LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-16-2015, 01:49 PM   #1
doctore
LQ Newbie
 
Registered: Apr 2015
Distribution: CentOS 7
Posts: 17

Rep: Reputation: Disabled
/etc/shadow question


Looking at the /etc/shadow file, for some of the system services accounts there are "*" and for others "!!" in the password field.
Searching online I have only found that !=*, i.e. prevent use for log-in, but, if true, what is the actual difference? Why not use "*" on all of them? And why double exclamation point?
 
Old 04-16-2015, 01:58 PM   #2
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
Code:
man 5 shadow
Read it.
 
Old 04-16-2015, 02:20 PM   #3
doctore
LQ Newbie
 
Registered: Apr 2015
Distribution: CentOS 7
Posts: 17

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by veerain View Post
Code:
man 5 shadow
Read it.
I'm sorry, but you did not understand my question. The only thing in man about it is:

Quote:
If the password field contains some string that is not a valid
result of crypt(3), for instance ! or *, the user will not be able
to use a unix password to log in (but the user may log in the
system by other means).
Which I already found online. My question was:

Quote:
Why not use "*" on all of them? And why double exclamation point?
 
Old 04-16-2015, 02:25 PM   #4
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
Quote:
Why not use "*" on all of them?
Some users of account would log in.
 
Old 04-16-2015, 03:39 PM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,604

Rep: Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241Reputation: 1241
The exclamation mark is used to lock the account. It may or may not have an actual hashed password following it.

You can actually put anything in the field. By convention "*" is no password, not allowed to login.

An !<password> is an administratively locked login that may be unlocked (see the manpage on the passwd command).

I think the use of !! is to prevent accidental unlocking (as it would take two unlock actions to actually unlock it).
 
1 members found this post helpful.
Old 04-16-2015, 03:45 PM   #6
maples
Member
 
Registered: Oct 2013
Location: IN, USA
Distribution: Arch, Debian Jessie
Posts: 810

Rep: Reputation: 264Reputation: 264Reputation: 264
It doesn't really matter which one is used, they both mean the same thing.

On my Debian system, all the system accounts have a *. However, a "!" works just fine because the process used to turn your password into that long encrypted string will never output a "!", so putting one there garuntees that no password will ever unlock that account.

Hope this helps!
 
2 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] /etc/shadow question plisken Slackware 5 12-30-2013 06:41 PM
Shadow File Last Changed Question kechlion Linux - Security 2 08-31-2010 05:45 PM
/etc/shadow and /etc/passwd permissions question lqchangba Linux - Security 2 02-20-2007 01:46 PM
Shadow file question Timur Sakayev Linux - Security 4 06-07-2005 11:20 AM
gnome question (drop shadow) littleking Slackware 0 11-28-2003 01:15 PM


All times are GMT -5. The time now is 08:59 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration