Four ways to non-interactively set passwords in Linux

by ·

Manually setting or resetting passwords for a large chunk of users is a painfully boring task & is definitely not the best use of our time. In this article, I’ll share four methods to automate this process. Non-Interactively Set Passwords in Linux.

[wp_camp_ad_1]

Method1: Use chpasswd Non-Interactively Set Passwords

Using chpasswd we can set or reset login passwords for many users non-interactively.
The chpasswd command reads a list of username and password pairs from standard input and uses this information to update a group of existing users.

Each line is in the format:

user_name:password

We just need to add the username & password in a text file in the form of a key-value pair in the syntax shown above & serve this text file as input to chpasswd command & that is all we need to do.

Here’s a demo:

I’ve created a few users and have added the usernames and their corresponding passwords in a text file.
Given below is the content of the file.

[root@sahil-centos ~]# cat pass.txt
testuser1:TestpA$$123
testuser2:TestpA$$124
testuser3:Testpa$$123
testuser4:TestpA$$152
[root@sahil-centos ~]#

Now we just need to feed it to chpasswd to set the passwords for these users.

[root@sahil-centos ~]# chpasswd <pass.txt

In case we do not want to use a text file to feed input to the chpasswd command due to security concerns then you can execute chpasswd directly, type the username and password separated by colons and press ctrl+d to stop feeding input to chpasswd.

By default, the passwords must be supplied in clear-text, and are encrypted by chpasswd.
chpasswd command works by first updating all the passwords in memory and then commits all the changes to disk if no errors occurred for any user.
This command is intended to be used in a large system environment where many accounts are created at a single time.

Method2: Use stdin

This is another simple method wherein we echo out the password to passwd <user name> command via –stdin.
The –stdin option lets the passwd command accept a password from STDIN instead of asking for the new password twice which is the commands’ default behavior.

[wp_camp_ad_2]

Here’s an example:

[root@sahil-centos ~]# echo "TeStP_w0rD" | passwd testuser1 --stdin
Changing password for user testuser1.
passwd: all authentication tokensupdated successfully.

Method3: Use echo

We know that the passwd command asks the user to supply the password twice (separated by enter key press) when setting or changing it.
Using echo with -e option and a pipe we can emulate entering the password twice separated by an enter key press.
Here is an example:

[root@sahil-centos ~]# echo -e "TeStP_wOr1\nTeStP_wOr1" | passwd testuser2
Changing password for user testuser2.
New password: Retype new password: passwd: all authenticationtokens updated successfully.

When we use the -e option with echo it allows us to use escape sequences like \n. The \n character is an escape sequence denoting the new line character and emulates an enter key press.

The pipe redirects the output of echo command which is basically the password we’d like to set written twice separated by the newline character to the input of the passwd command which accepts this input and changes the users’ password.

You may use this method on older versions of the bash shell where –stdin might not be working.

Method 4: Use expect

Expect is an entire programming language based on TCL and is intended to automate tasks which would require interactive input.
For the purposes of this article, we’ll barely scratch the surface and I’ll share how we may use it to reset user passwords non-interactively.

Given below is the expect script that we’ll be using to reset passwords non-interactively.

#!/usr/bin/expect

set timeout 10
set user [lindex $argv 0]
set password [lindex $argv 1]
spawn passwd $user
expect "password:"
send "$password\r"
expect "password:"
send "$password\r"

expect eof

Let’s reset a user’s password using this quick script.

[root@sahil-centos ~]# ./reset.expect testuser4 TeStP_w0r7
spawn passwd testuser4
Changing password for user testuser4.
New password:
Retype new password:
passwd: all authentication tokens updatedsuccessfully.
  • Without getting into too much detail regarding expect I’ll explain the working of the script.
  • It accepts two arguments the first being the username and the second being the password.
  • The username and password typed as arguments are saved in variables user and password respectively.
  • After accepting the arguments the script executes the passwd command for the user.

Next, we have a combination of expect and send statements to non-interactively change the users’ password.

This may not seem very useful at first but we can put the usernames and password in a file and then iterate the script over them in a for loop.

That’s it about Non-Interactively Set Passwords in Linux.

Related Articles

List all Windows VM Names using Shell Script

Real Time CPU Utilization Monitoring Shell Script

LVM Multipath

Thanks for your wonderful Support and Encouragement

Tags:

Sahil Suri

I am a system administrator who loves to learn and share my knowledge with the community. I've been working in the IT industry since 2011.

Leave a Reply

Your email address will not be published. Required fields are marked *