SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Linux

(Solved) - Replace field in /etc/shadow file for a given user with AWK or SED

(4 posts)
  • Started 2 years ago by maureencioe
  • Latest reply from maureencioe
  • Topic Viewed 2529 times

maureencioe
Posts: 3

I am trying to change the max password days policy to 60 for a subset of existing users on my Busybox Linux OS. This is the represented as the 5th field in the /etc/shadow file.

e.g:
nobody:*:56789:0:99999:7:::
nfsnobody:*:56789:0:99999:7:::
user1:*:12345:0:99999:7:::
daemon:*:12345:0:99999:7:::

should end up as
nobody:*:56789:0:60:7:::
nfsnobody:*:56789:0:60:7:::
user1:*:12345:0:99999:7:::
daemon:*:12345:0:60:7:::

I have the following code snippet:

cp /etc/shadow /etc/shadow.tmp
LIST=”nobody nfsnobody daemon”
for USER in $LIST ; do
awk ‘BEGIN { OFS=FS = “:” } ; /^’$USER’/ { $5=60} {print} ’</etc/shadow.tmp > /etc/shadow

done
rm /etc/shadow.tmp

I feel like I am very close, but this only changes the last user in the list “daemon”; his 5th field gets set to 60, but nobody and nfsnobody do not.

e.g.:
nobody:*:56789:0:99999:7:::
nfsnobody:*:56789:0:99999:7:::
user1:*:12345:0:99999:7:::
daemon:*:12345:0:60:7:::

I'm not sure if/how awk needs to be tweaked or if Busybox is misbehaving.

BACKGROUND:
The Busybox Linux OS is stripped down to almost nothing (it only has an ash shell) and behaves differently then Redhat. Normally, I would use the "chage" command to fix this policy, but Busybox does not have a "chage" command so I have to do it by hand.

I tried using sed (which was fine on Redhat, but very strange on Busybox)

sed –e ‘/’$USER’/ s/[^:]*/60/5’ < /etc/shadow.tmp > /etc/shadow

and that also only changed the last USER, daemon
daemon:*:12345:0:99999:7:::
to
daemondaemondaemondeamondaemon60:*:12345:0:99999:7:::

I would appreciate any thoughts on this.

Posted 2 years ago
Top
 
maureencioe
Posts: 3

The for USER loop appears to be the culprit and the fact that I can’t edit in /etc/shadow in place. I kept overwriting the earlier fixes with the values found from the last loop iteration.

I came up with a solution, which isn't elegant, but works. The files involved are small which is why it's not terrible.

I basically create 2 files; one has the user accounts which are not changing and the other file has user accounts with the new policy set to 60. I then ended up merging both files into the /etc/shadow file.

cp /etc/shadow /etc/shadow.tmp1
ESXusers=”nobody nfsnobody daemon”
for USER in $ESXusers ; do

# Delete changing accounts from copy of original shadow file
sed –i ‘/^’$USER’/d’ /etc/shadow.tmp1

# Create file with only the newly changed accounts
awk ‘BEGIN { OFS=FS = “:” } ; /^’$USER’/ { $5=60; print} ’ </etc/shadow >> /etc/shadow.tmp2

done

# overwrite /etc/shadow with all accounts
cat /etc/shadow.tmp1 /etc/shadow.tmp2 > /etc/shadow
rm /etc/shadow.tmp1 /etc/shadow.tmp2

Posted 2 years ago
Top
 
Lighthouse
Lighthouse
Posts: 13598

Good for you :)

Posted 2 years ago
Top
 
maureencioe
Posts: 3

For what it's worth:

I simplified this even more by updating the shadow file after each user update:

ESXusers=”nobody nfsnobody daemon”
for USER in $ESXusers ; do

# Update current user and write WHOLE shadow file over tmp file - {print} accomplished this
awk ‘BEGIN { OFS=FS = “:” } ; /^’$USER’/ { $5=60} {print} ’ </etc/shadow > /etc/shadow.tmp

# Update shadow file so that current user’s change is preserved in /etc/shadow
cp /etc/shadow.tmp /etc/shadow
done

rm /etc/shadow.tmp

Posted 2 years ago
Top
 



Topic Closed

This topic has been closed to new replies.

Enter Your Email Here to Get Access for Free:

Go check your email!