passmass(1) - Linux man page
Namepassmass - change password on multiple machines
Synopsispassmass [ host1 host2 host3 ... ]
IntroductionPassmass changes a password on multiple machines. If you have accounts on several machines that do not share password databases, Passmass can help you keep them all in sync. This, in turn, will make it easier to change them more frequently.
When Passmass runs, it asks you for the old and new passwords. (If you are changing root passwords and have equivalencing, the old password is not used and may be omitted.)
Passmass understands the "usual" conventions. Additional arguments may be used for tuning. They affect all hosts which follow until another argument overrides it. For example, if you are known as "libes" on host1 and host2, but "don" on host3, you would say:
passmass host1 host2 -user don host3
- User whose password will be changed. By default, the current user is used.
- Use rlogin to access host. (default)
- Use slogin to access host.
- Use ssh to access host.
- Use telnet to access host.
Next argument is a program to run to set the password. Default is "passwd". Other common choices are "yppasswd" and "set passwd" (e.g., VMS hosts). A program name such as "password fred" can be used to create entries for new accounts (when run as root).
- Next argument is a prompt suffix pattern. This allows the script to know when the shell is prompting. The default is "# " for root and "% " for non-root accounts.
- Next argument is the number of seconds to wait for responses. Default is 30 but some systems can be much slower logging in.
Next argument is 1 or 0. If 1, you are additionally prompted for a root password which is used to su after logging in. root's password is changed rather than the user's. This is useful for hosts which do not allow root to log in.
How to UseThe best way to run Passmass is to put the command in a one-line shell script or alias. Whenever you get a new account on a new machine, add the appropriate arguments to the command. Then run it whenever you want to change your passwords on all the hosts.
Using the same password on multiple hosts carries risks. In particular, if the password can be stolen, then all of your accounts are at risk. Thus, you should not use Passmass in situations where your password is visible, such as across a network which hackers are known to eavesdrop.
On the other hand, if you have enough accounts with different passwords, you may end up writing them down somewhere - and that can be a security problem. Funny story: my college roommate had an 11"x13" piece of paper on which he had listed accounts and passwords all across the Internet. This was several years worth of careful work and he carried it with him everywhere he went. Well one day, he forgot to remove it from his jeans, and we found a perfectly blank sheet of paper when we took out the wash the following day!
See Also"Exploring Expect: A Tcl-Based Toolkit for Automating Interactive Programs" by Don Libes, O'Reilly and Associates, January 1995.
AuthorDon Libes, National Institute of Standards and Technology
The su (short for substitute user) command makes it possible to change a login session's owner (i.e., the user who originally created that session by logging on to the system) without the owner having to first log out of that session.
Although su can be used to change the ownership of a session to any user, it is most commonly employed to change the ownership from an ordinary user to the root (i.e., administrative) user, thereby providing access to all parts of and all commands on the computer or system. For this reason, it is often referred to (although somewhat inaccurately) as the superuser command. It is also sometimes called the switch user command.
Advantages of Using su
su is usually the simplest and most convenient way to change the ownership of a login session to root or to any other user.
More importantly, it provides a safer way for administrators on multi-user systems (as well as for users on home computers or other single-user systems) to use the system than to routinely log on as the root user. That is, there is much less potential for accidental or malicious damage if an administrator first logs on as an ordinary user (who, by default, has very limited system privileges) and uses that account for routine tasks that do not require root's sweeping powers. su can then be used to switch to the root account for only those operations that actually require root access (e.g., making system repairs and managing user accounts).
The use of su instead of routinely logging in as root is particularly important when connected to the Internet. This is because it makes it much more difficult for malicious software originating on remote computers to access critical system files or commands (which belong to the root account).
On multiuser systems, not only the root account but also su should be used to the minimum extent necessary, and it should be used with great caution. This includes making certain (1) that no unauthorized persons see any passwords used with su (such as watching a password being typed in or seeing it on paper), (2) that su sessions are not left unattended and (3) that su sessions are terminated as soon as the tasks for which they were invoked have been completed.
When su is used while in console mode (i.e., with a text-only screen display), the original user's session cannot, of course, be used on the same machine (because the su session occupies the entire screen). However, when su is used in a terminal window (i.e., a text-only window in a GUI), only that terminal window and programs that are started from it are run with the new user's account (e.g., root), and all other programs, including any other terminal windows, can continue to be run by the original user.
A convenient way of eliminating the need for typing su numerous times during a session is to open a terminal window, run su once in that window and then use the window for all root tasks (i.e., tasks for which administrative privileges are required) during the session. However, it is important to make certain that no one has physical access to the computer during such session. Thus, it is advisable to close the terminal window as soon as practical, unless it is used on a home system (where, presumably, nobody is around to cause damage to the system or steal data).
Another advantage of using su is that a record is kept of its usage in system logs, whereas no such record is kept if one logs in directly as root. (This is discussed in more detail below.)
