Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 05-07-2010, 05:00 AM   #1
LQ Newbie
Registered: May 2010
Posts: 9

Rep: Reputation: 0
What is the different between "*" "!!" and "/sbin/nologin"? Thanks!!

I am a really newbie to linux, I would like to know how to determine an account cannot login to system in any way. I found at the /etc/passwd file, if the default shell of an account is /sbin/nologin, it cannot telnet or login interactively, but like 'FTP' account, I can login through FTP Client, so can I say the 'FTP' account is locked??

Then at /etc/shadow, I found the password field of an account may contain '!!' or '*', I searched for reference know that '!!' means password is locked and '*' means password is disabled, so can an account with '!!' or '*' login to system interactively or through ways like FTP??

Thanks a lot for your information!!!
Old 05-07-2010, 05:19 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982Reputation: 1982
well notations like !! and * just make the password string impossible to ever match. the passwd is a sha or md5 string encrypted version of the original password, and those strings can never contain those characters, therefore the account is implictly "locked". Note that there is no formal explicit locking, i.e. there is no "Locked" field in the file, you just basically break the account in a controlled way. Locked and disabled are interchangeable, there's no difference.

As for nologin, no the account is not locked, as it is working absolutely fine, and even with nologin as your shell, you DO login, but terminate immediately due to the behaviour of the chosen (non) shell. so if you don't need a shell as the result of the authentication, you do still log in correctly. terminology aroun "FTP accounts" is very vague, sometimes they just mean an account like you are referring to, which I would say is the wrong way to describe it, as opposed to a seperate user account list held purely for the FTP server, which would be much more like a genuine "FTP Only" user.
1 members found this post helpful.
Old 05-09-2010, 09:38 PM   #3
LQ Newbie
Registered: May 2010
Posts: 9

Original Poster
Rep: Reputation: 0
Thanks for detailed explanation, you let me have a clearer concept, thanks a lot!!!!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how can I "cat" or "grep" a file to ignore lines starting with "#" ??? callagga Linux - Newbie 7 08-16-2013 07:58 AM
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 12:26 PM
net working eth0 eth1 wlan0 "no connection" "no LAN" "no wi-fi" Cayitano Linux - Newbie 5 12-09-2007 08:11 PM
Standard commands give "-bash: open: command not found" even in "su -" and "su root" mibo12 Linux - General 4 11-11-2007 11:18 PM
LXer: Displaying "MyComputer", "Trash", "Network Servers" Icons On A GNOME Desktop LXer Syndicated Linux News 0 04-02-2007 09:31 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:52 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration