How to make bash script ask for a password?

Question

I want to secure the execution of a program with a password. How can I ask the user to enter a password without echoing it?

Voting to close as unclear, please specify how you want password input to be different than other inputs. No echoing asked at: http://stackoverflow.com/questions/3980668/how-to-get-a-password-from-a-shell-script-without-echoing — Ciro Santilli Путлер Капут 六四事, Jun 29 '16 at 21:26

score 81 · Answer 1 · edited Aug 18 '16 at 17:28

81

This command will read into var pwd from stdin (with echo disabled):

IFS= read -s  -p Password: pwd

Unsetting IFS will allow for leading and trailing whitespace in passwords (which may be supported in some environments, so best to support it during your script's input of the user credentials)

To validate leading/trailing whitespace is handled appropriately you can use:

echo -n "$pwd" | hexdump -C

Note: don't use with real passwords as it dumps to the console!

HT: Ron DuPlain for this additional information on IFS unsetting.

edited Aug 18 '16 at 17:28

Phil E

1,722
11
17

answered Apr 16 '10 at 15:17

Jürgen Hötzel

17,806
3
40
57

3

Are there any disadvantages if I used this instead of the accepted answer? – Tristian Oct 19 '12 at 01:46
7

@Triztian yes, the above will probably only work in Bash. The accepted answer should work on most (all?) shells. – jberryman Oct 22 '12 at 14:53

score 54 · Accepted Answer · edited Sep 16 '19 at 12:53

54

stty_orig=$(stty -g) # save original terminal setting.
stty -echo           # turn-off echoing.
IFS= read -r passwd  # read the password
stty "$stty_orig"    # restore terminal setting.

edited Sep 16 '19 at 12:53

graywolf

6,494
6
45
69

answered Apr 16 '10 at 15:12

codaddict

429,241
80
483
523

score 5 · Answer 3 · answered Apr 16 '10 at 15:25

5

If you need to grab a passwd to supply as a paramter to a program, then unicorns advice to just turn off the echo is good.
Having a passwd check in the script doesn't work - if the user can execute the bash script they also have permission to read it and see the passwd.

If you want to only allow people with a passwd to run a program then the secure way is to create a new user account that owns the program and have a script that uses 'sudo' to run the program as that user - it will prompt for the users passwd in a secure way.

answered Apr 16 '10 at 15:25

Martin Beckett

92,791
27
183
258

2

One might precompute the checksum of the password and store *it* in the script instead of the plaintext and test the checksum of the input against that. It can still be broken, though, but less easily. – Dennis Williamson Apr 16 '10 at 18:11
1

In which case you just simply copy the script to somewhere you have write permission, and remove the check. – Martin Beckett Apr 16 '10 at 18:21

How to make bash script ask for a password?

3 Answers3

Linked