Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Cronjob for root password change.
Top Forums Shell Programming and Scripting Cronjob for root password change. Post 302903795 by Aia on Thursday 29th of May 2014 03:59:58 PM
Old 05-29-2014
Quote:
Originally Posted by nixhead
[...]But my concern is that user while having root access can read the real root password from cron, so is there is a possibility where I can avoid the hard-coding of root password, while still achieving the objective.
Quite often we do not have a saying on the practices and polices of the systems we administrate. Most of the time, the circumstances are far from ideal.

Allow me to subject that you encrypt the password before hand. Even if they get the hash it cannot be reversed to find out what the password is.

chpasswd already allows you to accept the hash instead of the clear text

Use some utility to encrypt the password into a hash that match what you see in the /etc/shadow file.

I use perl

Code:
perl -e 'print crypt("Some_password_I_want","\$6\$random_string\$") . "\n"'

Change "Some_password_I_want" for the real password
Change "random_string" for truly some make-up string of characters, I think if I remember correctly there's a limit as how long.

That will produce an output like:
Quote:
$6$random_string$7XSl45SffAJzLhBeEC7sa8Xn0x6w/yWnYET1P7gDFW1ffivIpYzZ3jbISbTeBE1dJFIBKbW15PGUhRLXmDYQS
blue is the type of hash
red is the salt
green is the encrypted password

Then use it as:
Code:
echo 'root:$6$random_string$7XSl45SffAJzLhBeEC7sa8Xn0x6w/yWnYET1P7gDFW1ffivIpYzZ3jbISbTeBE1dJFIBKbW15PGUhRLXmDYQS.' | chpasswd -e

It is important to use single quotes so the shell doesn't try to interpret all those $ as variables

Now, the password is not shown in the clear
 

9 More Discussions You Might Find Interesting

1. HP-UX

How to change root password on HP UX

Hello, I try to make a change on the root password on HP UX. I use sam but it didn't work here. I try to login as root but I failed however, I login to my name and then change to su and su password then it is o.k There is not much different from root and su but how do we use root? Thanks so... (4 Replies)
Discussion started by: mle06
4 Replies

2. Solaris

change root password

Hi, please advise me what is the simplest way to change root password on Sun Sparc 64 bit with Solaris 9 on it. Thanks in advance. (3 Replies)
Discussion started by: duke0001
3 Replies

3. HP-UX

Change root password?

Hello! I forget the root password and I need to change it. I've read others threads about it in this forum, but it seems it's necessary to modify /etc/passwd file. In my HPUX Systems this passwd file have only "read" permissions ant its owner is the root user, so how can i modify this file, if I... (4 Replies)
Discussion started by: kaugrs
4 Replies

4. HP-UX

How to change ROOT password.

Hi, we have a HP-UX server of model 9000/800/rp4440. We have been trying to reset the root password but are in vain.I used the following command and also are the outputs which i have received. # passwd Changing password for root New password: Re-enter new password: Unexpected failure.... (3 Replies)
Discussion started by: angelofhell
3 Replies

5. Solaris

Root Password change

Hi All, I would like to find out when the root password changed last time..! :p Please guys help me Out (2 Replies)
Discussion started by: bullz26
2 Replies

6. Shell Programming and Scripting

how to change root password using shell script with standard password

Hi Friends. I am new to scripting now i want to change the root password using the script with standard password. which is the easy scripting to learn for the beginner, Thanks in advance. (2 Replies)
Discussion started by: kurva
2 Replies

7. Solaris

Solaris 8 - Asks for current root password when trying to change root password.

Hello All, I have several solaris boxes running Solaris 8. When changing root passwords on them, all will simply ask for the new root password to change and of course to re-type the new password. One of the systems however asks for the existing root password before it will display the new password... (8 Replies)
Discussion started by: tferrazz
8 Replies

8. Ubuntu

Root access that can't change root password?

We are having a little problem on a server. We want that some users should be able to do e.g. sudo and become root, but with the restriction that the user can't change root password. That is, a guarantee that we still can login to that server and become root no matter of what the other users will... (2 Replies)
Discussion started by: 244an
2 Replies

9. UNIX for Beginners Questions & Answers

Can a root role change the root password in Solaris 10?

i do not have root on a solairs 10 server , however i do have the root role, i was wondering if I can change the root password as a a role with the passwd command? I have not tried yet. and do i have to use the # chgkey -p afterwards? i need to patch is why i am asking. thanks (1 Reply)
Discussion started by: goya
1 Replies

LEARN ABOUT CENTOS

mkpasswd

MKPASSWD(1)						      General Commands Manual						       MKPASSWD(1)

NAME

       mkpasswd - generate new password, optionally apply it to a user

SYNOPSIS

       mkpasswd [ args ] [ user ]

INTRODUCTION

       mkpasswd generates passwords and can apply them automatically to users.	mkpasswd is based on the code from Chapter 23 of the O'Reilly book
       "Exploring Expect".

USAGE

       With no arguments, mkpasswd returns a new password.

	    mkpasswd

       With a user name, mkpasswd assigns a new password to the user.

	    mkpasswd don

       The passwords are randomly generated according to the flags below.

FLAGS

       The -l flag defines the length of the password.	The default is 9.  The following example creates a 20 character password.

	    mkpasswd -l 20

       The -d flag defines the minimum number of digits that must be in the password.  The default is 2.  The following example creates a password
       with at least 3 digits.

	    mkpasswd -d 3

       The -c flag defines the minimum number of lowercase alphabetic characters that must be in the password.	The default is 2.

       The -C flag defines the minimum number of uppercase alphabetic characters that must be in the password.	The default is 2.

       The -s flag defines the minimum number of special characters that must be in the password.  The default is 1.

       The -p flag names a program to set the password.  By default, /etc/yppasswd is used if present, otherwise /bin/passwd is used.

       The  -2 flag causes characters to be chosen so that they alternate between right and left hands (qwerty-style), making it harder for anyone
       watching passwords being entered.  This can also make it easier for a password-guessing program.

       The -v flag causes the password-setting interaction to be visible.  By default, it is suppressed.

EXAMPLE

       The following example creates a 15-character password that contains at least 3 digits and 5 uppercase characters.

	    mkpasswd -l 15 -d 3 -C 5

SEE ALSO

       "Exploring Expect: A Tcl-Based Toolkit for Automating Interactive Programs" by Don Libes, O'Reilly and Associates, January 1995.

AUTHOR

       Don Libes, National Institute of Standards and Technology

       mkpasswd is in the public domain.  NIST and I would appreciate credit if this program or parts of it are used.

								  22 August 1994						       MKPASSWD(1)
All times are GMT -4. The time now is 12:45 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy