Change passwords for multiple cPanel accounts (bulk password reset)

Geeks and repetitive tasksThe other day I needed to change passwords for multiple cPanel accounts. Since there was a lot accounts in question, changing passwords manually was out of the question. Changing passwords from shell using passwd utility was also out of the question because that would change only the password for Unix user - MySQL and FTP passwords would remain unchanged. In the end I wrote a simple script which automates changing system, FTP and MySQL passwords for cPanel user.

The script allows you to either specify the new password for each account or generate a random one. So, if you want to change passwords for multiple cPanel accounts and set your own passwords, you will need to put the list of usernames and their passwords into a text file with the following format:

 

user1 password1
user2 password2
userN passwordN

Afterwards you can run the script with the following command:

# ./cpanel-chpasswd --no-random /path/to/credentials_file

If you don't want to specify new passwords, you can let the script to generate random passwords. In this case, you'll need to put all usernames into text file (one username per line) and run the script with the following command:

# ./cpanel-chpasswd --random /path/to/credentials_file

While the script executes, its output will be printed on stdout. Since the new passwords will be printed on stdout as well, you will probably want to redirect the output to an file on disk, just to have all the changes that were made on record.

You can download cpanel-chpasswd script or copy it from bellow.

Update: As Branko Toić commented bellow, to change passwords from command line instead from WHM, in newer cPanel versions it's necessary to export ALLOW_PASSWORD_CHANGE variable. The script in this tutorial, as well as the one available for download is updated to meet this requirement.

#!/bin/bash
 
# This is wrapper script for bulk cPanel account password change
#
# Copyleft: 2012 - Sasa Tekovic - http://www.tekovic.com
 
chpasswd() {
    # export password change variable for newer versions of cPanel
    export ALLOW_PASSWORD_CHANGE=1
    # Check if the script was given an argument
    if [ -z "$2" ]; then
        usage
    fi
    # Check if specified file exists
    if [ ! -f "$2" ]; then
        echo -e "The specified file ($2) doesn't exist!\n"
        usage
    fi
 
    for user in `awk {'print $1'} $2`; do
        if [ "$1" = "--no-random" ]; then
            # Parse password
            password=$(grep -E "^$user\b" $2 | awk {'print $2'})
        else
            # Generate random password
            password=`</dev/urandom tr -dc A-Za-z0-9 | head -c 10`
        fi
 
        # Change password for cPanel user
        /scripts/realchpass $user $password
 
        # Change password for MySQL user
        echo "Changing MySQL password for user $user"
        /scripts/mysqlpasswd $user $password
        echo "MySQL password for $user has been changed"
        echo -e "New password for $user is: $password\n"
    done
  
  #Sync FTP passwords
  /usr/local/cpanel/bin/ftpupdate
  exit 0
}
 
usage() {
    echo "Usage: $0 { --random | --no-random } /path/to/credentials_file"
    echo "Credentials file must be formatted like:"
    echo -e "username1 password1\nusername2 password2\n...       ...\n"
    echo "If using random password generation, credentials file must contain only username (one per line)"
    exit 1
}
 
case $1 in
    --random)
        chpasswd $1 $2
        ;;
    --no-random)
        chpasswd $1 $2
        ;;
    *)
        usage
        exit 1
esac
 
exit 0
Category: 

9 comments

26
Oct

Hi, I have only few minuts to change REALLY multiple passwords and it comes from sky to me. It cause our thirdy party HOST management system have problems, big problems, attacks and others. God bless you vm ! Ty vm
26
Oct

You're welcome Smile

31
Jan

This is a great script. I have to ask, because I need to do a migration, is there any way to decrypt the email passwords in the @pwdcache? They seem to be base64 and MD5 and I cannot for the life of me decode them. Thanks again!
31
Jan

I'd say it won't be easy and will probably take very long time. Perhaps you can crack the passwords with John the ripper Wink

28
Mar

Its important that you run WHM>Sync FTP Passwords once this is done, so that FTP access with the new password works
28
Mar

Thanks for bringing this to my attention, Justin. I've updated the script.

27
Jun

export ALLOW_PASSWORD_CHANGE=1 Somewhere at the top of the script, to actually change the services password for that account on new cPanel version ERROR: /scripts/realchpass Invocation changes only the system password and does not have any effect on other services associated with your cPanel account, including FTP, SSH, WebDAV, and FrontPage. It is strongly encouraged for you to change the password via the WHM & cPanel interface. You can force a password change through this script by setting the environment variable 'ALLOW_PASSWORD_CHANGE=1'.
27
Jun

Thanks Branko! I've updated the script and tutorial Smile

28
Oct

This script no longer seems to work as now, when running it, you get the warning that: warn [realchpass] Insecure passing of password on ARGV And the end result is that the cpanel user passwords remains unchanged. Can you please update it? Thank you!

Add new comment