[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Single-use root account?

Here's a one-time root script:

#!/bin/bash
# Onetimeroot by John Hasler 2003
# You may treat this script as if it were in the 
# public domain.

FILE=~/onetimewords
USER="onetimeuser"
TMP=~/temp
test -f $FILE || exit 0
read -d'\n' -a passwords < $FILE
echo $USER:${passwords[0]} > $TMP
chpasswd -e < $TMP
rm $TMP
passwords[0]=''
rm $FILE
for word in ${passwords[*]}
do
echo $word >> $FILE
done


Create the user 'onetimeuser' with UID 0.  Generate a bunch of encrypted
passwords with 'makepasswd --crypt' and put them in the file onetimewords
in onetimeuser's home directory.  Print out the unencrypted passwords and
carry the list with you.  Call the above script from onetimeuser's .login.
Put 'test -e ~/onetimewords || deluser onetimeuser' in onetimeuser's
.logout.  The first time onetimeuser logs in his password will be whatever
you assigned when you created the account.  The second time it will be the
first password on the list.  The third time it will be the second on the
list, and so on.  When the last password has been used the account will be
deleted when the user logs out.
-- 
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI
Reply to: