views:

88

answers:

1

I would like a way to update my password on a remote Ubuntu 10.4 box with fabric.

I would expect my fabfile.py would look something like this:

def update_password(old_pw, new_pw):
    # Connects over ssh with a public key authentication
    run("some_passwd_cmd --old %s --new %s" % (old_pw, new_pd))

Unfortunately the only command I know of that lets one change the password is passwd, and on Ubuntu 10.4 there doesn't seem to be any way to pass in the new (or old) password as an argument to passwd.

What command could one use to change a user's password on Ubuntu 10.4 via fabric?

EDIT: I've had a look at usermod -p, and that may work but it isn't recommended by the man page.

EDIT: For some reason usermod -p wasn't working either over fabric.

As well, I've tried a (somewhat insecure) variation on mikej's answer that did solve the problem:

# connecting & running as root.
from fabric.api import *
from fabric.contrib import files

files.append("%s\n%s" % (passwd, passwd), '.pw.tmp')
# .pw.tmp:
# PASSWD
# PASSWD

run("passwd %s < .pw.tmp" % user)

run("rm .pw.tmp")

It's not a very elegant solution, but it works.

Thank you for reading.

Brian

+3  A: 

You could feed the new and old passwords into passwd using echo e.g.

echo -e "oldpass\\nnewpass\\nnewpass" | passwd

(the -e option for echo enables interpretation of backslash escapes so the newlines are interpreted as such)

mikej
@Mikej - thanks for the reply. I've been trying this, but I'm having what I think is trouble with escaping. In particular `run("echo -e \"%s\\n%s\\n%s\" | /usr/bin/passwd" % (old_pw, new_pw, new_pw))` doesn't work (i.e. returns "UNIX password: passwd: Authentication token manipulation error")
Brian M. Hunt
You might need to double escape the \ (once for Python and once for echo) e.g. `\\\\n` for each newline
mikej
@Mikej: When I run this from the the command line, it works fine. However, when I run it over `fabric`, I get the following: `UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error`
Brian M. Hunt
I've tried `run("echo -e \"%s\\\\n%s\" | passwd %s" % (passwd, passwd, user), shell=False)` results in the command `echo -e "PASSWD\\nPASSWD" | passwd USER` (for `passwd=PASSWD`, `user=USER`). Which, alas, results in 'UNIX password: passwd: Authentication token manipulation error'. When I run the `echo` command from the shell it works as expected.
Brian M. Hunt
Are there any characters in the new or old password that might also need escaping (try temporarily changing the password to a simple alphanumeric one.) Also, I presume you are including the new password confirmation as in your first comment even though you haven't included it in the most recent comment?
mikej
@mijek: I get the same results with passwords that are [a-zA-Z] - but good suggestion to check. Quite correct on the password confirmation; in the interim (to simplify things) I switched from fabric's `run` to `sudo` (so the user's current password is not required).
Brian M. Hunt