In shell script I am hardcoding username and password to connect to db.
If the password field has $ followed by numeric value it is considering as the argument or parameter hence not connecting to db.
Please suggest how this can be resolved.
I cannot change the db password
Quote your password with single quotes.
For details, see your friendly manual - open a terminal and type man sh or man bash (if bash is the shell you're using).
The online Bash reference manual also has pages on quoting. (I found these with Google, literally within a second.)
Related
How can I change the user's password over ssh connection (not via browser interface) on the UBNT (Ubiquity Network) device, more specifically airOS8 WA v8.x board?
I want to avoid the ridiculous restriction imposed by their web interface on the password complexity (the only thing they don't require in the password is the unicorn's blood). I don't feel comfortable with someone else telling me what my passwords should look like (for my own well being, of course), so I'd like to change it via ssh connection, where this restriction is not being imposed.
I followed the discussion on their forums, which is just a useless bike-shedding over the opinions if the developers should impose such restrictions (without the switch to turn that off) or not.
I found the way to do this and wanted to share with others, who need to do the same thing.
First, log in to your device over an ssh connection. Then, issue a passwd command to change your password. If you now just reboot your device, the new password won't be saved, so read on.
Next, you need to copy the new password hash to a file named /var/tmp/system.cfg. So, first, type cat /etc/passwd, to see the new password hash, which should look something like this:
ubnt:$1$ssssssss$hhhhhhhhhhhhhhhhhhhhhh:0:0:Administrator:/etc/persistent:/bin/sh
where ssssssss is the Salt and hhhhhhhhhhhhhhhhhhhhhh is the Hash of the new password. We need to copy all that to the /var/tmp/system.cfg file, so type:
vi /var/tmp/system.cfg and in there, find the line that starts with users.1.password= and change it to be like this (press 'I' for Insert operation):
users.1.password=$1$ssssssss$hhhhhhhhhhhhhhhhhhhhhh
where Salt and Hash will be something randomly generated. When you finish changing that line, press Escape key and then save/quit the file (pressing colon, 'w', 'q' and Enter key, like ':wq')
Once you're back in the shell, type save to save this configuration permanently and then type reboot to check if your password survived the reboot process.
That should be it.
Thanks, but much better is to use a hash of default password ubnt, to get it, just run grep users.1.password /var/etc/default.cfg
Can somebody help me to create a script that changes my password for a Solaris based server? I am not the root user. Usually I change my password like this: I type in the terminal "passwd" then it asks me to enter login password, I insert it, then it ask for the new password, I insert it, then it asks to re-enter new password, I insert it. Does anybody knows how to do this via script? Or even better how to change the password by a command written in only one line?
I want to create a java app that connects to the server and changes the password.
What you're trying to do is deliberately almost impossible to accomplish - because it's a very, very bad, insecure idea to script passwords. Doing so almost certainly compromises the password and therefore the account and everything it has access to.
The Solaris passwd utility uses getpassphrase() to read passwords directly from the controlling terminal - the keyboard. You can find the source code here.
From the getpassphrase() man page:
Description
The getpass() function opens the process's controlling terminal,
writes to that device the null-terminated string prompt, disables
echoing, reads a string of characters up to the next newline character
or EOF, restores the terminal state and closes the terminal.
The getpassphrase() function is identical to getpass(), except
that it reads and returns a string of up to 257 characters in length.
How can you provide the password to ssoconfig.exe -restoresecret as parameter?
I'm trying to use the sysprep scripts from Colin Meade on TechNet
Checked on MSDN and ssoconfig -restoresecret only has <restore file> as a parameter ... no reference to "password"
Yet when I run the command, I get the prompt for a password, along with the password hint!
As described in http://msdn.microsoft.com/en-us/library/aa560589.aspx, the command does not let you restore a secret with a password as a parameter. So it doesn't seem to be viable via the command line.
I don't know what the use-case is in your case, but in general I'm not sure if this would be something you want to automate?
What you can do is automate it yourself by writing a wrapper (e.g. console application) for it. You can do so by sending keystrokes to the command line, there are various examples available here on SO.
In my app I ask users to register using a unique name. The app creates a directory for them with that name that they then can work with, saving files, etc.
I hadn't really thought about screening for other than alpha-numeric for the name. However, I ran across a thread somewhere than said to make sure not to create directory names that match a unix command name.
Is this a legitimate risk? If so, how might one programmatically screen for such an occurrence? I'm also curious how such a scenario might play out to illustrate the problem (exploit?). That last part is academic interest only, of course.
Generally, it doesn't matter(has no obvious security risk). Most softwares, for example shell, search a unix command based on some enviroment variables(like PATH). So even if your created directory matches a unix command like "cd", it can only be used as a parameter to other unix command, like cd cd.
However, if another application search the unix command based on other approaches like searching some directories, it may lead to security breaches.
The only way I can think of that being a risk is if you're going to turn around and process those user names through command-line functions. You would want to be careful to escape the user names anywhere that they could be interpreted as a command...though off the top of my head, with strictly alphanumeric user names, you'd have to go to a lot of trouble to run into such a risk.
If you decided anyway that you wanted to ensure that the username didn't match an application on the path of the creating process, you could shell out from whatever your app environment is, and evaluate the result of which $prospectiveUsername. If it returns anything other than an empty string, you know that the username is an application on the process's path.
NOTE: In the above scenario, make sure you sanitize the username before calling out to the shell command. Otherwise, you do run security risks, if e.g. the user decides to enter her username as "janedoe; rm -rf /".
I have a program that is going to take a password as input and then do a shell execute to perform a "su" (switch user) command in UNIX. However, I don't know how to pass the password variable to the UNIX su command. The language I have to use for this is pretty limited (UniBasic).
Any ideas?
Well, the best way to do that would be a setuid-root binary that ask for the password then execute whatever command is needed but it requires knowledge you say not to possess. I'd advise in looking at sudo(1) instead.
You could ssh to localhost as another user to execute whatever command you want. Or, use sudo and edit /etc/sudoers such that sudo does not ask for a password. However, there could be security implications.
EDIT: Please let me know why when you vote it down. My answer may not be perfect but at least it works. I do that myself for some licensed software that can only be run under a weird user name.
You do not want to specify the password as a command-line argument. Not so much because of #unwind's answer (scripts could be made private) but because if someone runs a list of processes, you could see the command argument and hence the password in question.
The version of su I have on my Linux server does not support such an option. I checked sudo, but it doesn't either. They want to do the prompting themselves, to ensure it's done in a safe manner and (I guess) to discourage people from putting passwords verbatim in scripts and so on.
You could also look at the 'expect' utility that was designed to script complex user inputs into a programs that weren't flexible enough to receive this input from places other than stdin.