CentOS Linux and passwords

User creation and password changes can be handled as one-liners for as long as you use the correct commands.  Today I learned of another password utility other than passwd.  It is chpasswd, a powerful tool to change passwords without the prompt and the password can be encrypted.

User Creation

To create a user may be a two step process. First create the user with useradd, then create a password for that user with the passwd command which prompts for the password twice.  It can also be done with a one-liner for as long as the password is encrypted. The example below uses the passwd of password.

useradd testuser
passwd testuser

Here is the one-liner.  This example uses passwd as password.

useradd -p '$1$xyz$cEUv8aN9ehjhMXG/kSFnM1' testuser

To get that encrypted passwd, use openssl to generate an encrypted passwd.  I elected to salt the password with the phrase xyz.

openssl passwd -1 -salt xyz 'password'

Password Change

I had used the same logic to change my passwd with the salted password.  However, to my dismay it did not work.

echo '$1$xyz$cEUv8aN9ehjhMXG/kSFnM1' | passwd testuser --stdin

However, this will work.  A non-encrypted password.  This is not the goal as it will show up in the history.

echo 'password' | passwd testuser --stdin

Then I discovered the chpasswd command.  This command will do exactly the same as the one-liner directly above.

echo testuser:password | chpasswd

Adding the switch -e to the command will permit the use of an encrypted password.

echo testuser:'$1$xyz$cEUv8aN9ehjhMXG/kSFnM1' | chpasswd -e

Source(s)

man chpasswd
https://serverfault.com/questions/808211/changing-root-password-via-script-fails-but-reports-success