LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-18-2016, 10:50 AM   #16
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,844

Rep: Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478

It is possible to edit the /etc/passwd, /etc/shadow, /etc/group files - they are only text files after all.

But you better know the format and understand what the fields are, how they are used, and what can go wrong.

The usual times I do so is during debugging new tools to manipulate these files. It is rather slow to add 400 users one at a time using the useradd utility, even when using a script to do so. Possible, yes. Just slow. And sometimes userdel does things you DON'T want (like deleting user home directories... fortunately the default is to not do that anymore). Sometimes, you do want the home directory deleted, but not the users mail file.... and sometimes the reverse. Hence the need for some sites to have custom tools.
 
Old 12-18-2016, 12:01 PM   #17
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,541

Rep: Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062Reputation: 1062
Well, yeah, they're text and you can -- but it's not for the faint of heart or uninitiated, methinks. There are the little tricks, like poking an asterisk in the password field of /etc/shadow, well, editing it and just replace the password with * and you don't lose the user home directory -- ain't no way to log in to it.

Another thing I've done (more than once) was a new server and all those accounts and passwords and whatnot were just copied from the old server to the new server (password files don't change in format). scp from old to new, scp home from old to new (with appropriate arguments) and viola! everything is right where it needs to be.

I still do that. On my systems I restrict (as much as possible) installing any software in the root tree, I back up /etc to a a partition I call spares for no particular reason, then do a full install (Slackware) in the root tree. Copy the stuff from /etc that I need (including the password files and a few others).

The partitions look like this:
Code:
mount
/dev/sda1 on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda10 on /var/lib/pgsql type ext4 (rw)
/dev/sda3 on /home type ext4 (rw)
/dev/sda5 on /usr/local type ext4 (rw)
/dev/sda6 on /opt type ext4 (rw)
/dev/sda7 on /var/lib/mysql type ext4 (rw)
/dev/sda8 on /var/lib/virtual type ext4 (rw)
/dev/sda9 on /spares type ext4 (rw)
/dev/sdb1 on /back01 type ext4 (rw)
/dev/sdb2 on /back02 type ext4 (rw)
gvfsd-fuse on /home/trona/.gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,user=trona)
So, when you do the install, you add the partitions but you only format the root partition, all the rest of them are just sitting there waiting until the old password files replace the new password files. Takes about 20 minutes, 30 if I go outside and smoke, to do a full install of Slackware, up and running. Maybe another 15 minutes to get stuff in etc where it needs to be and all done. In my case, sdb1 and sdb2 are level 0 back ups of the non-system files.


I make a lot of use of /opt, /usr/local, separate partitions (or drives) for data bases and all my servers are configured identically -- not sizes but mount points whether or not used (virtual, for example is only used on my desktop but is a mount point on all the others "just in case someday or not."

It works for me, may not for others, but I long ago learned to keep every system identical except for size and always do a full install rather than update. There's a lot of way to skin a cat.

Hope this helps some.
 
1 members found this post helpful.
Old 12-18-2016, 03:51 PM   #18
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Original Poster
Rep: Reputation: Disabled
Thanks gentelmen I have much to consider. I want to try installing systems like you mentioned tron, ive seen videos of ppl doing that. Sounds good for not having to reconfigure everything over and over again.. About the only change Ive considered making to /etc/shadow is additional ! symbols to prevent accounts I feel should not be able to login. Anyways mucho gracias seniors!

Last edited by linux4evr5581; 12-18-2016 at 04:07 PM.
 
Old 12-18-2016, 06:36 PM   #19
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,844

Rep: Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478
The standard is to use an "x" in the /etc/passwd file, then have it disabled in the /etc/shadow file with an "*" instead of the encrypted password.

Granted, any character will work in the /etc/shadow file, but the "*" is the default.
 
Old 12-18-2016, 07:32 PM   #20
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Original Poster
Rep: Reputation: Disabled
Understood, I knew the the names that have an * after their name in /etc/shadow designated service accounts, and that symbol prevented them from logging in. And the other method is usermod -L to lock a user account from logging in..

Last edited by linux4evr5581; 12-18-2016 at 07:34 PM.
 
Old 12-18-2016, 08:01 PM   #21
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,844

Rep: Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478Reputation: 1478
Quote:
Originally Posted by linux4evr5581 View Post
Understood, I knew the the names that have an * after their name in /etc/shadow designated service accounts, and that symbol prevented them from logging in. And the other method is usermod -L to lock a user account from logging in..
They don't login. They are started/used as system daemon services. That allows the UID/GID to be given to processes, but they did not login to be started.

All the /etc/passwd entry provides is a designated owner and group.
 
Old 12-18-2016, 08:31 PM   #22
linux4evr5581
Member
 
Registered: Sep 2016
Location: USA
Posts: 275

Original Poster
Rep: Reputation: Disabled
Ahh ok ill add that to my notes, thanks for the clarification!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Kwheezy cannot get past the login screen. Splash screen crashes, gets back to login. prashb Linux - Newbie 13 12-07-2013 01:24 PM
typing login only changes screen resolution at login screen raggedyman Linux - Software 1 01-21-2007 12:32 PM
Change Fedora Login Screen to KDE login screen ada601 Linux - Software 2 08-15-2004 06:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration