How to Switch to Root User Without Entering Password in Bash Script on Redhat

As a root user can I execute commands in BASH as another user without requiring a password?

In the second example, the $USER variable is expanded before su is executed. This can be prevented by quoting EOF.

su other_user <<'EOF'
echo Current user: $USER
EOF

Or you can execute the script to do it in the root shell, also using a here-doc:

su other_user <<END
bash user.sh
END

or you can use the -c option to su:

su other_user -c 'bash user.sh'

How to make passwordless switch to another user in a shell script

You don't use "su" with the sudoers file, you need to use "sudo". So, you'd want a command line like:

sudo su - hduser

which would do want you want, provided you had the appropriate lines in the sudoers file. A line like this:

hadoopmaster ALL=(ALL:ALL) NOPASSWD: su - hduser

should do the trick.

How to run script as another user without password?

Call visudo and add this:

user1 ALL=(user2) NOPASSWD: /home/user2/bin/test.sh

The command paths must be absolute! Then call sudo -u user2 /home/user2/bin/test.sh from a user1 shell. Done.

How to create a shell script to change the password without prompt?

$> echo -e -n "oldpasswd\nnewpasswd\nnewpasswd" | passwd

Or to make things a cleaner way, write a file with your passwords

oldpassword
newpassword
newpassword

and use the following command: $> passwd < file

The pipe and redirection operators are replacing the standard input with either the content of the file redirected, either the output of the command piped.

How to automatically add user account AND password with a Bash script?

You can run the passwd command and send it piped input. So, do something like:

echo thePassword | passwd theUsername --stdin

How do I use su to execute the rest of the bash script as that user?

The trick is to use "sudo" command instead of "su"

You may need to add this

username1 ALL=(username2) NOPASSWD: /path/to/svn

to your /etc/sudoers file

and change your script to:

sudo -u username2 -H sh -c "cd /home/$USERNAME/$PROJECT; svn update" 

Where username2 is the user you want to run the SVN command as and username1 is the user running the script.

If you need multiple users to run this script, use a %groupname instead of the username1

How do I set a blank password for the root user in slitaz

Do you really want to allow logins without a password? If so, try passwd -d root (see warnings below)

● Do you really want to have an empty password? echo root: | chpasswd or, if that is rejected, echo "root:$(mkpasswd -s </dev/null)" | chpasswd -e (see warnings below)

● For those coming here in search of a way to block password login for root, you have options:

  1. passwd -l root disables (locks), passwd -u root re-enables (unlocks) the root password.
  2. sshd option PasswordAuthentication no disables password authentification for all users (via ssh)
  3. sshd option PermitRootLogin no disables root login (via ssh)
  4. sshd option PermitRootLogin prohibit-password disables root login with password (via ssh)

Notes and warnings:

  • ⚠️ Make sure you have a way to log in even if you accidentally lock your password. For example, a second user with full sudo access. (If you try to configure no / an insecure password, your system might actually lock you out.)
  • passwd -d root can allow for root login without password!
  • ⚠️ this is a terrible idea on systems connected to the internet. Don't do it except in an isolated host or network. An empty password is arguably worse.
  • that's why your system setup might still disallow logins without password (or with empty password) if you remove the password (or set it to the empty string). Especially via SSH.
  • SSH with public keys, and something ssh-agent is the way to go if you want the convenience of not repeatedly entering your password
  • SSH with public keys, and an unencrypted private key is the way to go if you want to run commands from remote scripts. There is a PermitRootLogin forced-commands-only sshd option; when set the remote script can only trigger specific commands that you need to configure on the server.

Usually, passwords are usually saved in salted&hashed form in /etc/shadow. For more information, read the manpage with man shadow 5.
Authentication can be blocked in the configuration of the SSH server (see man sshd_config) or in the OS's authentification system (see "PAM" - Linux Pluggable Authentication Modules).

Using the passwd command from within a shell script

from "man 1 passwd":

   --stdin
This option is used to indicate that passwd should read the new
password from standard input, which can be a pipe.

So in your case

adduser "$1"
echo "$2" | passwd "$1" --stdin

[Update] a few issues were brought up in the comments:

Your passwd command may not have a --stdin option: use the chpasswd
utility instead, as suggested by ashawley.

If you use a shell other than bash, "echo" might not be a builtin command,
and the shell will call /bin/echo. This is insecure because the password
will show up in the process table and can be seen with tools like ps.

In this case, you should use another scripting language. Here is an example in Perl:

#!/usr/bin/perl -w
open my $pipe, '|chpasswd' or die "can't open pipe: $!";
print {$pipe} "$username:$password";
close $pipe


Related Topics



Leave a reply



Submit