Mixing
BASH: Check in /etc/shadow if user password is locked
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
Objective: Check in /etc/shadow if user password is locked, i.e. is the first character in user's password an exclamation mark ('!')
Desired output: a variable named $disabled containing either 'True' or 'False'
Username is in the $uname varable and I do something like this:
disabled=`cat /etc/shadow |grep $uname |awk -F: 'print$2'`
# I now have the password and need one more pipe into the check for the character
# which is where I'm stuck. I would like to do like (in PHP syntax):
| VARIABLE=="!"?"True":"False"`
This is a fragment of a script that will be run by Cron with root permissions, so there is access to all desirable information.
bash regular-expression users
asked 1 hour ago
DavDav
779
add a comment |Â
up vote
2
down vote
favorite
Objective: Check in /etc/shadow if user password is locked, i.e. is the first character in user's password an exclamation mark ('!')
Desired output: a variable named $disabled containing either 'True' or 'False'
Username is in the $uname varable and I do something like this:
disabled=`cat /etc/shadow |grep $uname |awk -F: 'print$2'`
# I now have the password and need one more pipe into the check for the character
# which is where I'm stuck. I would like to do like (in PHP syntax):
| VARIABLE=="!"?"True":"False"`
This is a fragment of a script that will be run by Cron with root permissions, so there is access to all desirable information.
bash regular-expression users
asked 1 hour ago
DavDav
779
1
Bear in mind that not all operating systems have a "shadow" file, and those that do differ in the flag conventions for "locked" accounts. This question is actually specific, per the reference to!, to the shadow password mechanism in Linux operating systems.
– JdeBP
12 mins ago
Excellent remark - and you're absolutely right. Fortunately, my script is intended for an environment, in which only a select few Linux distros are in play. I should be good ;)
– DavDav
9 mins ago
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
Objective: Check in /etc/shadow if user password is locked, i.e. is the first character in user's password an exclamation mark ('!')
Desired output: a variable named $disabled containing either 'True' or 'False'
Username is in the $uname varable and I do something like this:
disabled=`cat /etc/shadow |grep $uname |awk -F: 'print$2'`
# I now have the password and need one more pipe into the check for the character
# which is where I'm stuck. I would like to do like (in PHP syntax):
| VARIABLE=="!"?"True":"False"`
This is a fragment of a script that will be run by Cron with root permissions, so there is access to all desirable information.
bash regular-expression users
asked 1 hour ago
DavDav
779
Objective: Check in /etc/shadow if user password is locked, i.e. is the first character in user's password an exclamation mark ('!')
Desired output: a variable named $disabled containing either 'True' or 'False'
Username is in the $uname varable and I do something like this:
disabled=`cat /etc/shadow |grep $uname |awk -F: 'print$2'`
# I now have the password and need one more pipe into the check for the character
# which is where I'm stuck. I would like to do like (in PHP syntax):
| VARIABLE=="!"?"True":"False"`
This is a fragment of a script that will be run by Cron with root permissions, so there is access to all desirable information.
bash regular-expression users
bash regular-expression users
asked 1 hour ago
DavDav
779
asked 1 hour ago
DavDav
779
edited 39 mins ago
asked 1 hour ago
DavDav
779
asked 1 hour ago
DavDav
779
asked 1 hour ago
DavDav
779
779
1
Bear in mind that not all operating systems have a "shadow" file, and those that do differ in the flag conventions for "locked" accounts. This question is actually specific, per the reference to!, to the shadow password mechanism in Linux operating systems.
– JdeBP
12 mins ago
Excellent remark - and you're absolutely right. Fortunately, my script is intended for an environment, in which only a select few Linux distros are in play. I should be good ;)
– DavDav
9 mins ago
add a comment |Â
1
Bear in mind that not all operating systems have a "shadow" file, and those that do differ in the flag conventions for "locked" accounts. This question is actually specific, per the reference to!, to the shadow password mechanism in Linux operating systems.
– JdeBP
12 mins ago
Excellent remark - and you're absolutely right. Fortunately, my script is intended for an environment, in which only a select few Linux distros are in play. I should be good ;)
– DavDav
9 mins ago
1
1
Bear in mind that not all operating systems have a "shadow" file, and those that do differ in the flag conventions for "locked" accounts. This question is actually specific, per the reference to
!, to the shadow password mechanism in Linux operating systems.– JdeBP
12 mins ago
Bear in mind that not all operating systems have a "shadow" file, and those that do differ in the flag conventions for "locked" accounts. This question is actually specific, per the reference to
!, to the shadow password mechanism in Linux operating systems.– JdeBP
12 mins ago
Excellent remark - and you're absolutely right. Fortunately, my script is intended for an environment, in which only a select few Linux distros are in play. I should be good ;)
– DavDav
9 mins ago
Excellent remark - and you're absolutely right. Fortunately, my script is intended for an environment, in which only a select few Linux distros are in play. I should be good ;)
– DavDav
9 mins ago
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
3
down vote
Why not just do it all with awk?
awk -F: '/[username]/ if(substr($2,1,1) == "!")print "True" else print "False"' /etc/shadow
answered 40 mins ago
hardillb
1315
New contributor
hardillb is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
This was exactly what I was after. My script is now completed - thanks.
– DavDav
28 mins ago
Well, this needs to create a sub process. My proposal works in the shell and does not need a sub-process.
– schily
24 mins ago
1
@schily no need for a script wrapper round awk, if you really wanted you could make it an alias...
– hardillb
23 mins ago
add a comment |Â
up vote
2
down vote
U=$user LC_ALL=C awk -F: < /etc/shadow '
$1 "" == ENVIRON["U"]
user_found = 1
if ($2 ~ /^!/)
print "True"
exit 0
else
print "False"
exit 1
END
if (!user_found)
print "False"
print "User "ENVIRON["U"]" not found" > "/dev/stderr"
exit 2
'
$1 "" == ENVIRON["U"] compares the first field with ENVIRON["U"] lexically. Without the "", the fields could end-up being compared numerically if they look like numbers (causing inf to match against INF or Infinity for instance).
Without LC_ALL=C, since some awk implementations use strcoll() for the == lexical comparison, it could end-up checking wrong entries for user names that sort the same.
answered 23 mins ago
Stéphane Chazelas
291k54542882
add a comment |Â
up vote
1
down vote
A user is locked when the passwd field is the string *LK*, but you cannot check this as /etc/shadow is only readable by root for security reasons.
If permissions are not an issue, try this:
OIFS="$IFS"
IFS=:
while read USER PW REST; do
if [ "$USER" = "$uname" ]; then
if [ "$PW" = "*LK*" ]; then
echo "$uname" Locked
fi
fi
done < /etc/shadow
IFS="$OIFS"
answered 48 mins ago
schily
10.4k31640
1
I have edited my question - permissions is not an issue. Last time I checked, an exclamation mark in first position in the password means that the password is locked.
– DavDav
37 mins ago
schillix.sourceforge.net/man/man4/shadow.4.html Anything that cannot be an encrypted passwd makes the account unusable, but if you use the incorrect pattern, this may be missinterpreted and please note: this file is shared between different platforms via e.g.NIS.
– schily
34 mins ago
3
*LK*is only for SysV systems,passwd -l(for locking) on Linux-based does use!.passwd -ldoesn't make the account unusable, it only disables password authentication.
– Stéphane Chazelas
30 mins ago
2
Indeed, the question's objective says "is the first character in user's password an exclamation mark ('!')"
– Jeff Schaller
26 mins ago
UsingIFS=: read -r user pw restavoids having to save and restore$IFS. See also-rto avoid the backslash processing (backslash not expected in /etc/shadow though)
– Stéphane Chazelas
6 mins ago
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
Why not just do it all with awk?
awk -F: '/[username]/ if(substr($2,1,1) == "!")print "True" else print "False"' /etc/shadow
answered 40 mins ago
hardillb
1315
New contributor
hardillb is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
This was exactly what I was after. My script is now completed - thanks.
– DavDav
28 mins ago
Well, this needs to create a sub process. My proposal works in the shell and does not need a sub-process.
– schily
24 mins ago
1
@schily no need for a script wrapper round awk, if you really wanted you could make it an alias...
– hardillb
23 mins ago
add a comment |Â
up vote
3
down vote
Why not just do it all with awk?
awk -F: '/[username]/ if(substr($2,1,1) == "!")print "True" else print "False"' /etc/shadow
answered 40 mins ago
hardillb
1315
New contributor
hardillb is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
This was exactly what I was after. My script is now completed - thanks.
– DavDav
28 mins ago
Well, this needs to create a sub process. My proposal works in the shell and does not need a sub-process.
– schily
24 mins ago
1
@schily no need for a script wrapper round awk, if you really wanted you could make it an alias...
– hardillb
23 mins ago
add a comment |Â
up vote
3
down vote
up vote
3
down vote
Why not just do it all with awk?
awk -F: '/[username]/ if(substr($2,1,1) == "!")print "True" else print "False"' /etc/shadow
answered 40 mins ago
hardillb
1315
New contributor
hardillb is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Why not just do it all with awk?
awk -F: '/[username]/ if(substr($2,1,1) == "!")print "True" else print "False"' /etc/shadow
answered 40 mins ago
hardillb
1315
New contributor
hardillb is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 40 mins ago
hardillb
1315
New contributor
hardillb is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 40 mins ago
hardillb
1315
answered 40 mins ago
hardillb
1315
1315
New contributor
hardillb is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
hardillb is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
hardillb is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
This was exactly what I was after. My script is now completed - thanks.
– DavDav
28 mins ago
Well, this needs to create a sub process. My proposal works in the shell and does not need a sub-process.
– schily
24 mins ago
1
@schily no need for a script wrapper round awk, if you really wanted you could make it an alias...
– hardillb
23 mins ago
add a comment |Â
1
This was exactly what I was after. My script is now completed - thanks.
– DavDav
28 mins ago
Well, this needs to create a sub process. My proposal works in the shell and does not need a sub-process.
– schily
24 mins ago
1
@schily no need for a script wrapper round awk, if you really wanted you could make it an alias...
– hardillb
23 mins ago
1
1
This was exactly what I was after. My script is now completed - thanks.
– DavDav
28 mins ago
This was exactly what I was after. My script is now completed - thanks.
– DavDav
28 mins ago
Well, this needs to create a sub process. My proposal works in the shell and does not need a sub-process.
– schily
24 mins ago
Well, this needs to create a sub process. My proposal works in the shell and does not need a sub-process.
– schily
24 mins ago
1
1
@schily no need for a script wrapper round awk, if you really wanted you could make it an alias...
– hardillb
23 mins ago
@schily no need for a script wrapper round awk, if you really wanted you could make it an alias...
– hardillb
23 mins ago
add a comment |Â
up vote
2
down vote
U=$user LC_ALL=C awk -F: < /etc/shadow '
$1 "" == ENVIRON["U"]
user_found = 1
if ($2 ~ /^!/)
print "True"
exit 0
else
print "False"
exit 1
END
if (!user_found)
print "False"
print "User "ENVIRON["U"]" not found" > "/dev/stderr"
exit 2
'
$1 "" == ENVIRON["U"] compares the first field with ENVIRON["U"] lexically. Without the "", the fields could end-up being compared numerically if they look like numbers (causing inf to match against INF or Infinity for instance).
Without LC_ALL=C, since some awk implementations use strcoll() for the == lexical comparison, it could end-up checking wrong entries for user names that sort the same.
answered 23 mins ago
Stéphane Chazelas
291k54542882
add a comment |Â
up vote
2
down vote
U=$user LC_ALL=C awk -F: < /etc/shadow '
$1 "" == ENVIRON["U"]
user_found = 1
if ($2 ~ /^!/)
print "True"
exit 0
else
print "False"
exit 1
END
if (!user_found)
print "False"
print "User "ENVIRON["U"]" not found" > "/dev/stderr"
exit 2
'
$1 "" == ENVIRON["U"] compares the first field with ENVIRON["U"] lexically. Without the "", the fields could end-up being compared numerically if they look like numbers (causing inf to match against INF or Infinity for instance).
Without LC_ALL=C, since some awk implementations use strcoll() for the == lexical comparison, it could end-up checking wrong entries for user names that sort the same.
answered 23 mins ago
Stéphane Chazelas
291k54542882
add a comment |Â
up vote
2
down vote
up vote
2
down vote
U=$user LC_ALL=C awk -F: < /etc/shadow '
$1 "" == ENVIRON["U"]
user_found = 1
if ($2 ~ /^!/)
print "True"
exit 0
else
print "False"
exit 1
END
if (!user_found)
print "False"
print "User "ENVIRON["U"]" not found" > "/dev/stderr"
exit 2
'
$1 "" == ENVIRON["U"] compares the first field with ENVIRON["U"] lexically. Without the "", the fields could end-up being compared numerically if they look like numbers (causing inf to match against INF or Infinity for instance).
Without LC_ALL=C, since some awk implementations use strcoll() for the == lexical comparison, it could end-up checking wrong entries for user names that sort the same.
answered 23 mins ago
Stéphane Chazelas
291k54542882
U=$user LC_ALL=C awk -F: < /etc/shadow '
$1 "" == ENVIRON["U"]
user_found = 1
if ($2 ~ /^!/)
print "True"
exit 0
else
print "False"
exit 1
END
if (!user_found)
print "False"
print "User "ENVIRON["U"]" not found" > "/dev/stderr"
exit 2
'
$1 "" == ENVIRON["U"] compares the first field with ENVIRON["U"] lexically. Without the "", the fields could end-up being compared numerically if they look like numbers (causing inf to match against INF or Infinity for instance).
