How to set password from command line

On 2008-06-24, Ignoramus19021 wrote:
> I want a NON-INTERACTIVE command to set root password.
>
> Similar to how I can set a samba password by supplying an encrypted
> password on command line, or a password for the user in a self install
> CD.
>
> I am not interested in BS lectures about security.
>
> This is for a large number of GUI-less production machines that we'll
> be setting up, not for grandma's web browser box. The machines are all
> fully configured with a big install script, except that I need to set
> root password manually, which I do not like to do.
>
> So. Is there some way to set
>
> set-encrypted-password root <encrypted password>

man passwd:

--stdin
This option is used to indicate that passwd should read
the new password from standard input, which can be a
pipe.


--
Chris F.A. Johnson, author | <http://cfaj.freeshell.org>
Shell Scripting Recipes: | My code in this post, if any,
A Problem-Solution Approach | is released under the
2005, Apress | GNU General Public Licence

I want a NON-INTERACTIVE command to set root password.

Similar to how I can set a samba password by supplying an encrypted
password on command line, or a password for the user in a self install
CD.

I am not interested in BS lectures about security.

This is for a large number of GUI-less production machines that we'll
be setting up, not for grandma's web browser box. The machines are all
fully configured with a big install script, except that I need to set
root password manually, which I do not like to do.

So. Is there some way to set

set-encrypted-password root <encrypted password>

thanks

--
Due to extreme spam originating from Google Groups, and their inattention
to spammers, I and many others block all articles originating
from Google Groups. If you want your postings to be seen by
more readers you will need to find a different means of
posting on Usenet.
http://improve-usenet.org/

On 2008-06-24, Chris F.A. Johnson <cfajohnson@gmail.com> wrote:
> On 2008-06-24, Ignoramus19021 wrote:
>> I want a NON-INTERACTIVE command to set root password.
>>
>> Similar to how I can set a samba password by supplying an encrypted
>> password on command line, or a password for the user in a self install
>> CD.
>>
>> I am not interested in BS lectures about security.
>>
>> This is for a large number of GUI-less production machines that we'll
>> be setting up, not for grandma's web browser box. The machines are all
>> fully configured with a big install script, except that I need to set
>> root password manually, which I do not like to do.
>>
>> So. Is there some way to set
>>
>> set-encrypted-password root <encrypted password>
>
> man passwd:
>
> This option is used to indicate that passwd should read
> the new password from standard input, which can be a
> pipe.
>
>

I think that your passwd is different from my passwd, mine does not
have this option. And I would prefer to deal with an excrypted
password.
--
Due to extreme spam originating from Google Groups, and their inattention
to spammers, I and many others block all articles originating
from Google Groups. If you want your postings to be seen by
more readers you will need to find a different means of
posting on Usenet.
http://improve-usenet.org/

Ignoramus19021 wrote:

>>> I am not interested in BS lectures about security.
> And I would prefer to deal with an excrypted password.

Uhm...reread the two phrases above. Anyway, why not edit /etc/shadow
directly then?

awk -F':' -v OFS=':' '/^root/{$2=encryptedpassw}1' /etc/shadow > newshadow

--
D.

Dave B wrote:
> Ignoramus19021 wrote:
>
>>>> I am not interested in BS lectures about security.
>> And I would prefer to deal with an excrypted password.
>
> Uhm...reread the two phrases above. Anyway, why not edit /etc/shadow
> directly then?
>
> awk -F':' -v OFS=':' '/^root/{$2=encryptedpassw}1' /etc/shadow > newshadow

With sed you can even do in-place editing (carefully):

sed -i 's/^root:[^:]*/root:encryptedpassword/' /etc/shadow

--
D.

On 2008-06-24, Dave B <daveb@addr.invalid> wrote:
> Ignoramus19021 wrote:
>
>>>> I am not interested in BS lectures about security.
>> And I would prefer to deal with an excrypted password.
>
> Uhm...reread the two phrases above. Anyway, why not edit /etc/shadow
> directly then?
>
> awk -F':' -v OFS=':' '/^root/{$2=encryptedpassw}1' /etc/shadow > newshadow
>

I think that your answer will work. I was hoping that there is a tool
"guaranteed" to work and a member of the passwd family, but worst case
is, I can do it with a script as you said.

