How to add a user without knowing the encrypted form of the password?

Question

I use the following command to create a user in a linux machine:

useradd -d /home/dummy -g idiots -m -p 12345689 dummy

The user is created and the home directory as well.
The problem is that I can not log-in to the system using this account since the -p expects the encrypted password returned by crypto.

Question:I want to create a user via a bash script and I don't know the encrypted password by crypto. How can I do it so that I am able to create this user automatically via a script and get arround the problem with the password?

user9517 · Accepted Answer · 2012-03-08T14:38:01.277

15

You can use openssl to generate pre encrypted password strings to use with the -p option to useradd

echo "P4sSw0rD" | openssl passwd -1 -stdin

$1$Jxmpx1Da$Y8MzBctIyDW8/7pFPbNWD1

The -1 says to generate a MD5 password hash. The salt is automatically generated.

You can then use

useradd -d /home/dummy -g idiots -m -p $(echo "P4sSw0rD" | openssl passwd -1 -stdin) dummy

to add the user. To do this interactively hiding the password

useradd -d /home/dummy -g idiots -m -p $(read -sp Password: pw ; echo $pw | openssl passwd -1 -stdin) dummy

edited Mar 08 '12 at 14:38

answered Mar 08 '12 at 10:17

user9517

114,104
20
206
289

Is openssl command available in ALL linux installations by default?Can I count on it? – Jim Mar 08 '12 at 10:51
Also `echo` will show the password in the console.How can I avoid this? – Jim Mar 08 '12 at 10:52
@Jim: If not all, then 99%. It's part of the SSH client and server packages, so it's almost always installed, though technically I don't believe it's required. You can count on it being installed by default, but not necessarily that someone has not uninstalled it. – Matthew Scharley Mar 08 '12 at 10:56
@Jim: Couldn't say with 100% certainty it'll be on _all_ linux installations. – user9517 Mar 08 '12 at 10:57
@Iain:What about `echo`?How can I avoid that? – Jim Mar 08 '12 at 10:59
@Jim: See my update – user9517 Mar 08 '12 at 11:09
@Iain:Could you please explain more on `-p` part?I am not very good with bash scripts – Jim Mar 08 '12 at 12:14
It tells read not to display a prompt in this case Password: – user9517 Mar 08 '12 at 12:17
@Iain:I see that it prompts for password from user.I don't understand how `$(read -sp Password2: pw echo $pw | openssl passwd -1 -stdin)` works.I mean the part before the pipe – Jim Mar 08 '12 at 12:28
@Iain:When I run your command I get `Password:useradd: Too few arguments.` – Jim Mar 08 '12 at 14:30
@Jim: fixed a typo. – user9517 Mar 08 '12 at 14:38
If you are using echo, you probably need a `-n` so you don't encrypt the trailing newline as well: `echo -n "P4sSw0rD" | openssl passwd -1 -stdin` – Steve Folly Feb 08 '21 at 15:53

score 3 · Answer 2 · edited May 23 '17 at 12:41

3

Apparently, you can use

echo "password" | passwd dummy --stdin

I've never tried this.

Alternatively, you could put the user's public key in /home/dummy/.ssh/authorized_keys and forget about passwords entirely. This is the best option security-wise.

edited May 23 '17 at 12:41

Community

1

answered Mar 08 '12 at 10:07

Ladadadada

25,847
7
57
90

`echo` will show the password in the console.How can I avoid this? – Jim Mar 08 '12 at 10:52
You could put the password in a file and use `cat passwordfile | passwd dummy --stdin` or `passwd --stdin dummy < passwordfile`. On another note, I just tested this `--stdin` option on a Ubuntu box and it did not work. The version of `passwd` I have doesn't support that option. Yours may not either. One of the other answers using `chpasswd`, `openssl` or `newusers` might be better if you *must* have passwords. – Ladadadada Mar 08 '12 at 11:53

score 3 · Answer 3 · answered Mar 08 '12 at 11:02

That`s how I do it:

# cat user-pw_list
john:p455W0rD
geany:p455W0rD


# cat CreateUsers.sh
#!/bin/bash
#
# filename: CreateUsers.sh
# usage: cat "User:passwd" | $0
#
set -e
# set -x
while read ; do
  USER=${REPLY%%:*}
  PWD=${REPLY##*:}
  # alternative for random passwd, where $RANDOM is a bash function
  #PWD=${REPLY%%:*}$RANDOM$RANDOM

  echo -e "adding User $USER "
  # for disabled users: /usr/sbin/nologin, otherwise /bin/bash
  /usr/sbin/useradd -c automaticUser -m -k/dev/null -s /usr/sbin/nologin $USER
  echo "$USER:$PWD" | chpasswd --md5 $USER

  ## also add user to samba:
  #echo -e "$PWD\n$PWD" | pdbedit -t -u $USER
done

Could you please explain this solution?I am not very good with bash scripts — Jim, Mar 08 '12 at 12:33

score 2 · Answer 4 · answered Mar 08 '12 at 10:03

2

As you are going to use a bash script, perhaps the good old newusers command would be helpful to you? It reads its input from a text file formatted like this:

pw_name:pw_passwd:pw_uid:pw_gid:pw_gecos:pw_dir:pw_shell

And the password in that file should be clear text. You can list as many users as you wish in the input file.

For more information see man newusers.

answered Mar 08 '12 at 10:03

Janne Pikkarainen

31,454
4
56
78

I get:`bash: newusers: command not found` and `No manual entry for newusers` – Jim Mar 08 '12 at 10:54
Oh, so SLES does not bundle `newusers` (by default), even though Fedora, Debian and RHEL seem to do so. – Janne Pikkarainen Mar 08 '12 at 10:56

How to add a user without knowing the encrypted form of the password?

4 Answers4

Linked