案例1:
批量创建10个系统账号chang01~chang10,并设置密码(密码不能相同)。(密码随机8位字符)
脚本:
#!/bin/bash
for i in `seq -w 10`
do
useradd chang$i &&\
echo "root$i" | passwd --stdin chang$i
done
运行结果:
[root@abc scripts]# sh for10.sh
Changing password for user chang01.
passwd: all authentication tokens updated successfully.
Changing password for user chang02.
passwd: all authentication tokens updated successfully.
Changing password for user chang03.
passwd: all authentication tokens updated successfully.
Changing password for user chang04.
passwd: all authentication tokens updated successfully.
Changing password for user chang05.
passwd: all authentication tokens updated successfully.
Changing password for user chang06.
passwd: all authentication tokens updated successfully.
Changing password for user chang07.
passwd: all authentication tokens updated successfully.
Changing password for user chang08.
passwd: all authentication tokens updated successfully.
Changing password for user chang09.
passwd: all authentication tokens updated successfully.
Changing password for user chang10.
passwd: all authentication tokens updated successfully.
知识点:随机数密码,并且是8位字符串。
# $RANDOM得到随机随机数
[root@abc scripts]# echo $RANDOM
15593
[root@abc scripts]# echo $RANDOM
28897
[root@abc scripts]# echo $RANDOM
621
# 采用md5sum进行加密的方式
[root@abc scripts]# echo $RANDOM | md5sum
09788cc7b7ad84634e3ed74e806ff3e8 -
# 使用cut -c 以字符为单位进行分割,取8位。
[root@abc scripts]# echo $RANDOM | md5sum | cut -c 5-12
c2a00a92
[root@abc scripts]# echo $RANDOM | md5sum | cut -c 5-12
95fa0a62
[root@abc scripts]# echo $RANDOM | md5sum | cut -c 1-8
5d69aa85
[root@abc scripts]# echo $RANDOM | md5sum | cut -c 1-8
6fb95dca
RANDOM是生成的是伪随机数,可以在里面在增加一个时间date。
修改下脚本:
[root@abc scripts]# cat for11.sh
#!/bin/bash
for i in `seq -w 10`
do
useradd chang$i &&\
pass=`echo "$RANDOM" | md5sum |cut -c 1-8`
echo "$pass" | passwd --stdin chang$i
echo -e "chang$i \t password: $pass" >> /tmp/pass.txt
done
运行:
先用for语句把之前创建的用户删除掉:
for name in `seq -w 10`;do userdel -r chang$name;done
[root@abc scripts]# sh for11.sh
Changing password for user chang01.
passwd: all authentication tokens updated successfully.
Changing password for user chang02.
passwd: all authentication tokens updated successfully.
Changing password for user chang03.
passwd: all authentication tokens updated successfully.
Changing password for user chang04.
passwd: all authentication tokens updated successfully.
Changing password for user chang05.
passwd: all authentication tokens updated successfully.
Changing password for user chang06.
passwd: all authentication tokens updated successfully.
Changing password for user chang07.
passwd: all authentication tokens updated successfully.
Changing password for user chang08.
passwd: all authentication tokens updated successfully.
Changing password for user chang09.
passwd: all authentication tokens updated successfully.
Changing password for user chang10.
passwd: all authentication tokens updated successfully.
再检查下日志的生成内容:
[root@abc scripts]# tail -10 /tmp/pass.txt
chang01 password: c311d98b
chang02 password: a1d26333
chang03 password: 91552ea4
chang04 password: 3ee37f3b
chang05 password: d0128011
chang06 password: 18b539d3
chang07 password: 00953241
chang08 password: ec2cedb2
chang09 password: 8add328d
chang10 password: 23abc08b
生成随机数的一些方法:
1)openssl产生随机数:
[root@abc scripts]# openssl rand -base64 8
p4GxXUXenfQ=
[root@abc scripts]# openssl rand -base64 80
kfxSuPm3LeFfM7ZG/94UpVyaBnrqRckDF8/KhdRIFhzzPU75/pZfP6v5wBTmO9G+
vvqU/LyqfgEJ2uJHVODLqZepcVqk5Tp+n7+WcocFQuo=
2)通过时间date获取随机数:
[root@abc scripts]# date +%s%N
1691153867351799706
[root@abc scripts]# date +%s%N
1691153876842406607
我们man date查看下%s和%N是什么意思:
3)通过/dev/urandom配合cksum
[root@abc scripts]# head /dev/urandom|cksum
3907097781 1775
[root@abc scripts]# head /dev/urandom|cksum
2388045652 2317
/dev/urandom设备存储着系统当前运行环境的实时数据,可以看着是某个时间的唯一值,因此可以用作随机数元数据。我们可以通过文件读取的方式,读到里面的数据。非阻塞的随机数发生器,读取操作不会产生阻塞。
4)通过UUID生成随机数:
[root@abc scripts]# cat /proc/sys/kernel/random/uuid
c00bbb54-5193-4fd1-8155-2eedea0ea13b
[root@abc scripts]# cat /proc/sys/kernel/random/uuid
fa1725ed-8417-4338-af98-93da2927df7a
每个人都可以创建不与其他人发生冲突的UUID。它会让网络中任何一台计算机所生成的UUID码都是互联网整个服务器网络中唯一的编码。
5)使用expect附带的mkpasswd生成密码,生成密码还可以指定数字、大小写字母、特殊字符的个数:
[root@abc scripts]# mkpasswd -l 9 -d 2 -c 3 -C 3 -s 1
%33uvCzUK
[root@abc scripts]# mkpasswd -l 9 -d 2 -c 3 -C 3 -s 1
5eHKcE*3o
[root@abc scripts]# mkpasswd -l 9 -d 2 -c 3 -C 3 -s 1
p1wa4LWL(
选项说明:
-l: 指定密码的长度
-d: 指定密码中数字的数量
-c: 指定密码中小写字母的数量
-C: 指定密码中大写字母的数量
-s:指定密码中特殊字符的数量
我们可以使用md5sum来统一格式化。