Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am amazed to see that I can login using some default users like www-data, mysql etc with/out password in linux. How can I allow login with correct password only? and some default users should note to be able login.
My OS
Linux friend 3.2.0-4-686-pae #1 SMP Debian 3.2.96-2 i686 GNU/Linux
You can log in with user nobody also. If you set a password for mysql, that will stop, but so might mysql
A better way to go if you're excited about it is to limit what user mysql can do. The guy who did qmail set up users with a shell of '/bin/true' which isn't much use to a hacker
By default system users like www-data and nobody are disabled and you should not be able to login. It is possible to use su or sudo to become a system user which is something different.
How are you logging in to www-data with/out password?
By default system users like www-data and nobody are disabled and you should not be able to login. It is possible to use su or sudo to become a system user which is something different.
How are you logging in to www-data with/out password?
Thanks, I can login using www-data, root with invalid / incorrect password. I am really confused why it has to login with incorrect password though? when I login with www-data, the shell appears "You have mail" $
Also, when doing ssh, if I enter wrong password for root it enters which shouldn't.
Last edited by arahmancsd; 11-16-2018 at 10:29 AM.
Although you state the distribution is debian you have not fully described how it is configured nor how you are actually are logging in as www-data with or without a password.
Quote:
www-data:*:17108:0:99999:7:::
Accounts with an * are disabled for login and have never had a password.
On my CentOS system, I've configured the system users (and mail-only users, for that matter) with /sbin/nologin as the login shell. Even root can't su to those:
Code:
# su someuser
This account is currently not available.
I, too, am curious by what the OP means when they say login...in a terminal, at the console, on a desktop, using su?
Which?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
