a look at autoexpect (decent tutorial HERE). It's about as quick-and-dirty as you can get without resorting to trickery.
You can use the -S flag to read from std input. Find below an example:
function shutd()
{
echo "mySuperSecurePassword" | sudo -S shutdown -h now
}
Secure commands will not allow this, and rightly so, I'm afraid - it's a security hole you could drive a truck through.
If your command does not allow it using input redirection, or a command-line parameter, or a configuration file, then you're going to have to resort to serious trickery.
Some applications will actually open up /dev/tty to ensure you will have a hard time defeating security. You can get around them by temporarily taking over /dev/tty (creating your own as a pipe, for example) but this requires serious privileges and even it can be defeated.
with read
Here's an example that uses read to get the password and store it in the variable pass. Then, 7z uses the password to create an encrypted archive:
read -s -p "Enter password: " pass && 7z a archive.zip a_file -p"$pass"; unset pass
But be aware that the password can easily be sniffed.
Programs that prompt for passwords usually set the tty into "raw" mode, and read input directly from the tty. If you spawn the subprocess in a pty you can make that work. That is what Expect does...
Simply use :
echo "password" | sudo -S mount -t vfat /dev/sda1 /media/usb/;
if [ $? -eq 0 ]; then
echo -e '[ ok ] Usb key mounted'
else
echo -e '[warn] The USB key is not mounted'
fi
This code is working for me, and its in /etc/init.d/myscriptbash.sh
That's a really insecure idea, but:
Using the passwd command from within a shell script