0

I have this script in which a user can change its password using passwd transparently. The script itself is executed by root, launching it with

su - <user> -c "script"

I know it might not be very safe a way to launch the script but that is how it is and I have no lattitude to change that part.

My problem is that when called, passwd displays the following:

Changing password for user <user>.
Changing password for <user>
current (UNIX) password:
New UNIX password:
Retype new UNIX password:

Several things to note here:

  1. Why does it even begin with two lines ? It seems the first is displayed when root calls passwd for and the second when calls passwd on himself. Can it be the start of an explanation ?
  2. I need to filter some words out of those prompts. I thought of using a combination of greps and seds piped one after the other but here is the trick: the two first lines seem to be outputed to stdout, but the others to stderr. When I try to redirect stderr to stdout to treat it, nothing gets displayed anymore.

Has anyone got any answer or tips regarding this situation ? Thanks a lot.

(First question here so do not hesitate to ask for more info.)

Vartaghan
  • 1
  • 1
  • 1
    I copy of the script would be nice – Rolf of Saxony Sep 24 '15 at 12:13
  • Sometimes password prompts are written directly to your tty, so you may not be able to hide them easily. I'd recommend, if you're painted into this particular corner, that you checkout the `expect` language. – glenn jackman Sep 24 '15 at 14:20
  • I'm sorry @RolfofSaxony, the minimum version of the script is basically nothing but calling passwd | grep -v user (the word user, not the username ). I'll have a look to expect. Thanks. – Vartaghan Sep 24 '15 at 15:32
  • @Vartaghan Why are you even bothering with this script. Any user can change their password by typing `passwd` directly onto the command line themselves, without messing about with that `su - -c "script"` business. – Rolf of Saxony Sep 24 '15 at 16:13
  • Because the user does not have access to pure shell, but to a menu running over it, and, among other choices, allows him to change the password. The menu is loaded from inittab so by root. I do not have much of a choice here. – Vartaghan Sep 25 '15 at 07:22

1 Answers1

0

Try keying: 

su - vartaghan -c passwd

onto the command line and then contrast that with keying:

passwd

onto the command line.

The answer is right there. Because you are using su to implement the command it requires the password to be keyed in and then the passwd command becomes active, which requires the password all over again.
Your best option would be to change the way that the menu which runs for your users, starts this password changing shell, by simply issuing the passwd command.

Edit: If you want to get rid of the I/O use something like:

(echo $1; echo $2; echo $2) | passwd &>/dev/null

Which requires that you run the script as myscript oldpassword newpassword

Rolf of Saxony
  • 21,661
  • 5
  • 39
  • 60