LinuxAnswers DiscussionThis forum is to discuss articles posted to LinuxAnswers.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: FreeBSD, Fedora C4, windows Server 2003
Posts: 15
Rep:
Well when I tried to execute this command this is the answer any idea why has this turned up
[root@unisa ~]# cat /etc/passwd |grep /bin/bash |grep [5-9][0-9][0-9] |cut -d: -f1
Harry
harry
steve
master
help
[root@unisa ~]# alias listuser=cat /etc/passwd |grep /bin/bash |grep [5-9][0-9][0-9] |cut -d: -f1
-bash: alias: /etc/passwd: not found
[root@unisa ~]#
Hmm, so you want a potential security hole that allows any hacker who can get the root password (or even get briefly to a terminal in use by a root user) to get every login password on the system? Are you really sure that's a good idea?
PS: I wouldn't tell you even if I knew. Which I don't.
how do you list users and passwords? I need to do that.
Being able to list users' passwords would imply that the passwords are stored somewhere on the system, which is not the case. What is stored are salted hashes of the passwords. So unless you've changed something to the standard way GNU/Linux handles user passwords, you won't be able to get any password list.
well I have a user from another company that has access to the server and DB as root and due to company problems with their company we are going manage the server and DB and i need to know how to block him from having any access to the server and DB.. its just a precaution that needs to be considered, and i dunno if changing the root password would be enough!
well I have a user from another company that has access to the server and DB as root and due to company problems with their company we are going manage the server and DB and i need to know how to block him from having any access to the server and DB.. its just a precaution that needs to be considered, and i dunno if changing the root password would be enough!
Changing the root password might be enough if you had a way to be sure that he didn't install any sort of backdoor. And you don't have any way to be sure of that unless you did something like take a HIDS snapshot or something before you gave him root access. That said, I'm still not sure how this relates to getting a listing of users' passwords. I mean, you don't need to know that passwords in order to change them. And the guy with root could have easily installed a password sniffer to get everyone's passwords if he wanted them (since cracking the salted hashes would probably be infeasible for him).
well I have a user from another company that has access to the server and DB as root and due to company problems with their company we are going manage the server and DB and i need to know how to block him from having any access to the server and DB.. its just a precaution that needs to be considered, and i dunno if changing the root password would be enough!
It was not designed to allow other people to be given root access.
The security permissions are exactly designed around limiting access to only that which is required to perform the task at hand.
If the other company requires unlimited database access that is alowable through your specific DB admin tool or command?
Regards
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.