Q:  I’m trying to create a bash script that allows root to change a users password. It would go like this:
Enter username:
Enter new PW:
Then it would let you know “PW was changed for username”. If you enter a username that doesn’t exist it would still prompt you to change but would just say “PW could not be update for username”.  I was thinking if statements might be best? Could you help point me in the right direction?

A: First let me start by saying I have no idea why you would want such a script.  The script would take longer to run than just typing “passwd username”.  I am assuming this is just a learning exercise, and I am all about learning.

Here is the script I came up with. It is well commented, but we can still break it down…

#!/bin/bash
echo "Please enter username:"
read username
echo "Please enter the new password:"
read -s password1
echo "Please repeat the new password:"
read -s password2
# Check both passwords match
if [ $password1 != $password2 ]; then
    echo "Passwords do not match"
     exit    
fi
# Does User exist?
id $username &> /dev/null
if [ $? -eq 0 ]; then
    echo "$username exists... changing password."
else
    echo "$username does not exist - Password could not be updated for $username"; exit 
fi
# Change password
echo -e "$password1n$password1" | passwd $username

The Breakdown

1) #!/bin/bash
This is a shebang, and it tells the shell to run it as a bash script

2) echo “Please enter username:”
Echo basically tells the script to write stuff to the screen.  This is the same for all the echo lines.

3) read username
This is an easy way to capture user input.  It takes the input and saves it to the variable $username.  The same thing happens for the password lines as well.  Adding the -s option to read hides the input from being displayed on the screen so nobody can see the password being types.

4) if [ $password1 != $password2 ]
This checks both passwords inputted by the user match.  Its a good way to confirm the user did not fat finger the password when typing it in.  If the passwords do not match the script will exit and they can try again.

5) id $username
This will run the “id” command against the username that was fed to the script.  This will tell us if it is a valid user or not.  The exit status of the “id” command will be places into the $? variable automatically so we can check if the command returned a 0 or 1 status.  If it was successful it will return a 0, which means the user exists.  If it returns a 1, that shows an error and we can assume the user does not exist.

6) if [ $? -eq 0]
This is how we check the exit status of the above command.

7)  echo -e “$password1n$password1” | passwd $username
This is how we change the password.  echo -e means echo without carriage breaks at the end of the line.  So this echo command will spit out the password, a return (same as hitting enter key) and then the password again.  We pipe that output to the passwd command followed by the $username variable taken in step 2.

I did some minimal testing and this script seems to work fine.  Feel free to ask any questions in the comments.

Additional Reading