0

I'm making a bash script for the Ubuntu Terminal. I need to verify the user before the code can continue. How do I ask and validate their existing log-in password?

Improve this question
7
  • You could put it in a directory accessible only for a certain group, then add the directory to the global path, then add those users to said group. Commented Apr 16, 2016 at 19:43
  • Unless this is a password specific to your application, don't get involved; let the program that needs the password do the verification. Commented Apr 16, 2016 at 19:44
  • 1
    Please see How to create a Minimal, Complete, and Verifiable example Commented Apr 16, 2016 at 19:44
  • It is unclear what you actually try to do from the current state of your question. Is that a password specific for your application? Against what should that password be validated? So what is the authority here? Why don't you use the usual approach and delegate things like authorization to the parts of the systems that offer a service for such thing, like the PAM system for example? Commented Apr 16, 2016 at 19:53
  • 1
    Crossposting: askubuntu.com/q/758185/336375 Commented Apr 17, 2016 at 10:46

2 Answers 2

Reset to default
2

You could always just use the id command and do something like:

user=$(id -u) # Set $user to user's user id

If you do that in your script, then you can check if $user is a valid user id. You can look at user names and ids in the /etc/group file. Of course, this is not validating the user's password. Rather, this just checks the id of the user running the script.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

It is not safer if you include the possibility that someone has grabbed the terminal while the logged-in user was AFK for a few seconds, which is why "change my password" dialogs tend to require you to enter your password even though you are currently logged in.
@rici Good point, I suppose that is true. I was just saying that it might be safer than prompting the user to re-enter their password, unless of course it's an encrypted connection.
Does anyone still use telnet these days?
@rici they really shouldn't be, it's a horrible idea. Yet the fact that it still comes preinstalled on many unix based OS's tells me some people still use it unfortunately. Maybe to log into to really old servers/routers? Who knows. Anyone, I'll recant my statement saying that my solution is "safer". I was just trying to give OP a quick solution that may have been simpler than the route OP was going. Using that id command like that to check user ids is pretty common in scripts/services.
The telnet utility is still useful, I guess -- I used it a few months ago to test an SMTP server, for example -- but the telnet daemon which you would need to run to accept telnet shell connections doesn't seem to be preinstalled any more. But your answer is much better. +1.
0 
getent shadow | cut -d ":" -f 2

If it returns !!, no password set, otherwise, user has password.

Following this, we can do:

#!/bin/bash

for user in $(getent shadow | cut -d ":" -f 1);
do
  has_pass=$(getent shadow | grep $user | cut -d ":" -f 2)
    if [ $has_pass = "!!" ]; then
      echo "User $user does not have password"
    else
      echo "User $user has password"
    fi
done

Anyways, next time, at least, try to do something before asking.

Improve this answer

3 Comments

How does this validate the password?
@rici it basically says if the user has a password or not.. You can instead set the output to 1 or 0 and make use of the value somehow
This in no way validates the user's password. It only checks to see if one exists.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.