2

I am on an embedded linux box where I am the root user. I have set a password which is present in /etc/shadow file.

Now running as root user and using the following logic in a shell script, I am able to check if a password is set or not.

if [ `awk -F ':' '/^'$i':/ {print $2}' /etc/shadow` ] ; then 
   echo "Password is set" ;
   # How can I check, compare or retrieve the password now assuming that I am the root user with all privs
else 
   echo "Password is not set";
fi

Question:
I want to check and compare if password set is equal to "Password123". Is it possible to extend above logic to do that? Just check if the password is set to some default?

Please note that, I am running as the root user with all privileges on that embedded linux box running Fedora.

Cyrus
  • 84,225
  • 14
  • 89
  • 153
AdeleGoldberg
  • 1,289
  • 3
  • 12
  • 28
  • 1
    I think logic of comparing could be written, but I really doubt that any file in O.S will have password stored in it(not in plain text off course), though I am NOT at all a O.S expert but I doubt on this one. If that mentioned file really has those entries then please add them as a samples and we could guide you more on this one, thank you. – RavinderSingh13 Oct 29 '20 at 09:32
  • Yeah. The password is decrypted in that file. But, I was thinking if there is an Linux OS API to check the password if running with root priviliges? – AdeleGoldberg Oct 29 '20 at 09:34
  • Also, I am setting the default password. I just want to check if password is default or changed to something else. Thats it. If I set the password as lets say "pswd007", then is it just possible to check if password is "pswd007"? – AdeleGoldberg Oct 29 '20 at 09:37
  • 2
    See https://unix.stackexchange.com/questions/21705/how-to-check-password-with-linux – Vesa Karjalainen Oct 29 '20 at 09:37
  • Yes. My default password is same for everyone. – AdeleGoldberg Oct 29 '20 at 09:41
  • 1
    It's not impossible, but I would perhaps not use shell script for that (especially if my scripts triggered warnings on http://shellcheck.net/). Please [edit] to provide details about how your `/etc/shadow` is configured. – tripleee Oct 29 '20 at 10:24
  • Since you know the password, and the [encryption method is known](https://stackoverflow.com/questions/12660851/which-is-the-encryption-method-used-on-etc-shadow) why not encrypt the test (default) password yourself and do string comparison? – Daemon Painter Dec 21 '20 at 13:51

0 Answers0