topic Re: Need to remove bug in Operating System - Linux

Need to remove bug

Salm — Tue, 04 Dec 2007 18:16:55 GMT

Hi every one .
I was try to create one script to set the initial passswd for all users at one server in one go.
I created one file "newusers" put all the users in this file ,those need be set initial passwd as "hello123"
.

I also created one script "userpasswd.sh" Now I'm trying to run this script from my home directory. The script run normally but not implemented .

Here is some out put

SCRIPT

root@XXX $ cat userpasswd
#!/usr/bin/ksh
cd /home/xxx
for i in `cat newusers`;

do

(echo clear; sleep 2;echo "passwd $i";sleep 2;echo "p";sleep 2;echo "hello123";sleep 2;echo "hello123";sleep 2;echo exit)

done

root@xxx$./userpasswd
clear
passwd ABC123
p
hello123
hello123
exit
clear
passwd DEF456
p
hello123
hello123
exit
clear
(output truncated only show you for 2 users )
(change user names as ABC123 and DEF456)

Script runs well as above and after completing when I was trying to log in with the user id and new passwd "hello123" its not worked

Anyone can correct my script ?

Re: Need to remove bug

James R. Ferguson — Tue, 04 Dec 2007 18:29:29 GMT

Hi:

You are not going to be able to set a password interactively by attempting to supply input the the 'passwd' command.

You can created an encrypted password from a plaintext one using 'crypt' in a shell or (better) Perl script and replace the current encrypted password with a new one in the appropriate line (account) of either '/etc/passwd' or '/etc/shadow', however.

Regards!

...JRF...

Re: Need to remove bug

David Bellamy — Tue, 04 Dec 2007 18:30:17 GMT

while are you using echo, echo will just print out what you tell it. Example
echo "passwd $i" will just print out
passwd ABCD. Take out the echo's and then try the script.

Re: Need to remove bug

Robert-Jan Goossens — Tue, 04 Dec 2007 18:33:12 GMT

Hi Salm,

It will be lot easier if you use expect.

Have a look at this thread for an example.

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1148400&admit=109447626+1196792844104+28353475

http://hpux.cs.utah.edu/hppd/hpux/Tcl/expect-5.43/

Regards,
Robert-Jan

Re: Need to remove bug

F Verschuren — Tue, 04 Dec 2007 18:38:41 GMT

step one see what the encripted string is for this passwd see below:
[nlxsms01:root:/]# useradd test
[nlxsms01:root:/]# passwd test
Changing password for test
Last successful password change for test: NEVER
Last unsuccessful password change for test: NEVER

Do you want (choose one letter only):
pronounceable passwords generated for you (g)
a string of letters generated (l) ?
to pick your passwords (p) ?

Enter choice here: p
New password:
Re-enter new password:
Passwd successfully changed
[nlxsms01:root:/]# cat /tcb/files/auth/t/test
test:u_name=test:u_id#121:\
:u_pwd=CdtaJC2yiZ6NY:\
:u_auditid#202:\
:u_auditflag#1:\
:u_succhg#1196792815:u_pwchanger=root:u_suclog#1196792800:u_lock@:\
:chkent:
[nlxsms01:root:/]#
step 2
set the passwd:
ad to the usercreation script:
password=CdtaJC2yiZ6NY
/usr/sam/lbin/usermod.sam -p ${password} ${user}

ore
/usr/sam/lbin/usermod.sam -p CdtaJC2yiZ6NY $user

Re: Need to remove bug

F Verschuren — Tue, 04 Dec 2007 18:44:40 GMT

ps the script that you have written ore expect wil not work on all systems because the passwd comand wants keyboard input...
to set a passwd on hp you have to change the encripted key,
in the past I have used the script below, but the samline seems to be working also fine...

ofcause you need to whange the first 3 lines

PW_USER=username
PW=Xejkfwskfhskkjsd
SUDO=/???/???/sudo

PW_USER_CUT=`echo $PW_USER|cut -c 1`

echo "-----------`uname -n`---`date`--------------------------"
#Check if system is trusted and execute trusted code
$SUDO cp /tcb/files/auth/$PW_USER_CUT/$PW_USER /tcb/files/auth/$PW_USER_CUT/${PW_USER}.old
if [ $? -eq 0 ] ; then
echo "System is trusted --> Changing the /tcb/files/auth/ file"
$SUDO ksh -c "sed -e \"s/:u_pwd=.*:/:u_pwd=${PW}:/\" /tcb/files/auth/$PW_USER_CUT/${PW_USER}.old > /tcb/files/auth/$PW_USER_CUT/$PW_USER"
$SUDO /usr/lbin/modprpw -v $PW_USER
$SUDO /usr/lbin/modprpw -k $PW_USER
$SUDO authck -p
else
echo "System is not trusted --> Changing the /etc/passwd file"

#Execute code for non trusted systems
$SUDO cp /etc/passwd /etc/passwd.old
if [ $? -eq 0 ] ; then
$SUDO ksh -c "awk -F: '{ if(/^$PW_USER/) {sub(/:[^:]*:/, \":${PW}:\" ) ; print \$0 } else print \$0 }' \
/etc/passwd.old >/etc/passwd" && \
for i in /etc/passwd /etc/passwd.old;do
$SUDO chmod 444 $i
$SUDO chown root:sys $i
done
else
echo "ATTENTION: copy of /etc/passwd failed"
fi
fi

Re: Need to remove bug

OldSchool — Tue, 04 Dec 2007 18:50:46 GMT

"expect" works fine...at least on untrusted systems. can't vouch for trusted, but if the passwd commands works, expect will work.

most distributions come w/ "autopasswd" that requires 2 args, the user to change, and the new, unencrypted password.