Your command does not seem to work actually:

$$$ awk -F':' -v OFS=':' '/^root/{$2=encryptedpassw}1' /etc/shadow |grep root
root::13944:0:99999:7:::

I thought that the password field would get set to encryptedpassw?

--
Due to extreme spam originating from Google Groups, and their inattention
to spammers, I and many others block all articles originating
from Google Groups. If you want your postings to be seen by
more readers you will need to find a different means of
posting on Usenet.
http://improve-usenet.org/

Ignoramus19021 wrote:
> On 2008-06-24, Dave B <daveb@addr.invalid> wrote:
>> Ignoramus19021 wrote:
>>
>>>>> I am not interested in BS lectures about security.
>>> And I would prefer to deal with an excrypted password.
>> Uhm...reread the two phrases above. Anyway, why not edit /etc/shadow
>> directly then?
>>
>> awk -F':' -v OFS=':' '/^root/{$2=encryptedpassw}1' /etc/shadow > newshadow
>>
>
> I think that your answer will work. I was hoping that there is a tool
> "guaranteed" to work and a member of the passwd family, but worst case
> is, I can do it with a script as you said.
>
> Your command does not seem to work actually:
>
> $$$ awk -F':' -v OFS=':' '/^root/{$2=encryptedpassw}1' /etc/shadow |grep root
> root::13944:0:99999:7:::

Of course, you have to supply the actual encrypted password, either directly, eg

awk -F':' -v OFS=':' '/^root/{$2="%@/&-:()"}1' /etc/shadow |grep root

or with a variable, eg

awk -F':' -v OFS=':' -v pw='%@/&-:()' '/^root/{$2=pw}1' /etc/shadow

Replace the "%@/&-:()" string with the actual encrypted password.

--
D.

At Tue, 24 Jun 2008 11:09:50 -0500 Ignoramus19021 <ignoramus19021@NOSPAM.19021.invalid> wrote:

>
> On 2008-06-24, Chris F.A. Johnson <cfajohnson@gmail.com> wrote:
> > On 2008-06-24, Ignoramus19021 wrote:
> >> I want a NON-INTERACTIVE command to set root password.
> >>
> >> Similar to how I can set a samba password by supplying an encrypted
> >> password on command line, or a password for the user in a self install
> >> CD.
> >>
> >> I am not interested in BS lectures about security.
> >>
> >> This is for a large number of GUI-less production machines that we'll
> >> be setting up, not for grandma's web browser box. The machines are all
> >> fully configured with a big install script, except that I need to set
> >> root password manually, which I do not like to do.
> >>
> >> So. Is there some way to set
> >>
> >> set-encrypted-password root <encrypted password>
> >
> > man passwd:
> >
> > This option is used to indicate that passwd should read
> > the new password from standard input, which can be a
> > pipe.
> >
> >
>
> I think that your passwd is different from my passwd, mine does not
> have this option. And I would prefer to deal with an excrypted
> password.

If you already have a properly encrypted password:

# assumes that the shell variable encryptedpassword contains the
# properly encrypted password
# Use sed to directly edit the passwd file (it is after all just a *plain
# text file*).
sed "s/^root:[^:]*:/root:$encryptedpassword:/g" </etc/passwd >/etc/passwd.new
# Paranoid backups of /etc/passwd (trashing this file can be bad news!)
cp -f /etc/passwd /etc/passwd.old
mv -f /etc/passwd.new /etc/passwd
# Update /etc/shadow file
pwck -r
pwconv

(If everything is sane, you can remove /etc/passwd.old at your leisure.)

If you are using RHEL/CentOS (or FC), I believe the kickstart shell can
do this OR the above can be incorporated into the kickstart process.

