I have a project which requires me to make a script / sequence of commands to change the root password on a CentOS 7 installation.
I can assume the user that will be executing the script is already root.
Currently, I'm using the following, and getting a success message:
[root@localhost]# echo -e ‘password\npassword’ | (passwd --stdin root)
Changing password for user root.
passwd: all authentication tokens updated successfully.
However, this doesn't actually change the password. Upon further inspection (manually setting the password), I notice the password password fails a dictionary check, but still reports success at the end:
[root@localhost]# passwd
Changing password for user root.
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
One possible solution is to try hashing the given password based on the method and salt provided in /etc/shadow, but I would like to avoid an overly complicated solution. I could also check whether the value in /etc/shadow actually changed, but that ignores the case in which the password is set to what it already was, which I would like to support.
Does anyone have a suggestion on trying to validate the password before actually setting it, or, preferably, getting the FULL output from passwd ?
Best Answer
When using
passwd --stdinyou only need to send the password once. So correct version isIf your code sample is accurate then (a) you've got smart quotes there when you need straightforward forward quotes and (b) the password is probably being set to something like `password\npassword' (possibly with smart quotes either side).