Q: I’m trying to create a bash script that allows root to change a users password. It would go like this:
Enter username:
Enter new PW:
Then it would let you know “PW was changed for username”. If you enter a username that doesn’t exist it would still prompt you to change but would just say “PW could not be update for username”. I was thinking if statements might be best? Could you help point me in the right direction?
A: First let me start by saying I have no idea why you would want such a script. The script would take longer to run than just typing “passwd username”. I am assuming this is just a learning exercise, and I am all about learning.
Here is the script I came up with. It is well commented, but we can still break it down…
#!/bin/bash echo "Please enter username:" read username echo "Please enter the new password:" read -s password1 echo "Please repeat the new password:" read -s password2# Check both passwords match if [ $password1 != $password2 ]; then echo "Passwords do not match" exit fi # Does User exist? id $username &> /dev/null if [ $? -eq 0 ]; then echo "$username exists... changing password." else echo "$username does not exist - Password could not be updated for $username"; exit fi# Change password echo -e "$password1n$password1" | passwd $username
The Breakdown
1) #!/bin/bash
This is a shebang, and it tells the shell to run it as a bash script
2) echo “Please enter username:”
Echo basically tells the script to write stuff to the screen. This is the same for all the echo lines.
3) read username
This is an easy way to capture user input. It takes the input and saves it to the variable $username. The same thing happens for the password lines as well. Adding the -s option to read hides the input from being displayed on the screen so nobody can see the password being types.
4) if [ $password1 != $password2 ]
This checks both passwords inputted by the user match. Its a good way to confirm the user did not fat finger the password when typing it in. If the passwords do not match the script will exit and they can try again.
5) id $username
This will run the “id” command against the username that was fed to the script. This will tell us if it is a valid user or not. The exit status of the “id” command will be places into the $? variable automatically so we can check if the command returned a 0 or 1 status. If it was successful it will return a 0, which means the user exists. If it returns a 1, that shows an error and we can assume the user does not exist.
6) if [ $? -eq 0]
This is how we check the exit status of the above command.
7) echo -e “$password1n$password1” | passwd $username
This is how we change the password. echo -e means echo without carriage breaks at the end of the line. So this echo command will spit out the password, a return (same as hitting enter key) and then the password again. We pipe that output to the passwd command followed by the $username variable taken in step 2.
I did some minimal testing and this script seems to work fine. Feel free to ask any questions in the comments.
Your script worked great as expected. This is just a small portion of a much larger System Mgmt script I've been tasked with. The Problem is that I hardly ever used Linux until recently. I have many more questions if your willing to help. One that has been giving me trouble is, if I want to insert a command in this script to add/change a users comment in the /etc/passwd file i can't figure out how to add the comment. I'm trying to follow the command format (usermod -c "comment" LOGIN) but I cannot enter a comment? what am I missing? -stdin?
Many thanks Brother Curious (if that is your real name...),
Rev. SoulGlo
Here is how you could change the comment with a script:
#!/bin/bash
echo "Which user would you like to add a comment for?"
read user
echo "Enter the comment:"
read comment
# Change the users comment
usermod -c "$comment" $user
But, if you tell me what exactly you were trying, then I can tell you what you did wrong. You would probably learn more than me just posting scripts.
Hi Rev. SoulGlo,
Is there a unix equivalent of your scripts? Thanks in advance.
Jonathan
echo username:password | chpasswd -c
Is there a way for script to supply password it self? I mean read a file that exists in system and paste the values where ask for password.
Yes that is possible, but it a bad idea security wise to leave passwords in plain text on a system.
this work great for single host with single user, what if i have multiple hosts with single user and same password for all hosts? then how to implement this?
What if the password contains a "n"? Such as my@secretnpassword123
./resetpassword.sh: line 22: syntax error: unexpected end of file
^^^ getting this error, any fix?
Looks like the line before the last is wrong. A carriage return must be missing. I am fixing it now. Basically just move "#Change Password" down to it's own line.
Thanks a ton for the wonderful script. Just one suggestion that I have is to use a script friendly way to change the password such as: echo "$username:$password" | chpasswd