Using expect to automate passwd and htpasswd procedures (not suggested)

Category: Unix/Linux
Author: Sean O'Donnell
Thu, Feb. 20th, 2003 @ 2:20:22 (MST)

This example demonstrates how to easily automate the 'passwd' and 'htpasswd' processes, via expect.

This is by no means a "secure" process, as the plain-text passwd will be exposed to the kernel, and can be easily intercepted via 'ps', 'htop', 'top', and/or any other similar process-analysis applications, including anything that may be logging the parent-process STDOUT to an external file, such as /var/log/cron. 

htpasswd.sh (Example)

 #!/usr/bin/expect 
#########################################
#$ file: htpasswd.sh
#$ desc: Automated htpasswd shell script
#########################################
#$
#$ usage example:
#$
#$ ./htpasswd.sh passwdpath username userpass
#$
######################################

set htpasswdpath [lindex $argv 0]
set username [lindex $argv 1]
set userpass [lindex $argv 2]

# spawn the htpasswd command process
spawn htpasswd $htpasswdpath $username

# Automate the 'New password' Procedure
expect "New password:"
send "$userpass\r"

expect "Re-type new password:"
send "$userpass\r"

In order to execute the shell script correctly, we use the following command: (example)

 $ ./htpasswd.sh /usr/local/apache/passwd/passwords myusername myuserpass

You must include the following arguments when executing this script:

  1. The 'htpasswdpath' (ie: /usr/local/apache/passwd/passwords)
  2. The 'username' (ie: myusername)
  3. The 'userpass' (ie: mypassword)

passwd.sh (Example)

I do not suggest this method, unless it is otherwise a last-resort, and security is not much of a concern (for what ever reason you may justify to yourself).

 #!/usr/bin/expect 
######################################
#$
#$  Automated 'passwd' Script
#$
######################################
#$
#$ usage example:
#$
#$ ./passwd.sh username password
#$
######################################

set username [lindex $argv 0]
set newpass [lindex $argv 1]

spawn passwd $username

#
# NOTE: this was developed for the slackware linux v9.0 passwd utility.
# you may need to slightly edit the expect statements depending on your operating system (red hat, suse, debian, etc).
#
expect "Changing password for $username"
expect "Enter the new password (minimum of 5, maximum of 127 characters)"
expect "Please use a combination of upper and lower case letters and numbers."
expect "New password:"

send "$newpass\r"

expect "Re-enter new password:"

send "$newpass\r"

In order to execute the shell script correctly, we use the following command (example):

 $ ./passwd.sh myusername myuserpass  

You must include the following arguments when executing this script:

The 'username' (ie: myusername)
The 'userpass' (ie: mypassword)

useradd.sh (Example)

This Unix Shell Script Example Demonstrates how to easily automate the 'useradd' creation process.

It also combines a few other basic commands, as well as the 2 scripts above (htpasswd.sh and passwd.sh) in order to give a practical example of how to use this script for multiple command execution procedures.

#!/usr/bin/env bash
#
# useradd.sh
#
# a simple, but not entirely "secure", script to
# automate user account creation.

# create the user account
useradd -m $1

# create the password for the new user
echo "starting passwd creation procedure...\r"
./passwd.sh $1 $2

# create the htpasswd for the new user
echo "starting htpasswd creation procedure...\r"
./htpasswd.sh /usr/local/apache/passwd/passwords $1 $2

echo -e "\nThe User ($1) has been successfully added to $HOSTNAME\n";

(note: this is just an example, you can customize this to your own needs)

In order to execute the shell script correctly, we use the following command (example):

 $ ./useradd.sh myusername myuserpass 

You must include the following arguments when executing this script:

The 'username' (ie: myusername)
The 'userpass' (ie: mypassword)

If the script is configured and executed properly, a User with the name 'myusername' will be created, with the password 'myuserpass'.

That same password will be applied to the htpasswd list (for secure web directories, example), and a user-friendly symbolic link '/home/myusername/www/' will be made to the website root directory '/home/myusername/public_html/'.

This is just a practical example of how to automate unix shell scripting commands by using expect.

Update: I wrote these scripts well over 10 years ago, and would not suggest using these today, given the current number of security concerns within the linux and security community.

View my github repository for my latest code projects.

Copyleft (<) 1998-2015 www.seanodonnell.com