What does this command do: sudo dscl . passwd /Users/administrator thePassword

I'm (attempting) to administer a group of Mac Minis used as servers. I recently needed to change all their passwords, so I SSHed in and ran this command, which was what I used when creating new user accounts on those machines:

sudo dscl . passwd /Users/administrator thePassword

Unfortunately, this didn't do what I thought when used on an existing user—the new password is not thePassword and so I've lost access to sudo. man dscl has this to say:

passwd

 Usage: passwd user_path [new_pasword | old_password new_pasword]

 Changes a password for a user. The user must be specified by full path,
 not just a username.  If you are authenticated to the node (either by
 specifying the -u and -P flags or by using the auth command when in
 interactive node) then you can simply specify a new password.  If you are
 not authenticated then the user's old password must be specified.  If
 passwords are not specified while in interactive mode, you will be
 prompted for them.  Passing these passwords on the command line is inher-
 ently insecure and can cause password exposure.  For better security do
 not provide the password as part of the command and you will be securely
 prompted.

So it looks like I should have provided the user's old password when running that previous command, but I didn't. I know what password I entered and I still have SSH access to the machines. If I can figure out what the command did, I'll be able to tell what password I set on the accounts.


Solution 1:

Ah, it turns out that that is the correct way to change a user's password when using sudo. If you don't use sudo, only then do you need to provide the user's old password.

My problem was that there was a '$' character in the password, which I didn't escape. Consequently, the passwords were cut off to before the $ character.