How to change the password of a local admin user that has never being logged in using a bash script

bash password mojave

Every Mac OS X system in my company uses 3 local users accounts.

1st user is a local administrator user, the 2nd user is a local standard user and the 3rd user is a local administrator user.

The 3rd user account is being used from my Security Department to scan our Mac OS X systems.

This 3rd user has never been logged into the system.

The 3rd user is there, but this user does not have a regular /Users/username path folder. Again it is there, I can use it, I can SSH, etc. but once again does not have a regular /Users/username home path because we never log in.

I need to create a bash script that will change and update this 3rd user password.

Surfing the web, I found this solution:

sudo /usr/bin/dscl . -passwd /Users/username newpassword
sudo security set-keychain-password -o oldpassword -p newpassword /Users/username/Library/Keychains/login.keychain

My problem is that the user does not have a regular /Users/username home path, because we never log in. We just created the user so the Security team can use it for scanning.

How can I create a bash script that will change the password?

Just so you know, the user has been created with the following script:

USERNAME="Batman"
USERFULLNAME="Batman Scan User"
USERUID="512"
USERPASS="BatmanPassword"

dscl . -create /Users/"${USERNAME}" isHidden 1
dscl . -create /Users/"${USERNAME}" UserShell /bin/bash
dscl . -create /Users/"${USERNAME}" RealName "${USERFULLNAME}"
dscl . -create /Users/"${USERNAME}" UniqueID "${USERUID}"
dscl . -create /Users/"${USERNAME}" PrimaryGroupID 20
dscl . -create /Users/"${USERNAME}" NFSHomeDirectory /Users/"${USERNAME}"
dscl . -passwd /Users/"${USERNAME}" "${USERPASS}"
dscl . -append /Groups/admin GroupMembership "${USERNAME}"

I would just make new accounts with the credentials you need and worry about deleting the broken ones later.

  • https://www.jamf.com/jamf-nation/discussions/6438/best-way-to-create-hidden-admin-account

If your MDM is JAMF, use their tool to automate hidden admin account creation and push the script out. If not, look for the github / Mac App Store tool CreateUserPkg

  • https://itunes.apple.com/us/app/createuserpkg/id540673598?mt=12
  • http://magervalp.github.io/CreateUserPkg/

I wouldn’t reinvent the wheel here and instead, stand on the shoulders of these giants above.


You should be able to just run

sudo /usr/bin/dscl . -passwd /Users/username newpassword

to change the password. The path is only relevant within Directory Services here, it doesn't need to be reflected on disk.

The second command (sudo security set-keychain-password) is about changing the password to Keychain data, but as long as the user doesn't have any keychain to start with there is no need (and no way) to change it.

Related

One specific user can't access the shared network drive, how to resolve?
Old MacBook air's trackpad's right click is failing, is there a workaround gesture?
significant eye sight drop from using Macbook Pro retina [closed]
How do I convert my mac mini into a remote server?
How can one create a shortcut for pasting unformatted text in Microsoft Word 2008 for Mac?
Share a folder with photos with someone via Internet and Apple native tools
Can I change the color of Angular Material checkbox with some custom color and how?
Close v-autocomplete after selection
Inspect Types via MetadataLoadContext fails due to missing assembly (.NET core)
How to select a VSCode folder in explorer view without expanding or collapsing it?
Writing a program that accepts a two digit # that breaks it down
OnBuffer props in react-native-video is not working