Default passwords for users

paddyjoy · 11-15-2005, 06:00 AM

I was just looking at my /etc/passwd file and from what I can gather, some users are allowed to logon to a shell

Code:

paddy:x:500:500:Paddy Joy:/home/paddy:/bin/bash

and some are not

Code:

apache:x:48:48:Apache:/var/www:/sbin/nologin

Is this correct?

If so what are the default passwords of all the users that can log in to a shell?

Code:

[root@paddy ~]# cat /etc/passwd | grep bash
root:x:0:0:root:/root:/bin/bash
netdump:x:34:34:Network Crash Dump user:/var/crash:/bin/bash
pvm:x:24:24::/usr/share/pvm3:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
amanda:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
paddy:x:500:500:Paddy Joy:/home/paddy:/bin/bash

Paddy

theYinYeti · 11-15-2005, 07:26 AM

I don't know the default password. But in fact you don't need to know

You can "su" from the root account to the one you need to log into.

Yves.

theYinYeti · 11-15-2005, 07:27 AM

BTW, once logged in as either root or a given "user", it is easy to change this "user"'s passwork.

Yves.

paddyjoy · 11-15-2005, 02:30 PM

Thanks, couldn't someone just log onto my system as user mysql or netdump if they knew the default password FC4 had set up during installation?

int0x80 · 11-16-2005, 01:30 AM

Potentially, but if you check your /etc/shadow file (assuming you are using shadow passwords), you should see that most of these accounts do not have passwords. Your safest best, afaik, is to set all non-user accounts (eg: apache, irc, man, etc.) to use /dev/null instead of /bin/sh or other. Make sure you also have /dev/null listed in your /etc/shells file. Here is what my (snipped) /etc/passwd looks like:

# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/dev/null
bin:x:2:2:bin:/bin:/dev/null
nobody:x:65534:65534:nobody:/nonexistent:/dev/null
david:x:1000:1000:,,,:/home/david:/bin/bash
sshd:x:100:65534::/var/run/sshd:/dev/null

paddyjoy · 11-16-2005, 02:56 AM

So if there is no password in /etc/shadow the user can't log in?

Paddy

int0x80 · 11-16-2005, 07:00 AM

Quote:

Originally posted by paddyjoy
So if there is no password in /etc/shadow the user can't log in?

Paddy

False. If your mysql user has a shell of /bin/sh, and I exploit mysql with shell code that executes /bin/sh, then I get dropped into a shell as mysql. Therefore I am logged in as mysql, even though the user mysql has no password.

paddyjoy · 11-17-2005, 03:30 AM

Thanks, I think the safest thing to do is to set all the users to /sbin/nolgin except for the ones I want to allow login. I was just worried coz I get so many script kiddies hitting my server trying to log in as users like mysql, postgresql etc. . . . . .