1

Desired:

How do I pass the value to -p <parameter value> ("password") without putting it in the command line in clear text which would eventually be stored in the bash_history? Can it be stored in a file and cat <file> the password?

Actual:

The password is shown in the command line bash_history.

Usage:

sh test.sh -u username -p password

Code:

#!/bin/sh


OPTS=`getopt -o up: --long username,password -n 'parse-options' -- "$@"`
DOCKER_OPTS=""

while true; do
  case "$1" in
    -u | --username) 
             USER="$2"; shift; shift;;
    -p | --password) 
            PASS="$2"; shift;  shift ;;
    * ) break ;;            
  esac
done



if [ -z "$USER" ] || [ -z "$PASS" ] ; then
    echo "username and pass not defined"

else
    echo "username and password defined"

fi
jww
  • 97,681
  • 90
  • 411
  • 885
Lacer
  • 5,668
  • 10
  • 33
  • 45
  • Generally speaking, you don't have a password option. You have `test.sh` read the password directly from the terminal. `read -s password < /dev/tty`. (Drop `-s` if you need POSIX compatibility, though you'll want to use `stty` in that case to enable/reenable echoing.) – chepner Apr 16 '19 at 18:39
  • 1
    You can either read password from terminal or retrieve password from a global env variable. – anubhava Apr 16 '19 at 18:40
  • how would you read the password from the terminal without actually entering the password in the command line? – Lacer Apr 16 '19 at 19:05
  • 1
    You type the password, but it never shows up anywhere *except* in the memory space of the process reading from the terminal. (The purpose of `-s` or appropriate use of `stty` prevents what you are typing from being echoed back to the terminal, keeping the password hidden from anyone looking at your screen.) – chepner Apr 16 '19 at 19:14
  • 4
    Possible duplicate of [How to get a password from a shell script without echoing](https://stackoverflow.com/q/3980668/608639), [Hiding user input on terminal in Linux script](https://stackoverflow.com/q/4316730/608639), [How to make bash script ask for a password?](https://stackoverflow.com/q/2654009/608639), etc. – jww Apr 16 '19 at 20:47

1 Answers1

-1

Ok i found the answer.. sorry

sh test.sh -u username -p $(< pass.txt)
Lacer
  • 5,668
  • 10
  • 33
  • 45
  • 3
    Nope; after the command substitution has been expanded, the value read from `pass.txt` will be visible via tools like `ps`. – chepner Apr 16 '19 at 18:48
  • could you provide an example using ps? This would be used more for localized testing rather than production environment. – Lacer Apr 16 '19 at 19:03
  • 1
    A simple `ps` will suffice. If I put `foo` in `pass.txt`, then run `sh test.sh $( – chepner Apr 16 '19 at 19:12
  • but if it's locally running this script could you see foo after the execution of the script? ps would only be usable during the execution of the script. Either way you could find the password if you know the path of the text file. – Lacer Apr 16 '19 at 19:38
  • 1
    No, but accepting insecure code because it *probably* won't leak your password is terrible practice. If `test.sh` needs a password, let *it* ask for it. – chepner Apr 16 '19 at 19:43