23

In the current version of Raspian, I know it is possible to change the password of the current logged in user from the command line like so:

sudo passwd

which will then prompt the user to enter a new password twice. This will produce output like so:

Changing password for pi.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

I was wondering if there is a possible way to change a password programmatically, like from a shell script.

I'm trying to make a configuration script to deploy on my Raspberry Pis and I don't want to manually have to type in new passwords for them.

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175
James Taylor
  • 403
  • 2
  • 4
  • 10
  • 2
    To change the password of the current user you don't need to prefix with `sudo`. If you use `sudo` then you can force a new password for any user without needing to know that user's current password. – roaima Apr 20 '15 at 20:21
  • `expect(1)` could help as well. – SailorCire Apr 20 '15 at 22:03
  • Be sure to consider the security implications when programmatically changing passwords. – vhs Dec 24 '19 at 09:08

3 Answers3

38

You're looking for the chpasswd command. You'd do something like this:

echo 'pi:newpassword' | chpasswd # change user pi password to newpassword

Note that it needs to be run as root, at least with the default PAM configuration. But presumably run as root isn't a problem for a system deployment script.

Also, you can do multiple users at once by feeding it multiple lines of input.

derobert
  • 107,579
  • 20
  • 231
  • 279
14

Another alternative is to use the yes command in your script.

yes newpassword | passwd youruser

This will send newpassword to the passwd command for youruser.

It should be mentioned that setting/modifying user passwords via scripts may present security risks and should be avoided whenever possible.

EDIT:

This answer requires root access. Apologies for not mentioning this previously. It is a method that I use when performing administration tasks which require root access.

Timothy Martin
  • 8,447
  • 1
  • 34
  • 40
  • Have you tried this? – roaima Apr 20 '15 at 19:24
  • Yes. I have been using this method for years. I tested it before posting my answer and again just now. – Timothy Martin Apr 20 '15 at 19:54
  • Even assuming that `passwd` read from `stdin` rather than a terminal (keyboard), how can this work when `passwd` prompts first for a user's old password and then prompts for the new? – roaima Apr 20 '15 at 20:18
  • @roaima possibly Timothy runs it as root (which would explain why he needs `youruser` at the end). It might work somewhere... – derobert Apr 20 '15 at 20:22
  • 1
    @roaima The `passwd` command from Linux's shadow utilities accepts redirected input (unlike e.g. OpenSSH `ssh`). Using `yes` is not a good idea though: it exposes the password to snoopers who look at the process list at the wrong time. Using `echo` would not have this defect because it's a shell builtin. – Gilles 'SO- stop being evil' Apr 20 '15 at 22:45
  • @Gilles so it does. @Timothy my apologies; I always understood that `passwd` read from /dev/tty rather than _stdin_. (Is that BSD behaviour?) – roaima Apr 21 '15 at 07:00
  • 2
    This one was actually the only of all these answers that worked in our application. We are on an embedded device running an ancient version of Busybox and none of the other programs used exist here. – Dakkaron Feb 22 '17 at 13:20
  • This is not working on macOS 10.12.6 - apparently passwd is not reading from stdin. I'm looking for a solution to change the password programmatically on this system. – LotoLo Oct 24 '17 at 08:05
4

The @derobert's answer is correct but I had to execute the command as superuser like this:

echo 'pi:newpassword' | sudo chpasswd # change user pi password to newpassword

Note the sudo after |. sudo at the start won't help you because it applies only to echo

B8ightY
  • 141
  • 1