--
Robert Heller -- Get the Deepwoods Software FireFox Toolbar!
Deepwoods Software -- Linux Installation and Administration
http://www.deepsoft.com/ -- Web Hosting, with CGI and Database
heller@deepsoft.com -- Contract Programming: C/C++, Tcl/Tk

On 2008-06-24, Robert Heller <heller@deepsoft.com> wrote:
> At Tue, 24 Jun 2008 11:09:50 -0500 Ignoramus19021 <ignoramus19021@NOSPAM.19021.invalid> wrote:
>
>>
>> On 2008-06-24, Chris F.A. Johnson <cfajohnson@gmail.com> wrote:
>> > On 2008-06-24, Ignoramus19021 wrote:
>> >> I want a NON-INTERACTIVE command to set root password.
>> >>
>> >> Similar to how I can set a samba password by supplying an encrypted
>> >> password on command line, or a password for the user in a self install
>> >> CD.
>> >>
>> >> I am not interested in BS lectures about security.
>> >>
>> >> This is for a large number of GUI-less production machines that we'll
>> >> be setting up, not for grandma's web browser box. The machines are all
>> >> fully configured with a big install script, except that I need to set
>> >> root password manually, which I do not like to do.
>> >>
>> >> So. Is there some way to set
>> >>
>> >> set-encrypted-password root <encrypted password>
>> >
>> > man passwd:
>> >
>> > This option is used to indicate that passwd should read
>> > the new password from standard input, which can be a
>> > pipe.
>> >
>> >
>>
>> I think that your passwd is different from my passwd, mine does not
>> have this option. And I would prefer to deal with an excrypted
>> password.
>
> If you already have a properly encrypted password:
>
> # assumes that the shell variable encryptedpassword contains the
> # properly encrypted password
> # Use sed to directly edit the passwd file (it is after all just a *plain
> # text file*).
> sed "s/^root:[^:]*:/root:$encryptedpassword:/g" </etc/passwd >/etc/passwd.new
> # Paranoid backups of /etc/passwd (trashing this file can be bad news!)
> cp -f /etc/passwd /etc/passwd.old
> mv -f /etc/passwd.new /etc/passwd
> # Update /etc/shadow file
> pwck -r
> pwconv
>
> (If everything is sane, you can remove /etc/passwd.old at your leisure.)
>
> If you are using RHEL/CentOS (or FC), I believe the kickstart shell can
> do this OR the above can be incorporated into the kickstart process.
>

I am using ubuntu Gutsy and I made a custom kickstart disk.

The self install script that I am talking about, runs from the
kickstart process.

I think that I will do something along the above lines.
--
Due to extreme spam originating from Google Groups, and their inattention
to spammers, I and many others block all articles originating
from Google Groups. If you want your postings to be seen by
more readers you will need to find a different means of
posting on Usenet.
http://improve-usenet.org/

On 2008-06-24, Dave B <daveb@addr.invalid> wrote:
> Ignoramus19021 wrote:
>> On 2008-06-24, Dave B <daveb@addr.invalid> wrote:
>>> Ignoramus19021 wrote:
>>>
>>>>>> I am not interested in BS lectures about security.
>>>> And I would prefer to deal with an excrypted password.
>>> Uhm...reread the two phrases above. Anyway, why not edit /etc/shadow
>>> directly then?
>>>
>>> awk -F':' -v OFS=':' '/^root/{$2=encryptedpassw}1' /etc/shadow > newshadow
>>>
>>
>> I think that your answer will work. I was hoping that there is a tool
>> "guaranteed" to work and a member of the passwd family, but worst case
>> is, I can do it with a script as you said.
>>
>> Your command does not seem to work actually:
>>
>> $$$ awk -F':' -v OFS=':' '/^root/{$2=encryptedpassw}1' /etc/shadow |grep root
>> root::13944:0:99999:7:::
>
> Of course, you have to supply the actual encrypted password, either directly, eg
>
> awk -F':' -v OFS=':' '/^root/{$2="%@/&-:()"}1' /etc/shadow |grep root
>
> or with a variable, eg
>
> awk -F':' -v OFS=':' -v pw='%@/&-:()' '/^root/{$2=pw}1' /etc/shadow
>
> Replace the "%@/&-:()" string with the actual encrypted password.
>

this one works great, thanks a lot
--
Due to extreme spam originating from Google Groups, and their inattention
to spammers, I and many others block all articles originating
from Google Groups. If you want your postings to be seen by
more readers you will need to find a different means of
posting on Usenet.
http://improve-usenet.org/