Sunday, February 8, 2015

Understanding Why Terminal Doesn’t Let You Type a Password


Sometimes you need to enter a password into the terminal, usually for sudo or su commands, which lets users execute a command with super user privileges. This is fairly typical for allowing access to read or modify something that would otherwise not be possible with a standard user account. You’ll commonly see sudo prefixing another command, looking something like “sudo nano /etc/hosts“. Though most of the command line and sudo is generally only appropriate for advanced users, occasionally more casual computer users may need to turn to the Terminal, perhaps to enable a feature, modify a system file, or even for troubleshooting purposes. For novice users who wind up at the command line, a very common question occurs with entering passwords into the Terminal, almost always related to sudo and the apparent inability to type a password into the command line of OS X (or Linux for that matter).

But here’s the thing; Terminaldoes let you type your password, it just doesn’t look like it. The cursor on screen will not move, and there is no indicator the password is being entered at all. This is intentional and serves as a security mechanism, unlike entering a password into a web form or a standard GUI login screen, which is typically masked as asterisks like ******** or bullets like •••••••••••••, the lack of anything showing is entirely intentional and there is no such indication of entering passwords at the command line. The reason is rather simple, it provides no indication for how long a password is, offering some further obfuscation to password entry.

If this sounds confusing, it’s not at all, here’s how it works in practice. Let’s say you execute a command that requires sudo access, thus bringing up the familiar “Password:” entry.

% sudo cat /etc/secret.conf
Password:

When the Password: request comes up, type the password anyway, even though nothing is showing up then hit Return when finished. Again, there is no indication that a password is being entered, and that is intentional.



So let’s run through the prior example command again, pretending the admin password on this particular machine is “Monkey123″, you’d type that password as it’s requested, despite not showing up at all, meaning the sequence would be something like:

% sudo cat /etc/secret.conf
Password: Monkey123 (hit Return key)

This will execute the command. And no, Monkey123 (or whatever the admin password is) will not appear on screen, neither will any asterisks or bullets.



Typically a user only has to experience this once or twice to understand that’s how it works, but it remains a great question for users who are just starting to get exposure to the command line. And once you know, you can pass the knowledge along to others, so if someone asks you “why doesn’t the Terminal let me type a password?”, you can now answer and explain it to them.

For those wondering, yes this default behavior can be changed to show asterisks for each character entered as the password in the command line, for sudo, su, or whatever else you’re doing. Nonetheless, making that change is not recommended, and we’re not going to cover it in this particular article… perhaps in the future if there is some interest in doing so.

No comments:

Post a Comment