Hi All,

I am a newbie to linux.

I would like to know whether the /etc/passwd file is reffered only at the time of login. What happens if we delete the user entry (by root) after the particular user logs in ? Will that user automatically logout after a specified time as his entry is not present in /etc/passwd.

Thanks in advance.

/etc/passwd is referenced whenever a password is needed. Deleting a user there could cause difficulties but they won't be forced to logout.

Why do you ask?

Thanks for your reply. I asked just because someone told me that linux periodcally checks for validity of the logged in accounts. I tried this RHEL 4 and didnt find any problem like auto logout. I was just check if it do for other flavours.

Thanks

People cannot login without the existence of a valid /etc/passwd and /etc/shadow and all the rest that supports a user account. Checking the existence of such files would, therefore, be pointless as far as checking the validity of a given login is concerned. Remember, the way to gain access is to pretend to be someone else.

There is no point doing periodic checks either. Linux distributions usually check the validity for a given user logged in to perform certain tasks or to start various processes. After all, an unauthorized user who does nothing is no threat - so why waste the runtime?

(Though it is possibly to set up a cron to ask for password every half-hour or so and logout the user should this test fail... this would be tried in sensitive workplaces where there is concern that users may leave their console without securing it first. There is also autologout with inactivity though.)

So it looks like you have been fed a load of steaming green stuff.

Your security is just as you know:
1. authentication: password (local) or gpg (remote).
2. permissions: you don't get to use stuff what you ain't meant to.
3. context: you don't get to use stuff it ain't meant for.

good one Simon!! awesome reply..

Sunil: glad you found it useful.

You will notice that security detail, on more proprietary systems, is normally hidden behind, so called, sensitivity settings. Personally I don't trust any security program with only three options (low, medium, high). Usually, low=insecure and high = unuseable. So everyone uses medium - and nobody knows what any of the settings actually do.

One complaint I have seen though is that linux appears to lack a gui firewall with the behavior of things like zonealarm. This is a simple gui which switches everything off by default, yet reports any attempt at access in either direction that isn't allowed. If it is outgoing, it asks if you want this access (it may be a browser) and so it is very easy to restrict (say) internet access to (say) firefox and exclude all other browsers etc.

It is commonly used as a windows diagnostic tool, since malware trying to phone home will be stopped and it's existence reported.

With linux, we don't need third party tools to check running processes.