How to make bash script ask for a password? [closed]

Question

Closed. This question needs details or clarity. It is not currently accepting answers.

Want to improve this question? As written, this question is lacking some of the information it needs to be answered. If the author adds details in comments, consider editing them into the question. Once there's sufficient detail to answer, vote to reopen the question.

Closed 9 years ago.

Improve this question

I want to secure the execution of a program with a password. How can I ask the user to enter a password without echoing it?

Voting to close as unclear, please specify how you want password input to be different than other inputs. No echoing asked at: stackoverflow.com/questions/3980668/… — Ciro Santilli OurBigBook.com
– Ciro Santilli OurBigBook.com, Commented Jun 29, 2016 at 21:26

Pedro A · Accepted Answer · 2022-12-21 20:30:42Z

86

This command will read into var pw from stdin (with echo disabled):

IFS= read -r -s -p 'Password: ' pw
echo

The last echo adds a newline to the terminal output (otherwise next commands would appear in the same line as the Password: prompt.

Unsetting IFS allows for leading and trailing whitespace in passwords (which may be supported in some environments, so best to support it during your script's input of the user credentials).

If you want, you can verify that the above works by running it with a fake password that includes whitespace and then printing the variable's contents into hexdump:

printf '%s' "$pw" | hexdump -C

Note: don't use with real passwords as it dumps to the console!

HT: Ron DuPlain for this additional information on IFS unsetting.

edited Dec 21, 2022 at 20:30

Pedro A

4,3437 gold badges36 silver badges65 bronze badges

answered Apr 16, 2010 at 15:17

Jürgen Hötzel

20k3 gold badges44 silver badges59 bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

Tristian Over a year ago

Are there any disadvantages if I used this instead of the accepted answer?

jberryman Over a year ago

@Triztian yes, the above will probably only work in Bash. The accepted answer should work on most (all?) shells.

graywolf · Accepted Answer · 2019-09-16 12:53:55Z

58

stty_orig=$(stty -g) # save original terminal setting.
stty -echo           # turn-off echoing.
IFS= read -r passwd  # read the password
stty "$stty_orig"    # restore terminal setting.

edited Sep 16, 2019 at 12:53

graywolf

7,7909 gold badges58 silver badges90 bronze badges

answered Apr 16, 2010 at 15:12

codaddict

457k83 gold badges501 silver badges537 bronze badges

Comments

Martin Beckett · Accepted Answer · 2010-04-16 15:25:06Z

5

If you need to grab a passwd to supply as a paramter to a program, then unicorns advice to just turn off the echo is good.
Having a passwd check in the script doesn't work - if the user can execute the bash script they also have permission to read it and see the passwd.

If you want to only allow people with a passwd to run a program then the secure way is to create a new user account that owns the program and have a script that uses 'sudo' to run the program as that user - it will prompt for the users passwd in a secure way.

answered Apr 16, 2010 at 15:25

Martin Beckett

96.3k28 gold badges196 silver badges268 bronze badges

2 Comments

Dennis Williamson Over a year ago

One might precompute the checksum of the password and store it in the script instead of the plaintext and test the checksum of the input against that. It can still be broken, though, but less easily.

Martin Beckett Over a year ago

In which case you just simply copy the script to somewhere you have write permission, and remove the check.

Collectives™ on Stack Overflow

How to make bash script ask for a password? [closed]

3 Answers 3

2 Comments

Comments

2 Comments

Linked

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

2 Comments

Comments

2 Comments

Linked

Related