Without LC_ALL=C, since some awk implementations use strcoll() for the == lexical comparison, it could end-up checking wrong entries for user names that sort the same.
answered 23 mins ago
Stéphane Chazelas
291k54542882
edited 57 secs ago
answered 23 mins ago
Stéphane Chazelas
291k54542882
answered 23 mins ago
Stéphane Chazelas
291k54542882
answered 23 mins ago
Stéphane Chazelas
291k54542882
291k54542882
add a comment |Â
add a comment |Â
up vote
1
down vote
A user is locked when the passwd field is the string *LK*, but you cannot check this as /etc/shadow is only readable by root for security reasons.
If permissions are not an issue, try this:
OIFS="$IFS"
IFS=:
while read USER PW REST; do
if [ "$USER" = "$uname" ]; then
if [ "$PW" = "*LK*" ]; then
echo "$uname" Locked
fi
fi
done < /etc/shadow
IFS="$OIFS"
answered 48 mins ago
schily
10.4k31640
1
I have edited my question - permissions is not an issue. Last time I checked, an exclamation mark in first position in the password means that the password is locked.
– DavDav
37 mins ago
schillix.sourceforge.net/man/man4/shadow.4.html Anything that cannot be an encrypted passwd makes the account unusable, but if you use the incorrect pattern, this may be missinterpreted and please note: this file is shared between different platforms via e.g.NIS.
– schily
34 mins ago
3
*LK*is only for SysV systems,passwd -l(for locking) on Linux-based does use!.passwd -ldoesn't make the account unusable, it only disables password authentication.
– Stéphane Chazelas
30 mins ago
2
Indeed, the question's objective says "is the first character in user's password an exclamation mark ('!')"
– Jeff Schaller
26 mins ago
UsingIFS=: read -r user pw restavoids having to save and restore$IFS. See also-rto avoid the backslash processing (backslash not expected in /etc/shadow though)
– Stéphane Chazelas
6 mins ago
add a comment |Â
up vote
1
down vote
A user is locked when the passwd field is the string *LK*, but you cannot check this as /etc/shadow is only readable by root for security reasons.
If permissions are not an issue, try this:
OIFS="$IFS"
IFS=:
while read USER PW REST; do
if [ "$USER" = "$uname" ]; then
if [ "$PW" = "*LK*" ]; then
echo "$uname" Locked
fi
fi
done < /etc/shadow
IFS="$OIFS"
answered 48 mins ago
schily
10.4k31640
1
I have edited my question - permissions is not an issue. Last time I checked, an exclamation mark in first position in the password means that the password is locked.
– DavDav
37 mins ago
schillix.sourceforge.net/man/man4/shadow.4.html Anything that cannot be an encrypted passwd makes the account unusable, but if you use the incorrect pattern, this may be missinterpreted and please note: this file is shared between different platforms via e.g.NIS.
– schily
34 mins ago
3
*LK*is only for SysV systems,passwd -l(for locking) on Linux-based does use!.passwd -ldoesn't make the account unusable, it only disables password authentication.
– Stéphane Chazelas
30 mins ago
2
Indeed, the question's objective says "is the first character in user's password an exclamation mark ('!')"
– Jeff Schaller
26 mins ago
UsingIFS=: read -r user pw restavoids having to save and restore$IFS. See also-rto avoid the backslash processing (backslash not expected in /etc/shadow though)
– Stéphane Chazelas
6 mins ago
add a comment |Â
up vote
1
down vote
up vote
1
down vote
A user is locked when the passwd field is the string *LK*, but you cannot check this as /etc/shadow is only readable by root for security reasons.
If permissions are not an issue, try this:
OIFS="$IFS"
IFS=:
while read USER PW REST; do
if [ "$USER" = "$uname" ]; then
if [ "$PW" = "*LK*" ]; then
echo "$uname" Locked
fi
fi
done < /etc/shadow
IFS="$OIFS"
answered 48 mins ago
schily
10.4k31640
A user is locked when the passwd field is the string *LK*, but you cannot check this as /etc/shadow is only readable by root for security reasons.
If permissions are not an issue, try this:
OIFS="$IFS"
IFS=:
while read USER PW REST; do
if [ "$USER" = "$uname" ]; then
if [ "$PW" = "*LK*" ]; then
echo "$uname" Locked
fi
fi
done < /etc/shadow
IFS="$OIFS"
answered 48 mins ago
schily
10.4k31640
edited 27 mins ago
answered 48 mins ago
schily
10.4k31640
answered 48 mins ago
schily
10.4k31640
answered 48 mins ago
schily
10.4k31640
10.4k31640
1
I have edited my question - permissions is not an issue. Last time I checked, an exclamation mark in first position in the password means that the password is locked.
