| Input for password in the UNIX Shell script (merged) [message #419021] |
Wed, 19 August 2009 10:57  |
ksdba
Messages: 10
Registered: August 2009
Location: NJ
|
Junior Member |
|
|
Hello Senior Members,
I am a new entrant to this forum. I thank you all in advance for sharing your expertise.
We can write a unix shell script wherein we can invoke SQL*Plus and even we can perform a query. Further to this, I have a question. It's as follows :
Scenario : The users doesn't have access to SQLPLUS or any tools, i.e., they cannot get in to SQL Prompt. We have to enforce password change policy. As per that the user has to change the password after 90 days.
My Question : Is there any way we can write a UNIX script to change the "password" without allowing the user to get into SQL> Prompt.
sqlplus scott/tiger <<EOF
password ---> Here it will ask for the input, which we should be able to give.
EOF
I really appreciate if any one of our exports can help me with this.
Regards
|
|
|
|
| Input for password in the UNIX Shell script [message #419028 is a reply to message #419021] |
Wed, 19 August 2009 11:12  |
ksdba
Messages: 10
Registered: August 2009
Location: NJ
|
Junior Member |
|
|
Hello Senior Members,
I am a new entrant to this forum. I thank you all in advance for sharing your expertise.
We can write a unix shell script wherein we can invoke SQL*Plus and even we can perform a query. Further to this, I have a question. It's as follows :
Scenario : The users doesn't have access to SQLPLUS or any tools, i.e., they cannot get in to SQL Prompt. We have to enforce password change policy. As per that the user has to change the password after 90 days.
My Question : Is there any way we can write a UNIX script to change the "password" without allowing the user to get into SQL> Prompt.
sqlplus scott/tiger <<EOF
password ---> Here it will ask for the input, which we should be able to give.
EOF
I really appreciate if any one of our exports can help me with this.
Regards
|
|
|
|
|
|
|
|
|
|
| Re: password script in UNIX.. [message #419053 is a reply to message #419044] |
Wed, 19 August 2009 12:34 |
ksdba
Messages: 10
Registered: August 2009
Location: NJ
|
Junior Member |
|
|
Dear Michael,
My intentions are very clear and I didn't hijack the topic. I wanted to make it clear to you, if you are mistaken.
First I posted on the one you said a topic which was existing (you referred to it as hijack). Later, I saw the threads, it was in 2005 or so. Since I am new to this forum, I thought it is old or somebody would look into this or not, lots of questions arised in my mind and more over, for my specific question, I couldn't find an answer.
So, I decided to post it as a new topic. Hope you got it!!!
Thanks
|
|
|
|
| Re: Input for password in the UNIX Shell script [message #419054 is a reply to message #419040] |
Wed, 19 August 2009 12:43 |
ksdba
Messages: 10
Registered: August 2009
Location: NJ
|
Junior Member |
|
|
Thanks for your answer Mahesh. You have asked "What you are going achieve from this?". You just think that you are a user (Non-DBA). The company restricts you from getting into SQL Prompt, for company's policy reasons and security. When you login, you will be connected straight into the application. After 90 days your password expires, you will not be able to login into your application unless you change your password during that gracetime period. It's your password which you have to change. The DBA can do it for you but in general circumstances earlier, the DBA assigns a password and asks you to change it your own password. But in the scenario explained, you don't have that option.
If you are in a situation which I have explained above, how do you tackle and overcome this.
I appreciate your expertise on this and hope I have conveyed the things right. Thanks for asking that question.
Regards
|
|
|
|
|
|
|
|
| Re: Input for password in the UNIX Shell script [message #419068 is a reply to message #419057] |
Wed, 19 August 2009 14:03 |
andrew again
Messages: 2577
Registered: March 2000
|
Senior Member |
|
|
What's to stop the user just downloading an Oracle client, Toad or whetever to connect to the database?
I agree with Mahesh that a self-service web page is a good solution to change a passwd.
Similar web utils I have created do:
1) Authenticate the user against LDAP or simple unix rlogin test from within your back-end script.
2) connect to Oracle as privileged account and change the user's passwd.
You can do the same from a Unix script by:
1) restrict access to the Oracle client (else user can run sqlplus).
2) create a script owned by DBA but executable by others via sudo (to make it run as DBA) (check with your Unix admin for this).
3) do a "who am i" in the script to detect the user's login.
4) prompt for the new passwd and change it for the user in #3
You can also try chmod u+s on the script as an alternative to sudo. It may nor work for scripts on your particular OS.
http://www.softpanorama.org/Access_control/sudo.shtml
|
|
|
|
|
|
|
|
| Re: Input for password in the UNIX Shell script [message #419082 is a reply to message #419068] |
Wed, 19 August 2009 15:37 |
ksdba
Messages: 10
Registered: August 2009
Location: NJ
|
Junior Member |
|
|
Hi Andrew,
In fact, I followed the same pattern which you have mentioned in your answer. I tried that by hard-coding it to see whether it works or not? It worked fine.
Since I am not that good shell scripting, I am unable write a code as mentioned in your reply "prompt for the new passwd and change it for the user in #3". Can you please guide me with that piece of code as to how to invoke this?
I really appreciate and thanks in advance.
Regards
|
|
|
|
| Re: Input for password in the UNIX Shell script [message #419089 is a reply to message #419082] |
Wed, 19 August 2009 16:26 |
andrew again
Messages: 2577
Registered: March 2000
|
Senior Member |
|
|
-- tested on HP-UX. Should be similar on most Unix
# also try "whoami" it may work better for you.
who am i | read usr junk
while (true)
do
echo "Change Oracle password for \"$usr\" ? (y/n)"
read ans
case $ans in
Y*|y*) break;;
N*|n*) exit 0;;
esac
done
#read passwd twice and if same value entered
# then reset...
## you need to prompt for PASS etc here...
# check passwd for unwanted characters etc...
# untested
## escape the $...
BADCHAR=`echo $PASS | egrep '=|\$|&|%|#|@| |_' | wc -l`
if [ $BADCHAR -gt 0 ]; then
echo "ERROR. Invalid characters found in password(@,_,space etc)"
exit 1
fi
# check passwd length too...
## X=my_passwd
## LEN=`echo $X | wc -c`
## if [ $LEN -lt 6 ]; then
## echo "ERROR. Password too short..
sqlplus ... <<EOF
-- reset passwd for $usr
EOF
RV=$?
# test RV to see of 0 (success) or not...
[Updated on: Mon, 24 August 2009 11:18] Report message to a moderator |
|
|
|
| Re: Input for password in the UNIX Shell script [message #419102 is a reply to message #419089] |
Wed, 19 August 2009 17:57 |
ksdba
Messages: 10
Registered: August 2009
Location: NJ
|
Junior Member |
|
|
Hi Andrew
Thank you very much and I appreciate for your help. I tried but, when I give the ans 'y' it branches out to "ERROR invalid....". I have Redhat Linux on my machine, may be it's not supporting. If possible and get a chance you can answer, I don't want to bother you much. Thanks.
Regards
|
|
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
