0

Edit: I realized that this has nothing to do with $() it's just the result of using echo *. So I just need a way to escape with echo.

I'm writing a script that checks what users don't have passwords by comparing /etc/passwd and /etc/shadow.

So far I have:

cat /etc/passwd | while read -r line ; do
  user=$(echo $line | cut -d ":" -f 1)
  password=$(cat /etc/shadow | grep $user | cut -d ":" -f 2)
  echo $password
done

The problem is that when the result of my grep is * for the password field, which is the case for all users without a password, it seems like ls * is performed? For example:

enter image description here

I'm confused as to why this is happening. Can anyone explain what is happening here? The one answer at the bottom of the picture with an encrypted password is the expected behavior. For the entries without a password I was expecting to get back a *.

Philip Kirkbride
  • 10,236
  • 1
    You need to quote your variables; e.g., echo "$password". I suspect we already have an answer that covers this in detail; going to try to find it. – derobert Jul 09 '17 at 16:25
  • 1
    FYI you may find that your system's passwd command has a -S (--status) option that can do exactly this task for you – steeldriver Jul 09 '17 at 16:30
  • @steeldriver when I run passwd --status I get back philip P 04/14/2017 0 99999 7 -1. Seems it only runs for the user who uses the command, where as I need to look at all users on the system. – Philip Kirkbride Jul 09 '17 at 16:32
  • 1
    Superuser should be able to add -a to see the status of all accounts. – steeldriver Jul 09 '17 at 16:42

1 Answers1

1
echo "$password"

This will allow interpolation of the variable (here, into *) without invoking shell globing.

JRFerguson
  • 14,740