Hi again friends!


I'm happy to report that no serious problems are bugging me this time, just curious.

I'm having an argument with one of my pals about whether a user would be able to gain access into Nix if his/ her account was created via "useradd -d /home/dummy -m -s /bin/bash -c "Dummy User" dummy".

Usually I'll set the password directly afterwards by doing a "passwd dummy" and entering the password. After that I know the user will be able to login.

Now the argument is that if no password was set afterwards via passwd, would the user be able to login? My stance is no. My pal says yes.


Am I right here or do I owe my friend a beer?

You get to keep your beer my friend.

If you use useradd with those options and not getting asked the questions, passwd is not invoked automatically for you like normal. If you do not invoke passwd after creating an account in that fashion, then the account will be locked until root issues a password. Therefore making the account unusable by anyone. (All logins will fail)

Here is some info you might find useful:
At anytime you can use to lock any account other than root. It "scrambles" the entry in /etc/shadow to something ridiculous and unguessable, making the account unusable. If you want to restore the password to the value that existed before you locked it, you would issueand the password is usable again. That probably wouldn't be very good in the case of a newly created account because you want some control over it. If you don't want to give the account a password at all, even after creating it, you would do:This deletes whatever entry is in /etc/shadow for the dummy account. It doesn't matter if you never set the password (as in your question) or if it's locked or unlocked, the password is deleted and the login will not ask for a password.

If you feel a bit daring, there is a way to set the password with useradd:If the -p option isn't there, then the default action is to lock the account. But the man page for useradd tells that <passwd> value is returned by the crypt function.

I'm not playing with that. But if you can figure it out let me know.

Enjoy that beer!

EDIT: All those commands as root... of course...

You win---but, you CAN set it so the new user can log in with no password. Edit the /etc/passwd file and remove the first "x" after the username. Now that user can get in with no password.

Here's the /etc/passwd entry for "dummy" with no password required:

A-ha! Thought I was right!


Thanks ZetaBill and Pixellany, your replies are much appreciated as always. I'll keep the beer I would've bought my pal and e-mail each of you one (wish that was possible).


Thanks buddies!

I never knew that! Learning all the time...

warning...

I love the simplicity of directly changing the passwd file to rid the user's password. But that can't be accomplished in a bash script without some use of awk or sed. It's easier to use 'passwd -d' and it does the same thing.

I would not have known that passwd -d does the same thing has removing the 'x' in the password field in /etc/passwd if pixellany had not got me interested.

The only reason I bring it up is that a professor once showed me his script that he ran when he got his student list every semester. That's what kinetik's useradd invokation reminded me of. It used most of the switches at the end of the useradd statement and took the values from a student file via the read statement, variables, and a do loop. Before the do loop ended he also ran passwd with some ingenious mathematical method of making passwords.

So kinetik, if you want to accomplish your task, in one line, you could do something like thisand you would create the account without having it be locked, without the need to supply a password, and without having to answer any questions.

I only offer this because I assume that if you're using useradd with the options rather than going through the questions it asks you, that you're attempting to save as much time as possible or you'd be writing a bash script.

I might have too much time on my hands... but I had fun. I might get a beer of my own now.

Dude, I owed you one before already so your tally's up to two now (at the rate we're going we'd have polished a crate before the end of the week )


Thanks buddy!

Too bad, nice trick. Works for Fedora. Debian must have FIXED it?