– DavDav
37 mins ago
schillix.sourceforge.net/man/man4/shadow.4.html Anything that cannot be an encrypted passwd makes the account unusable, but if you use the incorrect pattern, this may be missinterpreted and please note: this file is shared between different platforms via e.g.NIS.
– schily
34 mins ago
3
*LK*is only for SysV systems,passwd -l(for locking) on Linux-based does use!.passwd -ldoesn't make the account unusable, it only disables password authentication.
– Stéphane Chazelas
30 mins ago
2
Indeed, the question's objective says "is the first character in user's password an exclamation mark ('!')"
– Jeff Schaller
26 mins ago
UsingIFS=: read -r user pw restavoids having to save and restore$IFS. See also-rto avoid the backslash processing (backslash not expected in /etc/shadow though)
– Stéphane Chazelas
6 mins ago
add a comment |Â
1
I have edited my question - permissions is not an issue. Last time I checked, an exclamation mark in first position in the password means that the password is locked.
– DavDav
37 mins ago
schillix.sourceforge.net/man/man4/shadow.4.html Anything that cannot be an encrypted passwd makes the account unusable, but if you use the incorrect pattern, this may be missinterpreted and please note: this file is shared between different platforms via e.g.NIS.
– schily
34 mins ago
3
*LK*is only for SysV systems,passwd -l(for locking) on Linux-based does use!.passwd -ldoesn't make the account unusable, it only disables password authentication.
– Stéphane Chazelas
30 mins ago
2
Indeed, the question's objective says "is the first character in user's password an exclamation mark ('!')"
– Jeff Schaller
26 mins ago
UsingIFS=: read -r user pw restavoids having to save and restore$IFS. See also-rto avoid the backslash processing (backslash not expected in /etc/shadow though)
– Stéphane Chazelas
6 mins ago
1
1
I have edited my question - permissions is not an issue. Last time I checked, an exclamation mark in first position in the password means that the password is locked.
– DavDav
37 mins ago
I have edited my question - permissions is not an issue. Last time I checked, an exclamation mark in first position in the password means that the password is locked.
– DavDav
37 mins ago
schillix.sourceforge.net/man/man4/shadow.4.html Anything that cannot be an encrypted passwd makes the account unusable, but if you use the incorrect pattern, this may be missinterpreted and please note: this file is shared between different platforms via e.g.
NIS.– schily
34 mins ago
schillix.sourceforge.net/man/man4/shadow.4.html Anything that cannot be an encrypted passwd makes the account unusable, but if you use the incorrect pattern, this may be missinterpreted and please note: this file is shared between different platforms via e.g.
NIS.– schily
34 mins ago
3
3
*LK* is only for SysV systems, passwd -l (for locking) on Linux-based does use !. passwd -l doesn't make the account unusable, it only disables password authentication.– Stéphane Chazelas
30 mins ago
*LK* is only for SysV systems, passwd -l (for locking) on Linux-based does use !. passwd -l doesn't make the account unusable, it only disables password authentication.– Stéphane Chazelas
30 mins ago
2
2
Indeed, the question's objective says "is the first character in user's password an exclamation mark ('!')"
– Jeff Schaller
26 mins ago
Indeed, the question's objective says "is the first character in user's password an exclamation mark ('!')"
– Jeff Schaller
26 mins ago
Using
IFS=: read -r user pw rest avoids having to save and restore $IFS. See also -r to avoid the backslash processing (backslash not expected in /etc/shadow though)– Stéphane Chazelas
6 mins ago
Using
IFS=: read -r user pw rest avoids having to save and restore $IFS. See also -r to avoid the backslash processing (backslash not expected in /etc/shadow though)– Stéphane Chazelas
6 mins ago
add a comment |Â
Â
draft saved
draft discarded
Â
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f479117%2fbash-check-in-etc-shadow-if-user-password-is-locked%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
Bear in mind that not all operating systems have a "shadow" file, and those that do differ in the flag conventions for "locked" accounts. This question is actually specific, per the reference to
!, to the shadow password mechanism in Linux operating systems.– JdeBP
12 mins ago
Excellent remark - and you're absolutely right. Fortunately, my script is intended for an environment, in which only a select few Linux distros are in play. I should be good ;)
– DavDav
9 mins ago