Four ways to non-interactively set passwords in Linux
Manually setting or resetting passwords for a large chunk of users is a painfully boring task & is definitely not the best use of our time. In this article, I’ll share four methods to automate this process. Non-Interactively Set Passwords in Linux.
Method1: Use chpasswd Non-Interactively Set Passwords
Using chpasswd we can set or reset login passwords for many users non-interactively.
The chpasswd command reads a list of username and password pairs from standard input and uses this information to update a group of existing users.
Each line is in the format:
We just need to add the username & password in a text file in the form of a key-value pair in the syntax shown above & serve this text file as input to chpasswd command & that is all we need to do.
Here’s a demo:
I’ve created a few users and have added the usernames and their corresponding passwords in a text file.
Given below is the content of the file.
[root@sahil-centos ~]# cat pass.txt testuser1:TestpA$$123 testuser2:TestpA$$124 testuser3:Testpa$$123 testuser4:TestpA$$152 [root@sahil-centos ~]#
Now we just need to feed it to chpasswd to set the passwords for these users.
[root@sahil-centos ~]# chpasswd <pass.txt
In case we do not want to use a text file to feed input to the chpasswd command due to security concerns then you can execute chpasswd directly, type the username and password separated by colons and press ctrl+d to stop feeding input to chpasswd.
By default, the passwords must be supplied in clear-text, and are encrypted by chpasswd.
chpasswd command works by first updating all the passwords in memory and then commits all the changes to disk if no errors occurred for any user.
This command is intended to be used in a large system environment where many accounts are created at a single time.
Method2: Use stdin
This is another simple method wherein we echo out the password to passwd <user name> command via –stdin.
The –stdin option lets the passwd command accept a password from STDIN instead of asking for the new password twice which is the commands’ default behavior.
Here’s an example:
[root@sahil-centos ~]# echo "TeStP_w0rD" | passwd testuser1 --stdin Changing password for user testuser1. passwd: all authentication tokensupdated successfully.
Method3: Use echo
We know that the passwd command asks the user to supply the password twice (separated by enter key press) when setting or changing it.
Using echo with -e option and a pipe we can emulate entering the password twice separated by an enter key press.
Here is an example:
[root@sahil-centos ~]# echo -e "TeStP_wOr1\nTeStP_wOr1" | passwd testuser2 Changing password for user testuser2. New password: Retype new password: passwd: all authenticationtokens updated successfully.
When we use the -e option with echo it allows us to use escape sequences like \n. The \n character is an escape sequence denoting the new line character and emulates an enter key press.
The pipe redirects the output of echo command which is basically the password we’d like to set written twice separated by the newline character to the input of the passwd command which accepts this input and changes the users’ password.
You may use this method on older versions of the bash shell where –stdin might not be working.
Method 4: Use expect
Expect is an entire programming language based on TCL and is intended to automate tasks which would require interactive input.
For the purposes of this article, we’ll barely scratch the surface and I’ll share how we may use it to reset user passwords non-interactively.
Given below is the expect script that we’ll be using to reset passwords non-interactively.
#!/usr/bin/expect set timeout 10 set user [lindex $argv 0] set password [lindex $argv 1] spawn passwd $user expect "password:" send "$password\r" expect "password:" send "$password\r" expect eof
Let’s reset a user’s password using this quick script.
[root@sahil-centos ~]# ./reset.expect testuser4 TeStP_w0r7 spawn passwd testuser4 Changing password for user testuser4. New password: Retype new password: passwd: all authentication tokens updatedsuccessfully.
- Without getting into too much detail regarding expect I’ll explain the working of the script.
- It accepts two arguments the first being the username and the second being the password.
- The username and password typed as arguments are saved in variables user and password respectively.
- After accepting the arguments the script executes the passwd command for the user.
Next, we have a combination of expect and send statements to non-interactively change the users’ password.
This may not seem very useful at first but we can put the usernames and password in a file and then iterate the script over them in a for loop.
That’s it about Non-Interactively Set Passwords in Linux.