LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-11-2005, 06:42 PM   #1
ayhopkins
LQ Newbie
 
Registered: Apr 2002
Distribution: Linux
Posts: 14

Rep: Reputation: 0
shadow password - password field


What is the difference between the "!" character and the "*" character in the encrypted password field in the shadow password file.

I have both and there must be a reason, but the only information I can find is that it disables the password.

Does it really mean login?

Thanks.
 
Old 02-11-2005, 08:01 PM   #2
sigsegv
Senior Member
 
Registered: Nov 2004
Location: Third rock from the Sun
Distribution: NetBSD-2, FreeBSD-5.4, OpenBSD-3.[67], RHEL[34], OSX 10.4.1
Posts: 1,197

Rep: Reputation: 46
Either of those characters in the password field in /etc/shadow would disable the login.
 
Old 02-11-2005, 09:05 PM   #3
ayhopkins
LQ Newbie
 
Registered: Apr 2002
Distribution: Linux
Posts: 14

Original Poster
Rep: Reputation: 0
I noticed that you can still "su" to those users.

I am just worried about user's who are reallly processes.

Is one character preferred over the other?
 
Old 11-15-2005, 06:17 PM   #4
lanjelot
LQ Newbie
 
Registered: Sep 2005
Posts: 4

Rep: Reputation: 0
Isn't there anyone who knows what really is the difference between a '*' and a '!' ???

It seems that piece of information isn't going to be easily found.
 
Old 11-15-2005, 07:52 PM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
As far as I know, the '*' is standard.

edit: I take it back. I am not sure why '!' is used in some instances. Probably something a sufficiently motivated person (read: not me) could learn about on google.

Last edited by anomie; 11-15-2005 at 07:54 PM.
 
Old 11-16-2005, 01:34 AM   #6
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Rep: Reputation: 31
If you're worried about people using su to set user to a different account, set the other accounts to have the shell /dev/null. See this post -- http://www.linuxquestions.org/questi...62#post1954062

To answer your bang vs any question, my system can't tell the difference.
 
Old 11-16-2005, 02:12 AM   #7
lanjelot
LQ Newbie
 
Registered: Sep 2005
Posts: 4

Rep: Reputation: 0
This is true that every account disabled with a '!' has /bin/false in its default shell field exept fetchmail actually (using Ubuntu linux breezy badger).
See below 2 lines from my /etc/passwd file:

fetchmail:x:104:65534::/var/run/fetchmail:/bin/sh
messagebus:x:105:109::/var/run/dbus:/bin/false

So i'm not sure whether or not i should set /bin/false to fetchmail.

Anyway this is off topic.

And i did a quick googling but i did not find anything. It seems that there is so much information for newbies that you always end up on websites that only describe the basics. But i certainly did not search well enough.

So maybe, i'll ask one of my teachers... that'd be a good test!
 
Old 11-16-2005, 02:43 AM   #8
lanjelot
LQ Newbie
 
Registered: Sep 2005
Posts: 4

Rep: Reputation: 0
Well, I found that:

http://seclists.org/lists/security-b.../May/0107.html

I guess it resolves the topic. Moderators ?
 
Old 11-17-2005, 05:25 AM   #9
lanjelot
LQ Newbie
 
Registered: Sep 2005
Posts: 4

Rep: Reputation: 0
* -> User cannot login by password (may login by other means like
ssh-key).
! -> User cannot login at all.

See man-page of adduser. "--disabled-password" creates '*', "--disabled-login" creates '!'.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
what does password field mean? hongxing Linux - Software 5 11-28-2005 06:33 PM
useradd without shadow password twallstr Linux - Software 1 09-08-2005 02:14 PM
/etc/shadow password field amfoster Linux - Security 2 08-24-2004 11:39 AM
Shadow password encryption mnisski Linux - General 3 05-28-2004 06:24 PM
shadow password wincrk Linux - Security 3 03-16-2003 09:07 PM


All times are GMT -5. The time now is 02:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration