Backup and restore user passwords
As long as no other changes happen in /etc/shadow
or /etc/passwd
, this should work just fine. If a user is added, deleted or modified and then you restore an old version, there may be trouble. If you can guarantee that nobody will do any operations involving /etc/passwd
or /etc/shadow
it will be OK.
You can also edit /etc/shadow
, copy the encrypted password somewhere safe, do your password change, and then when needed set the password back to what it was. That way you don't need to touch anything else.
# Obtain the old password and save it in a file
echo $(sudo grep $USER /etc/shadow | cut -f 2 -d ':') >/safe/encrypted-pass
# Here, change the password, do whatever you need, then..
sudo usermod -p $(cat /safe/encrypted-pass) $USER
Note that the -p
option to usermod
"is not recommended because the password (or encrypted password) will be visible by users listing the processes." So it's up to you to decide if this is a risk that concerns you.
I prefer using commands to do this kind of manipulation, but you can accomplish the same thing manually with a simple text editor.
Related videos on Youtube
Captain Giraffe
Updated on September 18, 2022Comments
-
Captain Giraffe over 1 year
Is it possible to make a file copy to backup users password and then restore them by copying them back?
It seems that the file in question is
/etc/shadow
as per http://en.wikipedia.org/wiki/Passwd#Shadow_fileMy intention is to temporary change a users password,
sudo passwd user
. The original password is unknown to me. I would then restore it to the original password by replacing the/etc/shadow
file with the previous copy. I.e.sudo cp /etc/shadow /etc/shadow.backup sudo passwd user sudo cp /etc/shadow.backup /etc/shadow sudo rm /etc/shadow.backup
Is this possible or will I ruin the account?
-
Captain Giraffe almost 10 yearsThanks. The usermod ps listing will only be visible while
ps
is running correct? -
BlitZz almost 10 yearsCorrect, so your window of vulnerability is very small.
-
Alexis Wilke over 4 years@CaptainGiraffe, it's not just
ps
, obviously the data is available tops
and thus to any tool that have the same capability. You can see the command line just usingcat /proc/<pid>/cmdline
. So it's not really that difficult to get the info if you're a good enough hacker. If you are the only one of that server at the time, though, it's 100% safe.