06-18-2010
Keeping a password in a file is usually avoided for security reasons... Keeping it in a zip merely adds one more step any passerby needs to do to see your passwords.
That said, password inputs are generally special. They don't read from stdin, really, they go straight to the TTY and refuse to use anything not a TTY. (This is by design: It's a security feature to prevent the use of stored passwords.) expect brute-forces the login by creating a convincing virtual terminal for it to talk to; without something like expect, you're stuck with account management.
Which could still be used reasonably securely, I think. Create a special account that can be logged into via SSH with a pre-shared key; nobody without this key will be able to login to this account. Then configure sudo to allow this account to run your script as a different user passwordlessly.
Last edited by Corona688; 06-18-2010 at 04:04 PM..
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi,
I was hoping someone would be able to help me out. I've got a Python script that I need to run 60 times concurrently (with the number added as an argument each time) via nightly cron. I figured that this would work:
30 1 * * * for i in $(seq 0 59); do $i \&; done
However, it seems to... (4 Replies)
Discussion started by: ckhowe
4 Replies
2. Shell Programming and Scripting
Okay, not sure if it can be done, I would think it could be done and I'm just having a hard time with it.
fun_close_wait(){
ipVar="${1} ${2}"
portVar=`cat "${5}" | cut -d' ' -f 1`
for ip in $ipVar
do
for port in $portVar
do
netstatVar=`netstat -n | grep... (4 Replies)
Discussion started by: cbo0485
4 Replies
3. Shell Programming and Scripting
Hi all,
I have a requirement in which a script invokes a Java program.
Lets say script ABC invokes a java program with cfg file a parameter.
This script takes 10 minutes to execute .
Like this ineed to run the program 10 times meaning 100 minutes if i do it sequentially.
If i open... (2 Replies)
Discussion started by: rahman_riyaz
2 Replies
4. Shell Programming and Scripting
Sometimes we need a single instance of a script to run at a time. Meaning, the script itself should detects whether any instances of himself are still running and act accordingly.
When multiple instances of one script running, it’s easy to cause problems. I’ve ever seen that about 350 instances... (4 Replies)
Discussion started by: edenCC
4 Replies
5. Shell Programming and Scripting
Hi,
I have a text file like
Version=abc
Tab=1
URL GOTO=www.abc.com/board=1
some text...
I want to run a loop x no of times and append to the text file above text but
URL GOTO should be www.abc.com/board=2 then 3,4...etc till x.
Kindly help (2 Replies)
Discussion started by: krabu
2 Replies
6. Shell Programming and Scripting
Hi Gurus,
I have one requirment..
I have written a script and it asks a registry passwd while performing some clearcase command. Now we are giving it manually. It's for one time run. We want to perform this for multiple times on multiple files throguh for loop.. means we need to pass the same... (3 Replies)
Discussion started by: raghu.iv85
3 Replies
7. Shell Programming and Scripting
Hi Guys,
Even though, i have called db2 sql file earlier, this is my first time to call a oracle sql file.
I need to make a database(oracle) connection and then call the sql file in a loop.
Can you please help me out.
Thanks for your help and time.
Regards,
Magesh (4 Replies)
Discussion started by: mac4rfree
4 Replies
8. UNIX for Dummies Questions & Answers
hi,
I am copying a file from 1 folder to another in /bin/sh. if the file already exists there, it should get copied as filename1. again if copying next time it shouldget copied as filename2.. , filename3..so on..
The problem is i am able to get uptil filename1.. but how do i know what... (6 Replies)
Discussion started by: blackcat
6 Replies
9. UNIX for Dummies Questions & Answers
Hi Team ,
Is there a way I can check to see if the same file say , test.dat exists multiple times in the directory path ?
Please help.
Thanks
Megha (5 Replies)
Discussion started by: megha2525
5 Replies
10. UNIX for Dummies Questions & Answers
First of all, apologies if this has already been answered elsewhere. I haven't quite been able to find what I'm looking for yet, so hopefully this won't come across as repetition.
I have a file consisting of ~100 nearly identical lines, each of which contains multiple instances of the string I... (11 Replies)
Discussion started by: pseudo.seppuku
11 Replies
SHADOW(5) File Formats and Conversions SHADOW(5)
NAME
shadow - shadowed password file
DESCRIPTION
shadow is a file which contains the password information for the system's accounts and optional aging information.
This file must not be readable by regular users if password security is to be maintained.
Each line of this file contains 9 fields, separated by colons (":"), in the following order:
login name
It must be a valid account name, which exist on the system.
encrypted password
Refer to crypt(3) for details on how this string is interpreted.
If the password field contains some string that is not a valid result of crypt(3), for instance ! or *, the user will not be able to
use a unix password to log in (but the user may log in the system by other means).
This field may be empty, in which case no passwords are required to authenticate as the specified login name. However, some
applications which read the /etc/shadow file may decide not to permit any access at all if the password field is empty.
A password field which starts with an exclamation mark means that the password is locked. The remaining characters on the line
represent the password field before the password was locked.
date of last password change
The date of the last password change, expressed as the number of days since Jan 1, 1970.
The value 0 has a special meaning, which is that the user should change her password the next time she will log in the system.
An empty field means that password aging features are disabled.
minimum password age
The minimum password age is the number of days the user will have to wait before she will be allowed to change her password again.
An empty field and value 0 mean that there are no minimum password age.
maximum password age
The maximum password age is the number of days after which the user will have to change her password.
After this number of days is elapsed, the password may still be valid. The user should be asked to change her password the next time
she will log in.
An empty field means that there are no maximum password age, no password warning period, and no password inactivity period (see below).
If the maximum password age is lower than the minimum password age, the user cannot change her password.
password warning period
The number of days before a password is going to expire (see the maximum password age above) during which the user should be warned.
An empty field and value 0 mean that there are no password warning period.
password inactivity period
The number of days after a password has expired (see the maximum password age above) during which the password should still be accepted
(and the user should update her password during the next login).
After expiration of the password and this expiration period is elapsed, no login is possible using the current user's password. The
user should contact her administrator.
An empty field means that there are no enforcement of an inactivity period.
account expiration date
The date of expiration of the account, expressed as the number of days since Jan 1, 1970.
Note that an account expiration differs from a password expiration. In case of an account expiration, the user shall not be allowed to
login. In case of a password expiration, the user is not allowed to login using her password.
An empty field means that the account will never expire.
The value 0 should not be used as it is interpreted as either an account with no expiration, or as an expiration on Jan 1, 1970.
reserved field
This field is reserved for future use.
FILES
/etc/passwd
User account information.
/etc/shadow
Secure user account information.
/etc/shadow-
Backup file for /etc/shadow.
Note that this file is used by the tools of the shadow toolsuite, but not by all user and password management tools.
SEE ALSO
chage(1), login(1), passwd(1), passwd(5), pwck(8), pwconv(8), pwunconv(8), su(1), sulogin(8).
shadow-utils 4.5 01/25/2018 SHADOW(5)