tags:

views:

88

answers:

1
+1  Q: 

Change Unix password from command line over Python/Fabric

I would like a way to update my password on a remote Ubuntu 10.4 box with fabric.

I would expect my fabfile.py would look something like this:

def update_password(old_pw, new_pw):
    # Connects over ssh with a public key authentication
    run("some_passwd_cmd --old %s --new %s" % (old_pw, new_pd))

Unfortunately the only command I know of that lets one change the password is passwd, and on Ubuntu 10.4 there doesn't seem to be any way to pass in the new (or old) password as an argument to passwd.

What command could one use to change a user's password on Ubuntu 10.4 via fabric?

EDIT: I've had a look at usermod -p, and that may work but it isn't recommended by the man page.

EDIT: For some reason usermod -p wasn't working either over fabric.

As well, I've tried a (somewhat insecure) variation on mikej's answer that did solve the problem:

# connecting & running as root.
from fabric.api import *
from fabric.contrib import files

files.append("%s\n%s" % (passwd, passwd), '.pw.tmp')
# .pw.tmp:
# PASSWD
# PASSWD

run("passwd %s < .pw.tmp" % user)

run("rm .pw.tmp")

It's not a very elegant solution, but it works.

Thank you for reading.

Brian

+3  A: 

You could feed the new and old passwords into passwd using echo e.g.

echo -e "oldpass\\nnewpass\\nnewpass" | passwd

(the -e option for echo enables interpretation of backslash escapes so the newlines are interpreted as such)

mikej  2010-06-20 19:30:06
@Mikej - thanks for the reply. I've been trying this, but I'm having what I think is trouble with escaping. In particular `run("echo -e \"%s\\n%s\\n%s\" | /usr/bin/passwd" % (old_pw, new_pw, new_pw))` doesn't work (i.e. returns "UNIX password: passwd: Authentication token manipulation error")
Brian M. Hunt  2010-06-20 19:33:26
You might need to double escape the \ (once for Python and once for echo) e.g. `\\\\n` for each newline
mikej  2010-06-20 19:41:53
@Mikej: When I run this from the the command line, it works fine. However, when I run it over `fabric`, I get the following: `UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error`
Brian M. Hunt  2010-06-20 19:43:26
I've tried `run("echo -e \"%s\\\\n%s\" | passwd %s" % (passwd, passwd, user), shell=False)` results in the command `echo -e "PASSWD\\nPASSWD" | passwd USER` (for `passwd=PASSWD`, `user=USER`). Which, alas, results in 'UNIX password: passwd: Authentication token manipulation error'. When I run the `echo` command from the shell it works as expected.
Brian M. Hunt  2010-06-20 20:05:07
Are there any characters in the new or old password that might also need escaping (try temporarily changing the password to a simple alphanumeric one.) Also, I presume you are including the new password confirmation as in your first comment even though you haven't included it in the most recent comment?
mikej  2010-06-20 20:16:07
@mijek: I get the same results with passwords that are [a-zA-Z] - but good suggestion to check. Quite correct on the password confirmation; in the interim (to simplify things) I switched from fabric's `run` to `sudo` (so the user's current password is not required).
Brian M. Hunt  2010-06-20 21:09:42

related questions

Obscuring network proxy password in plain text files on Linux/UNIX-likes
Why doesn't **find** find anything?
Getting stack traces on Unix systems, automatically
Differences between unix and windows files
How do you do a case insensitive search using a pattern modifier using less ?
Using Visual Studio to develop for C++ for Unix
How do I generate ASCII codes 2 and 3 in a Bash command line?
What's in your .procmailrc
Allow user to set up an SSH tunnel, but nothing else
What is PHP Safe Mode GID?
How to avoid redefining VERSION, PACKAGE, etc.
How can I encode xml files to xfdl (base64-gzip)?
Faster way to find duplicates conditioned by time
Date arithmetic in Unix shell scripts
Using Xming X Window Server over a VPN
Windows Equivalent of 'nice'
How do I configure and communicate with a serial port?
Choosing a static code analysis tool
What should a longtime Windows user know when starting to use Linux?
How do I use (n)curses in Ruby?
Process size on UNIX
Getting root permissions on a file inside of vi?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
Fastest way to get value of pi