A simplified expression of the syntax of the su command is:
The square brackets indicate that the enclosed item is optional. Thus, the simplest way to use the su command is to just type:
The operating system assumes that, in the absence of a username, the user wants to change to a root session, and thus the user is prompted for the root password as soon as the ENTER key is pressed. This produces the same result as typing:
If the correct password is provided, ownership of the session is changed to root.
Likewise, to transfer the ownership of a session to any other user, the name of that user is typed after su and a space. For example, to change the owner of the current login session to a user named alice, type the following:
The user will then be prompted for the password of the account with the username alice.
Confirming the Owner of a Session
Sometimes when using su it might not be obvious who is actually the owner of a session. Or, as an additional security step, a system administrator might want to reconfirm that the root account has actually exited. There are several ways to confirm session ownership.
Usually, the easiest way to distinguish whether the owner is the root user or an ordinary user is to observe the command prompt (i.e., the brief text automatically provided by the shell at the left hand side of each line in a console or terminal window). The last character in the prompt is the pound sign (#) for the root user or the dollar sign ($) for an ordinary user. However, on systems with large numbers of users, including users with various levels of administrative privileges, this is clearly insufficient.
A shell is a program that provides the traditional, text-only user interface for Unix-like operating systems. Its primary function is to read commands that are typed into a console or terminal window and then execute (i.e., run) them.
On some shells, such as bash (the default on Linux), the prompt provides substantially more information, including the name of the current owner of the session and the name of the current directory. For example, if the current user is root and the current directory is /home/alice, then the prompt might be [root@localhost alice]$.
The name of the current user can also be confirmed by using the whoami command, i.e.,
Changing the Home Directory and Environmental Variables
The default behavior of su is to maintain the current directory and the environmental variables of the original user (rather than switch to those of the new user). Although the shell account likewise remains that of the original user, any new, unprivileged user (i.e., users other than root and others with some system privileges) does not gain automatic access to the directories or files of the former owner of the session.
Environmental variables are a class of variables that tell the shell how to behave as a user works at the command line (i.e., all-text mode) or in shell scripts (i.e., programs written in shell programming languages). They can be, and often are, set differently for each user.
The single most important environmental variable is PATH. When a user types in a command at the command line, the shell searches through all directories listed in PATH until it finds a program with that name. It is important to keep in mind the fact that there are different PATH settings for ordinary users and root.
The contents of the PATH file for the owner of the current session can be seen by issuing the following command:
For ordinary users PATH is usually something like /usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/username/bin: For root it generally resembles /sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin.
Thus, if there is an executable (i.e., a runnable program) in the directory /usr/local/bin, root will have to supply the full path in order to run that application, otherwise the shell will just return the error message command not found. The full path is the name of the command or program preceded by its path from the root directory (which is represented by a forward slash and which should not be confused with /root, the root user's home directory). An ordinary user would only need to type the name of the command or program in such case, and not its full path, because /user/local/bin is in the user's PATH.
It sometimes can be advantageous for a system administrator to use the shell account of an ordinary user rather than its own. In particular, occasionally the most efficient way to solve a user's problem is to log into that user's account in order to reproduce or debug the problem.
However, in many situations it is not desirable, or it can even be dangerous, for the root user to be operating from an ordinary user's shell account and with that account's environmental variables rather than from its own. While inadvertently using an ordinary user's shell account, root could install a program or make other changes to the system that would not have the same result as if they were made while using the root account. For instance, a program could be installed that could give the ordinary user power to accidentally damage the system or gain unauthorized access to certain data.
Thus, it is advisable that administrative users, as well as any other users that are authorized to use su (of which there should be very few, if any), acquire the habit of always following the su command with a space and then a hyphen. The hyphen has two effects: (1) it switches the current directory to the home directory of the new user (e.g., to /root in the case of the root user) and (2) it changes the environmental variables to those of the new user. That is, if the first argument to su is a hyphen, the current directory and environment will be changed to what would be expected if the new user had actually logged on to a new session (rather than just taking over an existing session).
Thus, administrators should generally use su as follows:
An identical result is produced by adding the username root, i.e.,
Likewise, the same can be done for any other user, e.g., for a user named bob:
An argument, also called a command line argument, is a file or other information that is provided to a command in order for that command to use it as an input. Arguments used with su can include the hyphen and a username as well as arguments for commands that are used with su.
The -c Option
Among the most commonly used of su's few options is -c, which tells su to execute the command that directly follows it on the same line. Such command is executed as the new user, and then the terminal window or console from which su was run immediately returns to the account of the former user after the command has completed execution or after any program that it has launched has been closed.
If the command inclusive of its options has one or more spaces in it, then it must be enclosed in quotation marks; otherwise, su will interpret whatever comes after the first space in the command as the name of a user to whose account su is supposed to switch (the result of which will be an error message).
