From 86d6bf814f7d20c2c69c5af933eb6f295cf326ea Mon Sep 17 00:00:00 2001
From: Thomas Gebert <thomas.gebert@iternity.com>
Date: Thu, 24 Jul 2025 10:21:53 +0200
Subject: [PATCH 1/2] Initial release

---
 password-change-tool/change-user-password.sh | 126 +++++++++++++++++++
 password-change-tool/sudo-rule               |   1 +
 2 files changed, 127 insertions(+)
 create mode 100644 password-change-tool/change-user-password.sh
 create mode 100644 password-change-tool/sudo-rule

diff --git a/password-change-tool/change-user-password.sh b/password-change-tool/change-user-password.sh
new file mode 100644
index 0000000..479c7e2
--- /dev/null
+++ b/password-change-tool/change-user-password.sh
@@ -0,0 +1,126 @@
+#!/bin/bash
+
+################################################################################
+# Global variables
+################################################################################
+USER_TO_CHANGE=""
+NEW_PASSWORD=""
+
+
+################################################################################
+# Functions
+################################################################################
+die() {
+  printf '%s\n' "$1" >&2
+  exit 1
+}
+
+show_help() {
+cat << HELP
+
+Script to update the password of a user. Either
+
+Usage: $1 [OPTION]
+Mandatory:
+  -u|--user USER                the username for password change
+
+
+HELP
+}
+
+check_if_root() {
+  if [ ${EUID} -ne 0 ]; then
+    echo "Script must be run as root or sudo"
+    return 1
+  fi
+  return
+}
+
+check_user() {
+  if [ "${USER_TO_CHANGE}" == "" ]; then
+    echo "User cannot be empty."
+    exit 1
+  fi
+
+  if ! id "${USER_TO_CHANGE}" &> /dev/null ; then
+    echo "User \"${USER_TO_CHANGE}\" does not exist."
+    exit 1
+  fi
+  return
+}
+
+get_password() {
+  if test -t 0; then
+    echo -n "New password: "
+  fi
+  IFS= read -rs NEW_PASSWORD
+  PW_CHANGE_SUCCESS=$?
+  echo ""
+
+  if [ $PW_CHANGE_SUCCESS -ne 0 ]; then
+    echo "Couldn't read new password."
+    exit 1
+  fi
+
+  if [ "${NEW_PASSWORD}" == "" ]; then
+    echo "New passord cannot be empty."
+    exit 1
+  fi
+
+  return
+}
+
+change_user_password() {
+  CHPASSWD_OUT=$(chpasswd <<< "${USER_TO_CHANGE}:${NEW_PASSWORD}" 2>&1)
+  if [ $? -ne 0 ]; then
+    echo "Password change failed. Error is:"
+    echo "${CHPASSWD_OUT}"
+    exit 1
+  fi
+  return
+}
+
+################################################################################
+# Argument parser
+################################################################################
+while :; do
+  case $1 in
+    -h|-\?|--help)
+        show_help    # Display a usage synopsis.
+        exit
+        ;;
+    -u|--user)  # Takes an option argument; ensure it has been specified.
+        if [ "$2" ]; then
+            USER_TO_CHANGE=$2
+            shift
+        else
+            die 'ERROR: "-u|--user" requires a non-empty option argument.'
+        fi
+        ;;
+    -p|--password)  # Takes an option argument; ensure it has been specified.
+        if [ "$2" ]; then
+            NEW_PASSWORD=$2
+            shift
+        else
+            die 'ERROR: "-u|--user" requires a non-empty option argument.'
+        fi
+        ;;
+    --)              # End of all options.
+        shift
+        break
+        ;;
+    *)               # Default case: No more options, so break out of the loop.
+        break
+  esac
+
+  shift
+done
+
+
+################################################################################
+# Main, main, main
+################################################################################
+check_if_root
+check_user
+get_password
+change_user_password
diff --git a/password-change-tool/sudo-rule b/password-change-tool/sudo-rule
new file mode 100644
index 0000000..6a0dc15
--- /dev/null
+++ b/password-change-tool/sudo-rule
@@ -0,0 +1 @@
+user1 ALL=(ALL) NOPASSWD: /usr/local/bin/change-user-password.sh
\ No newline at end of file

From fc114004be7e0de98734c171fdc31209c94ed3ac Mon Sep 17 00:00:00 2001
From: Thomas Gebert <thomas.gebert@iternity.com>
Date: Thu, 24 Jul 2025 10:25:42 +0200
Subject: [PATCH 2/2] Extend Help

---
 password-change-tool/change-user-password.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/password-change-tool/change-user-password.sh b/password-change-tool/change-user-password.sh
index 479c7e2..0ab392e 100644
--- a/password-change-tool/change-user-password.sh
+++ b/password-change-tool/change-user-password.sh
@@ -5,6 +5,7 @@
 ################################################################################
 USER_TO_CHANGE=""
 NEW_PASSWORD=""
+MY_NAME=$(basename "$0")
 
 
 ################################################################################
@@ -18,7 +19,10 @@ die() {
 show_help() {
 cat << HELP
 
-Script to update the password of a user. Either
+Script to update the password of a user.
+The password is either
+ - entered interactively
+ - redirected from STDIN via ${MY_NAME} ... <<< 'newpassword'
 
 Usage: $1 [OPTION]
 Mandatory:
@@ -123,4 +127,4 @@ done
 check_if_root
 check_user
 get_password
-change_user_password
+change_user_password
\ No newline at end of file