Setting passwords in a script

Another task that you may find yourself wanting to script is setting the password for a local user. While this is not always good practice from a security standpoint (especially for personal user accounts), it is something that is used for functional accounts (users that correspond to software, such as the Apache user running the httpd processes).

Most of these users do not need a password, but sometimes they do. In this case, we can use pipes with the chpasswd command to set their passwords:

reader@ubuntu:~/scripts/chapter_12$ vim password-setter.sh 
reader@ubuntu:~/scripts/chapter_12$ cat password-setter.sh 
#!/bin/bash

#####################################
# Author: Sebastiaan Tammer
# Version: v1.0.0
# Date: 2018-11-10
# Description: Set a password using chpasswd.
# Usage: ./password-setter.sh
#####################################

NEW_USER_NAME=bob

# Verify this script is run with root privileges.
if [[ $(id -u) -ne 0 ]]; then
  echo "Please run as root or with sudo!"
  exit 1
fi

# We only need exit status, send all output to /dev/null.
id ${NEW_USER_NAME} &> /dev/null

# Check if we need to create the user.
if [[ $? -ne 0 ]]; then
  # User does not exist, create the user.
  useradd -m ${NEW_USER_NAME}
fi

# Set the password for the user.
echo "${NEW_USER_NAME}:password" | chpasswd

Before you run this script, remember that this adds a user to your system with a very simple (bad) password. We updated our input sanitation a bit for this script: we used command substitution to see if the script was running with root privileges. Because id -u returns the numerical ID for the user, which should be 0 in the case of the root user or sudo privileges, we can compare it using -ne 0.

If we run the script and the user does not exist, we create the user before setting the password for that user. This is done by sending a username:password to the stdin of chpasswd, via a pipe. Do note that we used -ne 0 twice, but for very different things: the first time for comparing a user ID, the second time with an exit status.

You can probably think of multiple improvements for this script. For example, it might be good to be able to specify both the username and password instead of these hardcoded dummy values. Also, a sanity check after the chpasswd command is definitely a good idea. In the current iteration, the script does not give any feedback to the user; very bad practice.

See if you can fix these issues, and be sure to remember that any input specified by the user should be checked thoroughly! If you really want a challenge, do this for multiple users in a for loop, by grabbing the input from a file.

An important thing to note is that a process, when running, is visible to any user on the system. This is often not that big a problem, but if you're providing usernames and passwords directly to the script as arguments, those are visible to everyone as well. This is often only for a very short time, but they will be visible nonetheless. Always keep security in mind when dealing with sensitive issues such as passwords.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.226.170.187