LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 09-09-2007, 05:49 PM   #1
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 805

Rep: Reputation: 158Reputation: 158
shadow file has !! for password field


I noticed that my /etc/shadow file has two exclamation points instead of an asterisk in all of the encrypted password fields except for root and the three users on my system that I've set passwords for.

for example, here are a few accounts in /etc/shadow:

Code:
bin:!!:9797:0:::::
daemon:!!:9797:0:::::
adm:!!:9797:0:::::
lp:!!:9797:0:::::
sync:!!:9797:0:::::
shutdown:!!:9797:0:::::
halt:!!:9797:0:::::
mail:!!:9797:0:::::
whereas a new distribution of slackware comes with a shadow file that has an asterisk instead of the two exclamation points. it looks like this:

Code:
bin:*:9797:0:::::
daemon:*:9797:0:::::
adm:*:9797:0:::::
lp:*:9797:0:::::
sync:*:9797:0:::::
shutdown:*:9797:0:::::
halt:*:9797:0:::::
mail:*:9797:0:::::
What is the difference between the '!!' and the '*' in the encrypted password field?
 
Old 09-09-2007, 06:23 PM   #2
colucix
Moderator
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957
Two exclamation points mean that an account is locked, until the administrator unlocks it.
 
Old 09-09-2007, 06:30 PM   #3
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 805

Original Poster
Rep: Reputation: 158Reputation: 158
Thank you.

Does "locked" mean that no one can login to the account, or that no one can change the password, or something else?

Is this a good thing to have !! or is it better to have * ?
 
Old 09-10-2007, 03:58 AM   #4
colucix
Moderator
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957Reputation: 1957
It means no one can login. For some system accounts a password has never been created and you will see "!!" in the password field. If the system administrator locks a user which already has an assigned password, as in
Code:
usermod -L user
you will see a single "!" in front of the encrypted password.
Quote:
Is this a good thing to have !! or is it better to have * ?
My personal taste is to leave the system take care of it, unless you have some specific security concern. By the way I think !! is more secure than *.

Last edited by colucix; 09-10-2007 at 04:00 AM.
 
Old 09-10-2007, 08:40 AM   #5
Z038
Member
 
Registered: Jan 2006
Distribution: Slackware
Posts: 805

Original Poster
Rep: Reputation: 158Reputation: 158
ok, thank you. I don't recall ever explicitly locking the accounts, but I guess I'll leave them be since they are all locked now.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Question about information contained in Shadow Password file cruzzz01 Linux - Security 1 06-13-2006 05:34 PM
How to encrypt a password to the /etc/shadow file? Milosevic Linux - Newbie 2 12-13-2005 03:14 PM
shadow password - password field ayhopkins Linux - Security 8 11-17-2005 06:25 AM
Apache and shadow password file fortezza Linux - Security 2 07-31-2005 07:49 PM
/etc/shadow password field amfoster Linux - Security 2 08-24-2004 12:39 PM


All times are GMT -5. The time now is 01:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration