Re: Script input

 
SOLVED
Go to solution
James R. Ferguson
Acclaimed Contributor

Re: Script input

Hi Charles:

> I want to have it prompt me to change password

OK, given that you are running as 'root', doing:

...
passwd ${USER}
...

...will prompt you at your terminal to provide a new password. You could use the 'pwgen' Perl script I offered here to create a random password for your user:

http://forums11.itrc.hp.com/service/forums/questionanswer.do?admit=109447626+1218139023853+28353475&threadId=1231878

Unfortunately, you cannot redirect input into 'passwd'. You need another method if the interactive approach doesn't suit you, and this begins to get ugly soon.

Regards!

...JRF...

Charles Keyser
Frequent Advisor

Re: Script input

This was great. I changed the line, looks like this is going to work. I was able to change my password.

The other route I am going to work on, this script will be used for our help desk, I wil need to modify the sudoers so when the help desk logs on the can run this. That is later.

Aw some knowledge transfer -Charlie

Now for a message that says password lifetime has passed (see below)

Select an Option # from above: 5

Username to modify ada0160

Last successful password change for ada0160: Tue Nov 27 10:15:27 2007
Last unsuccessful password change for ada0160: Tue Apr 17 16:26:29 2007


Password cannot be changed. Reason: password lifetime has passed.
Dennis Handly
Acclaimed Contributor

Re: Script input

>Chris: try grep'ing it with the following:
grep $USER /etc/passwd|awk -F: '{ print $1 }'

To be pedantic, you should search in awk, or grep after awk. That way you don't find substrings or a name in the home directory. Or somewhere in the full name field. Or anchor the search as below.

>user1:WSzIkVWhiLvCM:1154:20:
>It must be an exact match or it won't work.

Then you would need to anchor it to the beginning:
grep "^${USER}:" /etc/passwd

>It is possible to do the entire line with a single awk command, but I use grep as a matter of habit.

Me too but I'm learning. :-)
Chris Vail
Honored Contributor

Re: Script input

>Chris: try grep'ing it with the following:
grep $USER /etc/passwd|awk -F: '{ print $1 }'

>To be pedantic, you should search in awk,
>or grep after awk. That way you don't find >substrings or a name in the home
>directory. Or somewhere in the full name
>field. Or anchor the search as below.

>>user1:WSzIkVWhiLvCM:1154:20:
>>It must be an exact match or it won't work.

>Then you would need to anchor it to the >beginning:
>grep "^${USER}:" /etc/passwd

>>It is possible to do the entire line with
>>a single awk command, but I use grep as a
>>matter of habit.

>Me too but I'm learning. :-)

Since we are being pedantic (and good sysadmins make pedantic an art form), the proper awk script reads:

awk -F: '/'^$USER'/ { print $1 }' /etc/passwd

There, thats the one-liner that we all ascribe to.
James R. Ferguson
Acclaimed Contributor

Re: Script input

Hi (again):

Well, consider this :

# USER=operator
# awk -F: '/'^$USER'/ { print $1 }' /etc/passwd
op
#
...so this is really a failed match since the user "op" isn't the user "operator".

This solves the problem, though:

# USER=operator
# awk -v USER=${USER} -F: '$1==USER { print $1 }' /etc/passwd
#

...that is, no match is found.

Now, in fairness to this thread, the first posting I did used "$1~USER" which suffers from the same mismatch that I just corrected :-(

Regards!

...JRF...
Charles Keyser
Frequent Advisor

Re: Script input

Thanks everyone for your help. Below is what I ended with and it works great. The command looks at the user, resets the password lifetime expired if needed then generates a temp password and displays on the screen, the sleep 10, is set to allow the Help Desk to write the number down and pass it on to the user, in turn they (user) can logon and rest their password

The last step of this is to add the script to the 3 servers I have and allow the Help Desk to logon using sudo. The next in the tread will be asking "How do I set the Help Desk up as a sudo user to have root access for this script" The password resets need to have root access. I have set up local users in the sudoers, any thoughts or ideas would be apperciated


5) echo "Username to modify \c"; read USER
TESTUSER=`awk -v USER=${USER} -F: '$1~USER { print $1 }' /etc/passwd`
if test "${USER}" != "${TESTUSER}"
then
echo "${USER} is invalid!"
echo "Press [ENTER] to continue. \c"
read NOTHING
else
#This command looks at the account if it has a password liftime expired it will reset the account and enable it and resets pasword
/usr/lbin/modprpw -x ${USER}
sleep 10
James R. Ferguson
Acclaimed Contributor

Re: Script input

Hi Charles:

You *need* to *change*:

TESTUSER=`awk -v USER=${USER} -F: '$1~USER { print $1 }' /etc/passwd`

...to:

TESTUSER=`awk -v USER=${USER} -F: '$1==USER { print $1 }' /etc/passwd`

...per my previous post citing my own boo-boo.

Regards!

...JRF...
Charles Keyser
Frequent Advisor

Re: Script input

Great, changed and tested, outstanding

Question about sudoers If I add the Help Desk in to the sudoers file (see below).
Will this allow then to run the script with root privileges or do I need to add
/usr/lbin/modprpw -x
In the sudoers file allowing the Help Desk authorization to run this as root?

drt9986 ALL=(ALL) NOPASSWD: ALL
cjk1402 ALL=(OP) NOPASSWD: ALL
jhf1366 ALL=(OP) NOPASSWD: ALL
HelpDesk ALL=(OP) NOPASSWD: ALL