For example, the /root directory (i.e., the home directory of the root user) is generally not accessible to ordinary users, and thus the command ls /root will return a permission denied error message if it is issued by an ordinary user. However, the contents of this directory can be viewed (assuming, of course, that the correct password is supplied) by using su together with the ls command (which lists the contents of directories) as follows:
Either double or single quotation marks can be used. And a new user can be explicitly designated along with the command. For example, the following command switches to user bob's account and produces a list of the contents of bob's home directory (whose contents would not generally be viewable by other ordinary users):
su together with its -c option can also be used to launch GUI (graphical user interface) programs. For example, it can be used to start Nautilus (a popular GUI file manager) with root access:
Nautilus can be a very handy alternative to the command line for navigating around the system. Root access makes all files and directories on the system available with Nautilus, whereas starting Nautilus as an ordinary user would make only a limited subset of files and directories available. Again, however, it should be emphasized that along with this power comes danger, and thus Nautilus should be used as root only under carefully controlled circumstances.
When a command is issued using su with its -c option, the console or terminal window session generally reverts back to the previous user as soon as the command has executed. This can be viewed as another built-in safety mechanism, because root (or any other substitute user) was apparently used just for a specific command, and thus it would presumably serve no purpose (and just be a security hole) to maintain the new ownership after the program terminated.
However, if the command that has been executed using su and its -c option has opened a program (e.g., Nautilus), that program remains open with the new owner's (e.g., root's) privileges until such program is explicitly closed. But the terminal window used to open the program cannot be used for other root operations while the program is running, and ownership of the session in the terminal window reverts back to the former user after the program is terminated.
One minor disadvantage of issuing commands by using the -c option with su, rather than just using su by itself (or using it together with a user name) to first change ownership of a login session, is that command line completion does not work with it. Command completion is a convenient feature of bash and some other shells that automatically completes the typing of a command name or a file name after only part of it has been typed and when the user then presses the TAB key. If su is used by itself to first switch ownership of the terminal session, command completion can then be used for subsequent commands as usual.
Exiting From su
There are several ways to exit from su, i.e., to return the login session or terminal window to its former owner, for those situations in which the exit is not automatic (e.g., when su is not used with its -c option). One is to type the word and then press the ENTER key. Another is to simultaneously press the CTRL and d keys.
In addition, to change back to the previous user or to any user, the su command can be used again followed by the name of that user. For example, the following can be used to return ownership of a session to user alice:
If su was originally used together with the hyphen (i.e., su -), then there is an additional way to return the session to the previous user: it is by typing the word and then pressing the ENTER key.
When using any of these techniques to switch from the root user to an ordinary user, no password is required. Also, when returning to the original user, the current directory and environmental settings are also restored to those of the original user.
If the su command was used in a new terminal window, the original owner of the GUI session was never replaced and thus there is no GUI session to return to the original user. All that is necessary in order to log out as root (or whatever the substitute user was) is to close the window.
su and Logs
A major benefit of using su is that a record is kept of its usage in a system log, typically /var/log/messages. This is particularly valuable if there are multiple administrators for the system (each of which should have an individual username and password), because it facilitates finding out who was doing what and when. /var/log/messages records the username and user ID (UID) of the user that opens a su session as well as the times that the session is opened and closed. However, su does not keep a record of what is actually done as root, and such information must therefore be obtained from other sources.
The contents of /var/log/messages can be viewed by first using su to switch to the root account and then issuing the following command:
It is convenient to use the tail command here because it shows the last part of a file, rather than starting at the beginning as commands such as cat (possibly the most commonly used command for reading text files) do. As /var/log/messages can be a rather long file, this can save a lot of scrolling.
Tail prints (i.e., writes to the monitor screen) the final ten lines by default, but this can be easily adjusted by using the -n option followed by a space and an integer representing the desired number of lines. For example, the following command would print the final 20 lines of /var/log/messages:
Although it is slightly more time consuming, it might be advisable to acquire the habit of typing the full path to su (e.g., /bin/su) rather than typing just by itself (or with any desired arguments, etc.) and relying on PATH to find su. Thus, the switch to the user alice would be typed:
The reason is that this provides some protection from other, malicious programs named su that may have been slipped into the shell's search path (i.e., as defined by PATH) for some nefarious purpose such as harvesting passwords. (Likewise, it is advisable to not include the current directory, which is represented by a period, in the PATH files).
As is the case with many command line programs, there is a graphical front end available for su, and it is named KDE su. A graphical front end is a GUI program that operates on top of a command line program and replaces its character-based user interface with a graphical one.
su is one of the GNU Core Utilities, which are developed by the Free Software Foundation (FSF) and are therefore open source and free to use, study, modify and redistribute. KDE su is also free software.
Created December 11, 2004.
Copyright © 2004 - 2005 The Linux Information Project. All Rights Reserved.