Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

How does a “passwd” and “adduser” command actually work on a LINUX OS?

by |Published

(From a novice’s point of view)

The other day I was thinking about how a typical “passwd” command works in a LINUX OS. For example, when we type in “passwd”, a prompt appears letting us type in our password, and then it saves that password wrapping up with cryptographic algorithms and then saves in /etc/shadow. So I came with a “Password/login emulation” of my own. Initially it saves the username along with their password in a file named mango.txt in the form of “username::password”, and next time the same user tries to log in, it asks for the username and password. So I came up with these two scripts.

Script 1: Prompts for a user-name and a password and saves it in a file a called mango.txt.

# Title: username.sh
#!/bin/bash

# What I'm planning to do here is that, 
#create a username script which allows a 
#user to add themselves by puting in 
#their 
#names
# and their password at the time of 
#login, it will save itself to a file 
#with 
#the username and password. 
# If username already exists, tells the 
#user that a user with the same name 
#exits, else add the new user. 
# along with a password. The password is 
# saved in a md5 hash form.

exec 2>/dev/null
touch mango.txt

echo -n "Enter username: "

read usame

if [ "$usame" == "" ]; then echo -e "Username can not be blankn"
 ./username.sh
else

grep -q $usame mango.txt

if [ "$?" == 0 ]; then

echo -e "A username with the same name already existsn"

./username.sh

else
echo -n "Password: "
read -s -p "Password: " passwd

while true; do

    if [ "$passwd" == "" ]; then echo -e "Password can not be blankn"

    else 
        echo $usame::$(echo $passwd | md5sum) >> mango.txt
        echo -e "nUser $usame addedn"
    break
fi
done
fi
fi

Script 2: If this could be added in “bash.bashrc”, then it would run at each terminal startup, and ask for the username and password. If username and password chinkies with that in mango.txt, then it lets the user login, else terminal exits (; Plain passwords are compared in like md5sum form with the mango.txt file passwords.

#Title: login.sh

# A simple login bash script

#trap interrupts your keyboard if you 
#press ctrl+z or ctrl+c

trap '' INT TSTP

read -p "Enter username: " usname
grep -q $usname mango.txt
if [ "$?" -gt 0 ]; then
  echo "Username not found"
  sleep 1
  pkill -9 bash #That's a bit too much I guess, but oh well

else
read -s -p "Password: " password

if [ "$password" == "" ]; then 
  echo "Password can not be blank"
   ./login.sh
else
#saves the password in md5sum format in tmp.txt

echo $password | md5sum > tmp.txt
tmp="$(cat tmp.txt)"
#if the md5 hashes match, then allow login saying yo
cat mango.txt | grep -q $usname::$tmp
if [ "$?" == 0 ]; then
echo -e "nyo"
#else print login failed
else echo -e "nLogin failed"
  sleep 1
    pkill -9 bash
fi
fi
fi
rm tmp.txt
# Deletes the tmp file afterwards

I’m pretty sure it’s nowhere near how that exactly works in a LINUX system(not to mention the cryptographies like ccrypt and scrypt and different salting mechanisms), but it’s as best as I could come up with..perhaps a little nudge to the right direction as to how that actually works would be great from the experts. (:

You may also like