Reputation: 1618
I'm looking for a way to compare the password a user enters in to a script against the root users password stored in /etc/shadow
I can do this with a perl command, but I need to get the salt and existing password from shadow to compare against.
I know I can grep /etc/shadow
for root which results in a string similar to:
mal:$6$23QKDPc5E$SWlkjRWexrXYgc98F.:12825:0:90:5:30:13096:
What I'd like to do is get the salt 23QKDPc5E and password SWlkjRWexrXYgc98F. from this string to their own variables.
is there an easy way to do that ?
Only way I can think of is to split the string on $
and then split the final result on :
This will give me two arrays containing the values I need, but there must be a neater way..
Thanks
Upvotes: 1
Views: 3182
Reputation: 1807
A similar approach as proposed in @Viktor Khilin 's answer, but by issuing only 1 command would be:
# Get the algorithm used for generating the password for user "root", first field of the hash in `/etc/shadow`
awk -F[:$] '$1 == "root" {print $3}' /etc/shadow
# Get the SALT, 2nd field of the hash in `/etc/shadow`:
awk -F[:$] '$1 == "root" {print $4}' /etc/shadow
# get the password hash, 3rd field in `/etc/shadow`:
awk -F[:$] '$1 == "root" {print $5}' /etc/shadow
Explanation:
The hash field itself in /etc/shadow
is comprised of three different fields. They are separated by '$' and represent:
Original source regarding /etc/shadow
file format can be found here (ignore the expired HTTPS cert warning)
Upvotes: 3
Reputation: 1838
Using awk:
grep root /etc/shadow | awk -F'$' '{print $3}'
Output:
23QKDPc5E
grep root /etc/shadow | awk -F'$' '{print $4}' | awk -F: '{print $1}'
Output:
23QKDPc5E$SWlkjRWexrXYgc98F.
Finally code:
#!/bin/bash
# something you want here...
salt=$(grep root /etc/shadow | awk -F'$' '{print $3}')
password=$(grep root /etc/shadow | awk -F'$' '{print $4}' | awk -F: '{print $1}')
...
echo "${salt}"
echo "${password}"
Upvotes: 1