From owner-freebsd-questions Thu May 31 17: 0:46 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id C246337B423 for ; Thu, 31 May 2001 17:00:42 -0700 (PDT) (envelope-from mwm@mired.org) Received: (qmail 89873 invoked by uid 100); 1 Jun 2001 00:00:41 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15126.56105.477926.485041@guru.mired.org> Date: Thu, 31 May 2001 19:00:41 -0500 To: Eugene Lee Cc: questions@freebsd.org Subject: Re: shell scripts, file descriptor, and pw In-Reply-To: <50535058@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Eugene Lee types: > I'm trying to write a shell script using 'pw' that uses the '-h fd' > option to lets you securely send a password to the program via a file > descriptor. I'm not sure how to create a file descriptor in /bin/sh > that can be passed to 'pw'. Can anyone offer a few sample lines of > how this should be done? Thanks in advance, and apologies if this is > not the right list to ask. You don't create them, you just use them. You need to know that 0, 1 and 2 are stdin, stdout and stderr, respectively. In the following, assume you have a command/function/alias "genpass name" that generates a password on standard output as well as doing whatever else needs to be done for that users password (like snail-mailing them a letter with the password, or generating web page data, or whatever). These examples are all for sh-like shells. First, the pw man pages lies - just a bit. pw probably checks fd 0 to see if it's a tty and doesn't prompt if it isn't. So you can use: genpass name | pw user mod name -h 0 and it works. If you want to avoid using 0, you can do it this way: genpass name | pw user mod name -h 3 3<&0 which redirects fd 0 (stdin, which is the output from genpass) to 3, where pw will read it. You can also use temporary files, though that's not as safe: export UMASK=077 file=/tmp/.$user-$RANDOM genpass name > $file pw mod user name -h 3 3<$file rm $file sh doesn't have $RANDOM, but using predictable temporary file names isn't predictable. Alternatively, if you're generating a shell script to set the password, you can imbed it inline like so: pw mod user name -h 3 3<<-EOF password EOF http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message