Here is some expect code you can put directly into your main script,
which will tell you if your 'passwd' command worked or failed.
/usr/bin/expect -c "
spawn /usr/bin/passwd
expect word:
sleep 1
send $OLDPSWD0
expect word:
sleep 1
send $PSWD0
expect word:
sleep 1
send $PSWD0
expect {
failure {exit 1}
success {exp_continue}
}
"
if [ $? != 0 ]; then
echo "Oops! passwd failed"
fi
This code snippit has several advantages:
a) no need for a 2nd script.
You can keep everything in one script.
Easier to maintain.
b) no need for EOD stuff.
While <<EOD can be useful, I find it a pain in general.
c) this code fragment actually detects that 'passwd' returned 'failure'
and causes expect to return 1 which you can test in $?
d) the expect { ... } can be expanded to look for dozen's of possible error
messages that can come out of 'passwd'. You might want to use the the command
strings /usr/bin/passwd | less
which should give you an idea of all the different error messages passwd can issue.
By the way. While debugging this little expect code snippit, I used:
/usr/bin/expect -d -c "
...
"
where the -d option displayed a lot of useful debugging/tracing information
that helped me figure out what was going on.
I also looked for examples in "man expect", which is where I found the
expect { ... } syntax. A little experimentation along with the -d option
and I had an expect command where $? returned 0 on success, and 1 on failure.
NOTE: I make no claims on whether your approach is good or bad from a
security standpoint. I'll let MrHoffman and etresoft address that.