password anti-disclosure for python script

action.sh

@@ -29,9 +29,10 @@
 if [ ! -e config.cfg ]; then echo "Missing config.cfg file. Edit and rename config.cfg.sample"; exit 1; fi
 source config.cfg
 
-ACTION="$1"   # adduser, changepw, listusers, userdetail, deluser, sizeall, sizeuser, viewdata
+ACTION=$1     # adduser, changepw, listusers, userdetail, deluser, sizeall, sizeuser, viewdata
-USER="$2"
+USER=$2
-PASS=$(cat "$3")  # $3 is a file containing the password
+PASSFILE=$3   # $3 is a file containing the password
+PASS=$(cat "$3")
 
 ## FUNCTIONS
 function checkaction {
@@ -199,7 +200,7 @@ if [ "$ACTION" == "changepw" ]; then
     exit 1
   fi
   
-  python changepw.py "$USER" "$PASS"
+  python changepw.py "$USER" "$PASSFILE"
   
   if [ $? == 0 ]; then
     # Send infomail

changepw.py

@@ -5,7 +5,12 @@ import pexpect
 
 # Read variables of first and second given argument
 user = str(sys.argv[1])
-password = str(sys.argv[2])
+passwordfile = str(sys.argv[2])
+
+# Read content of passwordfile and put as variable "password"
+with open (passwordfile, "r") as myfile:
+    password=myfile.read().replace('\n', '')
+
 
 # Define function
 def _vchangepw(user, password):