creating random pass for a user in bash

Question

I'm trying to create a random password for the user I create in bash. Here's my code.

#!/bin/bash

echo -e "Enter Username you want to add:\c"

read uname

echo -e "Enter Password age:\c"

read page

PSD=`</dev/urandom tr -dc A-Za-z0-9 | head -c8`

sudo useradd $uname

echo -e "$PSD\n$PSD\n"|passwd $uname

passwd -x $page $uname

echo -e "$uname is created. $PSD is its password and Passwd age is 14 days"

It works fine and displays a random pass on the screen, user is created successfully, but the problem is that I can login with that password, means the generated password for the user, doesn't work.

This is just a basic script before I in-cooperate this in 'do while loop' for a program where I'll be creating multiple users and their random passwords and would be redirecting to save them into a text file. however, before that I'm stuck here, can anyone please point out my mistakes.

P.s, I just started bash a week ago, so sorry if my question sounds stupid to you. Thank you in advance :)

Answer 1

I believe you are looking for:

PSD=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c8)

example $PSD

tKJgC4MI

Note: it is never a good idea to pipe the password from stdout to stdin from a pedantic security standpoint. Additionally, by echo'ing the password twice, you will leave it on stdin as only one instance will be consumed by passwd (if it will take one at all).

Per the comment and request, here is a script that will implement adding a user with the random password setting password expiration to 14 days. Note: the password will expire every 14 days until reset. Also note the use of useradd to create the user and set the password:

#!/bin/bash

[ $UID = 0 ] || {
    printf "\n  error: insufficient permission.\n\n"
    printf "    script must be run as root (uid/euid = 0), user: '%s' can't.\n\n" "$USER"
    exit 1
}

printf "\n  Enter user to add    : "
read uname

printf "  Enter first/last name: "
read fname

printf "  Enter password age   : "
read page

PSD=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c8)

cat <<TAG

creating account for:

    name: $fname
    user: $uname
    tpwd: $PSD
    page: $page

useradd -c "$fname" -m -p $PSD $uname

passwd -x $page $uname

TAG

printf "  Create (yes/no): "
read ans

if [ "$ans" = "yes" ]; then
    useradd -c "$fname" -m -p "$PSD" $uname || {
        printf "\n  error: useradd failed.\n\n"
        exit 1
    }
    passwd -x $page $uname || {
        printf "\n  error: setting passwd age failed.\n\n"
        exit 1
    }
    printf "\n  Account successfully created for user: %s\n\n" "$uname"
else
    printf "\n  No account created -- you answered '%s'\n\n" "$ans"
fi

exit 0

use/output:

$ sudo bash uadd.sh

  Enter user to add    : jroger
  Enter first/last name: Jolly Q. Roger
  Enter password age   : 14

  creating account for:

    name: Jolly Q. Roger
    user: jroger
    tpwd: fzMUiCnr
    page: 14

  useradd -c "Jolly Q. Roger" -m -p fzMUiCnr jroger

  passwd -x 14 jroger

  Create (yes/no): yes
passwd: password expiry information changed.

  Account successfully created for user: jroger

$ id jroger
uid=2056(jroger) gid=100(users) groups=100(users)

Answer 2

This will not work as passwd doesn't read input as you think it does. It opens terminal, read input and closes it. If it has to read it two times (to be sure you didn't made a mistake) it does the procedure twice.

You should use chpasswd which updates passwords in batch mode.