How can I assign an initial/default password to a user in Linux?

Question

I found a guide that explains how to set a user's password. I'm trying to automate it and send an e-mail to the user like:

userid created with password XYZ.
request to change the initial password.

According to the doc above, an encrypted password needs to be created using Python and fed to the usermod command like this:

 usermod -p "<encrypted-password>" <username>

Are there any other simpler ways to do this? I don't want to download any special utility to do it; it should be generalized as much as possible.

Edit: Even the method given in the above link doesn't seem to work for me:

bash-3.00# python
Python 2.4.6 (#1, Dec 13 2009, 23:43:51) [C] on sunos5
Type "help", "copyright", "credits" or "license" for more information.
>>> import crypt; print crypt.crypt("<password>","<salt>")
<sOMrcxm7pCPI
>>> ^D
bash-3.00# useradd -g other -p "sOMrcxm7pCPI" -G bin,sys -m -s /usr/bin/bash mukesh2
UX: useradd: ERROR: project sOMrcxm7pCPI does not exist.  Choose another.
UX: useradd: sOMrcxm7pCPI name should be all lower case or numeric.

here is one more [link](http://administratosphere.wordpress.com/2011/06/16/generating-passwords-using-crypt3/) i found but there seems a security issue also with using -p option in `usermod` when somebody uses `ps` to see process listing the password is visible — munish, Dec 06 '12 at 23:54

Dominick Pastore · Accepted Answer · 2012-12-06T23:20:12.347

16

You can use chpasswd to do it, like this:

echo "username:newpassword" | chpasswd

You can pipe into chpasswd from programs other than echo, if convenient, but this will do the trick.

Edit: To generate the password within the shell script and then set it, you can do something like this:

# Change username to the correct user:
USR=username
# This will generate a random, 8-character password:
PASS=`tr -dc A-Za-z0-9_ < /dev/urandom | head -c8`
# This will actually set the password:
echo "$USR:$PASS" | chpasswd

For more information on chpasswd, see http://linux.die.net/man/8/chpasswd

(Command to generate password was from http://nixcraft.com/shell-scripting/13454-command-generate-random-password-string.html)

edited Dec 06 '12 at 23:20

answered Dec 06 '12 at 22:50

Dominick Pastore

805
1
9
19

thanks @Dominick hmm, chpasswd is perhaps in AIX...i havn't used it. and evrytime i have to write a password ...can't it be generated by the script like in the questions link...unfortunately even that didn't work for me – munish Dec 06 '12 at 23:02
@munish I'm not quite sure what you mean by generate in the script, but I updated my answer to hopefully be more helpful. – Dominick Pastore Dec 06 '12 at 23:23
Does not work. "Authentication token manipulation error" – Cerin Jun 30 '14 at 23:17
1

@Cerin By any chance are you doing something like `sudo echo "username:newpass" | chpasswd`? Because the elevated permissions from `sudo` do not pass through the pipe, so `chpasswd` would be running as a normal user. It can be fixed by moving the `sudo`, as in `echo "username:newpass" | sudo chpasswd`. There are also other problems that can cause that error message, but permissions errors like this are probably the most common. – Dominick Pastore Jul 02 '14 at 13:38
2

Passwords on the command line could be visible to other logged in users on the same machine using w, ps, or other commands which show info about other processes. Passwords set this way should be changed by the user as soon as possible. – Mnebuerquo Jan 28 '16 at 18:46

James Sneeringer · Answer 2 · 2020-11-24T17:48:34.407

You can use OpenSSL to generate the random password (16 characters, in this case):

# 1000 bytes should be enough to give us 16 alphanumeric ones
p=$(openssl rand 1000 | strings | grep -io [[:alnum:]] | head -n 16 | tr -d '\n')

Then feed the hashed password to useradd or usermod

# omit the "-1" if you want traditional crypt()
usermod -p $(openssl passwd -1 "$p") <username>

EDIT:

Since posting this in 2012, newer versions of OpenSSL have added functionality to the openssl passwd command. Instead of using the -1 option to get an MD5-based hash, modern versions also support -5 for SHA256-based hashes and -6 for SHA512-based hashes.

Credit where due: The password generation is adapted from a similar method that uses /dev/urandom instead of openssl.

score 2 · Answer 3 · answered Dec 07 '12 at 00:05

useradd should work (I've done it on Ubuntu). Maybe check that each of your args are correct (thee groups exist, the path is right to bash). You can run the command with just a password and user, and then use userdel to remove and then retry with more parameters, to see what one causes the issue (brute force approach).

There is also newusers (see the man page), at least under Ubuntu, where you give it a file with passwd file like info, including plain text passwords and it will create those users. Nice way to do many users at once.

+1 for mentioning `newusers` command for Ubuntu – Levon Oct 03 '13 at 20:49 — Levon, Oct 03 '13 at 20:49

score 1 · Answer 4 · answered Dec 06 '12 at 23:34

1

simplest way I found :


PASSWD="mySeCr3t-default-pa55" 
echo ${PASSWD} | passwd --stdin username_here

answered Dec 06 '12 at 23:34

MelBurslan

6,836
2
24
35

Did you even test this? `passwd: unrecognized option '--stdin'` – Cerin Jun 30 '14 at 23:19
Yes, I used this many times but, as with almost any other command, it is not the defacto solution to the problem at hand. Some variations of passwd binary, do not support the --stdin switch. – MelBurslan Jul 21 '14 at 20:18

score 0 · Answer 5 · edited Feb 27 '23 at 14:30

0

I worked as follows and tried the following: Create a text file (e.g. myfile.txt) with 2 lines, each line contains the default password.

then run:

cat myfile.txt | sudo passwd <username>

I tried it and it works for ubuntu!

edited Feb 27 '23 at 14:30

Fco Javier Balón

1,144
2
11
31

answered Feb 27 '23 at 08:30

Gavin Sathan

1

Welcome to the U&L, and thanks for your contribution. Unfortunately this has a few problems.1) You advice how to set a password, which isn't the question. 2) This won't work if the user can't `sudo`. 3) Any Linux user can change their own password with just `passwd` command. To summarize; this doesn't answer the question, so I'm recommending deleting this answer. Please have a look at the advice on [writing good answers](https://unix.stackexchange.com/help/how-to-ask) in [Help](https://unix.stackexchange.com/help/how-to-ask), and the Asking and Answering sections in general. – Peregrino69 Feb 27 '23 at 09:32
1

This does not provide an answer to the question. Once you have sufficient [reputation](https://unix.stackexchange.com/help/whats-reputation) you will be able to [comment on any post](https://unix.stackexchange.com/help/privileges/comment); instead, [provide answers that don't require clarification from the asker](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can-i-do-instead). - [From Review](/review/late-answers/438126) – Peregrino69 Feb 27 '23 at 09:32

How can I assign an initial/default password to a user in Linux?

5 Answers5

Linked