Visit Our UNIX and Linux User Community


Changing Passwords with a script.


 
Thread Tools Search this Thread
Operating Systems Solaris Changing Passwords with a script.
# 1  
Old 10-19-2011
Changing Passwords with a script.

We are real strict when it comes to passwords. Every 60 days the admins have to change passwords on all of the accounts. And there is pretty strict enforcement of the type of passwords chosen. This is a tedious and monotonous job. Ww don't use NIS or LDAP, so this has to be done on each machine. So we log into each machine and change each account. Not all accounts are on all machines. What I want to do it make a master shadow password file, find the user in it, take the line out, and replace the corresponding line taken from my generated master file.

Here is a line that does what I want:
sed 's/ramosg:MWmv2eaET4N3E:15266:7:60::::/ramosg:h8YU4ImoLFM.g:15248:7:60::::/g' shadow > shadow.changed1

The above should be one line. Here is what I tried in a script:

test1=$(grep $lognam shadow);
test2=$(grep $lognam shadow.changed);


sed 's/$test1/$test2/g' shadow > shadow.modified;

$lognam is the first field of shadow. Is that the right syntax for the sed command? It works when I issue the sed at the command line, but not in the script. Thanks.
# 2  
Old 10-19-2011
Quote:
Originally Posted by brownwrap
test1=$(grep $lognam shadow);
test2=$(grep $lognam shadow.changed);

sed 's/$test1/$test2/g' shadow > shadow.modified;

$lognam is the first field of shadow. Is that the right syntax for the sed command? It works when I issue the sed at the command line, but not in the script. Thanks.
If you truly have single qoutes round your sed prgramme, then your problem is that $test1 and $test2 are not getting expanded. Unsure how you got it to work from the command line as it should have had the same issue when issued manually. Since you have nothing in the quotes that requires single quotes, you should be able to replace them with double quotes:
Code:
sed "s/$test1/$test2/g" shadow > shadow.modified;

If that doesn't work, try echoing the command to verify that your variables are as you expect:
Code:
echo sed "s/$test1/$test2/g" shadow

This User Gave Thanks to agama For This Post:
# 3  
Old 10-20-2011
That's fixed it.

Thank you. That fixed it. I'm getting another error regarding 'garbled' output, but that one can wait. Thanks again.
# 4  
Old 10-21-2011
OK, the double quotes fixed the major problem, but sed pukes on some of the passwd lines. If the shadow passwd entry happens to include a certain character, it doesn't like it. Example:

Works:
sed "s/olthoft:whzxrwpleb5Xs:15251:7:63::::/olthoft:eAoSnqwC2kURE:15251:7:60::::/g" shadow

Doesn't work:

[root@appoc9 ~]# sed "s/winslows:bwAO.qzcx.DsY:15251:7:56::::/winslows:CU/9jp.EGy.oM:15252::60::::/g" shadow
sed: command garbled: s/winslows:bwAO.qzcx.DsY:15251:7:56::::/winslows:CU/9jp.EGy.oM:15252::60::::/g
[root@appoc9 ~]#

[root@appoc9 ~]# sed "s/smithk:5Q8DTqy4S.F/o:15231:7:56::::/smithk:*LK*XF06htZfx4tfc:15251::60::::/g" shadow
sed: command garbled: s/smithk:5Q8DTqy4S.F/o:15231:7:56::::/smithk:*LK*XF06htZfx4tfc:15251::60::::/g
[root@appoc9 ~]#


The only thing I see common in both is a '/', but I won't know what is in the string.
# 5  
Old 10-21-2011
You've hit the nail on the head. The slant in the original pattern is causing your grief. The format of the sed substitute command is:

s<delim>pattern<delim>replacement<delim>

The delim character can be anything, but it cannot occur in the pattern. By having a pattern with a slant, you're "marking" the end of the pattern early, and then you're tossing in extra information that sed is complaining about.

Assuming that you're using Kshell or bash, then something like this would work:

Code:
test1=$(grep $lognam shadow);
test2=$(grep $lognam shadow.changed);
sed "s/${test1//\//\\/}/${test2//\//\\/}/" > shadow.modified;

The shell magic converts all forward slants in test1 and test2 into "\/" combinations which escape the slant when sed reads the string. It should now be fine. And if there aren't any slants, then the string is not affected.

---------- Post updated at 20:29 ---------- Previous update was at 20:03 ----------

It just occurred to me that you might need to escape other characters on the pattern side. Specifically the dot (.) and splat (*) need to be escaped. These additional lines should do the trick.

Code:
test1=$(grep $lognam shadow);
test2=$(grep $lognam shadow.changed);
test1="${test1//./\\.}"
test1="${test1//\*/\\*}"
sed "s/${test1//\//\\/}/${test2//\//\\/}/" > shadow.modified;

This User Gave Thanks to agama For This Post:
# 6  
Old 10-21-2011
OK, Thank You

I won't be able to try it until tomorrow. Thanks again.

Previous Thread | Next Thread
Test Your Knowledge in Computers #701
Difficulty: Easy
MySQL NOT LIKE is a sardonic DB operator used to exclude those rows which are not liked by Oracle Corporation executives.
True or False?

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

2. Shell Programming and Scripting

script for changing passwords

Hello, We are running aix 5.3. We're looking for a script that can change passwords, taking 2 arguments ( old password, new password ). I am wondering if this can be done with a here document, or some generic scripting method. Or, if I would have to download expect. Alternatively I wonder... (3 Replies)
Discussion started by: fwellers
3 Replies

3. UNIX for Advanced & Expert Users

Monitoring the changing of passwords

What is the best way to monitor who changes passwords, or what passwords get changed? Is there a way to send that over to Syslog? An example would be someone logs in as themselves, changes to root (which I capture by loging auth and auth.info) and then changes a password. Do I need to put an... (1 Reply)
Discussion started by: AW12
1 Replies

4. Shell Programming and Scripting

idea for script - cheking passwords

Hi All, I am looking for scripts where i need check normal user password and root password for more 100 servers from single server...! let me explin it what exacltly i need...! i need to do password audit for more than 600 boxes... :o for one normal user and root password also...... (5 Replies)
Discussion started by: bullz26
5 Replies

5. Shell Programming and Scripting

changing passwords remotely on sun boxes

now, for reasons i really cant begin to delve into, i have to find a way to be able to rmeotely create user accounts and also assign them passwords. unfortunately, it appears Sun boxes frowns upon this. sun boxes will let u create a user account remotely but will never let u assign the useraccount... (0 Replies)
Discussion started by: Terrible
0 Replies

6. Shell Programming and Scripting

Perl script - changing passwords

Just wanted options of this - first 'real' Perl script and I'm not positive of all the quirks in Perl. Any suggestions are welcome. Especially since I'm messing with /etc/shadow! Running Solaris 2.6, Perl 5.005.03 #!/u/bin/perl # # Change the user's old password to the new in /etc/shadow ... (3 Replies)
Discussion started by: thehoghunter
3 Replies

7. UNIX for Advanced & Expert Users

Changing Users Passwords Via Script?

I am the administrator for a large network of HP/UX servers, about 100, this will be growing to over 200 in the next 18 months, part of my duties are to change the root passwords on these machines once month... which is a pain. I have written a script that will generate random passwords for me and... (3 Replies)
Discussion started by: PJolliffe
3 Replies

8. UNIX for Dummies Questions & Answers

passwords changing

Hello everyone let me start off by saying happy new year to all I am new to this board. I am running a multipurpose server (web/ftp/email) it runs apache 1.3.20 i think it is and Qmail would I would like to do is find/create a script that will allow my users to change there unix password... (1 Reply)
Discussion started by: viperws
1 Replies

Featured Tech Videos