2

How can I change root password with one line command on NetBSD? On FreeBSD, it's something like this

echo "password" | pw mod user root -h 0 ;
Julio Fong
  • 201
  • 1
  • 2
  • 7
  • This could be the way of doing it:http://mail-index.netbsd.org/netbsd-users/2002/08/03/0005.html –  Jun 14 '13 at 14:15
  • one more way: using `passwd` and [tag:expect] (general-purpose input supplier for interactive [tag:cli] applications written in [tag:tcl]) –  Jan 27 '19 at 13:11

3 Answers3

4

NetBSD does not support the pw command in its default install. You can:

  1. Compile the pw command for NetBSD and install it on your systems
  2. Write a utility that performs the equivalent functionality
  3. Update the password by manipulating the shadow file directly

Note that depending on your script you should probably be using -H (and supplying an appropriately-encrypted password) instead of -h.
Passing unencrypted passwords around the system (especially if you're doing something like echo "password") is a Bad Idea as it can result in exposing your password to any logged in user (or service).

voretaq7
  • 79,345
  • 17
  • 128
  • 213
1

Use usermod with -p switch. It's included with base system, no need to build pw.

sendmoreinfo
  • 1,742
  • 12
  • 33
0

We encountered a similar use-case: automatically creating demo users with awful passswords, bypassing all password policies. Without further ado, here's a nasty-but-works hack based on the mailing list suggestion:

Bourn shell function

# example: set_password_insecure sybil magic
# $1: username
# $2: password
set_password_insecure() {
  if [ -z "$1" ]; then
    echo 'Missing username' >&2
    return 1
  fi
  ( PASSWORD_HASH="$(/usr/bin/pwhash "$2" | /usr/bin/sed 's@[\\$/]@\\&@g')"
   /usr/bin/env EDITOR="in_place_sed() { /usr/bin/sed \"\$1\" \"\$2\" > \"\$2.bak.\$\$\" && /bin/mv \"\$2.bak.\$\$\" \"\$2\"  ;}; in_place_sed 's/^$1:[^:]*:/$1:$PASSWORD_HASH:/' " \
     /usr/sbin/vipw
  )
}

Bourn shell command

( USERNAME='mallory' PASSWORD='sex'; \
  PASSWORD_HASH="$(/usr/bin/pwhash "$PASSWORD" | /usr/bin/sed 's@[\\$/]@\\&@g')"
  /usr/bin/env EDITOR="in_place_sed() { /usr/bin/sed \"\$1\" \"\$2\" > \"\$2.bak.\$\$\" && /bin/mv \"\$2.bak.\$\$\" \"\$2\"  ;}; in_place_sed 's/^$USERNAME:[^:]*:/$USERNAME:$PASSWORD_HASH:/' " \
    /usr/sbin/vipw )
  1. Works on both sh and bash (with shells/bash installed), and probably zsh too (untested).
  2. Assume running as root, if not add sudo (with security/sudo installed) or su - root -c before /usr/bin/env.
  3. sed/mv hack is due to EDITOR limitations + NetBSD's sed + requirement of no other dependencies / unnecessary temporaries / environment pollution.