ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You can see who logged in when in /var/adm/messages. You can also use finger and last. Getting passwords however isn't something any admin should be doing. If you have root you don't need the password. If you don't have root then you shouldn't have the passwords.
Im sorry but i think i may have not explained my query to well...we have been transfered about 9 linux/solaris servers for management. We need to run some audits on these servers i.e. disk space hardware, kernel versions, security and also a list of users and there current passwords. I suspected there could be a way where i could convert the passwords back to simple text.
Right. crack and other utilities will only find simple passwords. For good passwords it shouldn't find the detail.
Logged in as root you can change the password for any user you want. If you feel you need to do that to restrict it to people you know transitioned with the servers.
However in practice Admins should NOT know all the passwords. As noted before you're having root lets you do things like "su - <user>" so that you can become the user. There are a few things that require you to login directly as a user rather than su to it so the "real ID" is the same as the "effective ID" but it is only a rare thing and even then you should tell the user to modify the password when you're done so you don't know it any more. The only time I generally know user passwords is when I reset them for people that have forgotten them and then I tell them to change it on first login.
I can't imagine why an audit would require a list of users AND PASSWORDS!!! If an auditor asked me for a list of passwords I tell him to go jump up a stump. Your audit should contain a list of users possibly but more importantly should show there are no "crackable" passwords - not actually list what the passwords are.
Last edited by MensaWater; 03-15-2007 at 09:37 AM.
I understand wanting to know which users are out there. I question how knowing the password lets you know purpose unless they are moronic enough to put the purpose in as the password. (That is to say if you have an account called e.g. "ftpuser" and the password is "ftp" you should shoot someone.)
Also you don't have to keep a separate list. You can store comments when you create a user. You can do it afterwards with "usermod -c <comment>"
e.g. for user "devgappl" I would typically include comment "DEVG Application Admin User for DBAs". Seeing this comment later when I do "grep devgappl /etc/passwd" lets me know
a) It is an administrative account rather than an individual user.
b) It is owned by the Database Administration team.
That way later if I have questions about the account I know who to ask.
One reason to keep a separate list would be to standardize accounts across multiple machines (assuming you're not using NIS or something similar) so that they all have the same UID. We keep a list of Users with UIDs here but don't store any other information about them except the primary GID.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.