LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-18-2011, 02:21 PM   #1
jeriryan
Member
 
Registered: Apr 2003
Location: United States
Distribution: RHEL 5.4, Snow Leopard
Posts: 87

Rep: Reputation: 15
Account in /etc/passwd but not /etc/shadow


I have an account in /etc/passwd with two exclamation points on it:
user:!!:...From what I understand, the !!'s mean that the password is in /etc/shadow. But there is no entry in /etc/shadow for that username. So my question is, is this account essentially locked out for login since no password is in /etc/shadow? I've tried logging in without entering a password and am unable to, but I don't think that is an exhaustive test. I'm not trying to fix it, just want to know if the account is essentially not "login-able" in it's current state.
 
Old 07-18-2011, 02:44 PM   #2
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Hi there,

Not sure how two !! came in /etc/passwd. I have never seen that in /etc/passwd but I have seen one ! in /etc/shadow which denotes that the account is locked.

As you said that account is not in /etc/shadow which is quite unusual. To be sure what you can do is disable the user login by editing /etc/passwd and putting nologin as follows:

test:x:1002:1002::/home/test:/bin/nologin

And you cannot login without password using any user account. An account is considered as locked if it does not have any password if I am not wrong.
 
Old 07-18-2011, 03:08 PM   #3
tommylovell
Member
 
Registered: Nov 2005
Distribution: Raspbian, Debian, Ubuntu
Posts: 384

Rep: Reputation: 103Reputation: 103
To add to what T3RM1NVT0R said, 'x' denotes an entry is in the shadow file. See 'man -s 5 passwd' and 'man -s 8 pwconv'.

An '*' in the /etc/passwd entry prevents login, too. As does '!' and '!!'.

Code:
[root@athlon ~]# grep tommy /etc/passwd
tommy:*:500:100:tommy:/home/tommy:/bin/bash

[root@athlon ~]# ssh -l tommy localhost 
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is 01:18:92:02:cb:1b:85:c6:16:1a:6a:93:d5:1e:1f:c5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
tommy@localhost's password: 
Permission denied, please try again.
tommy@localhost's password: 
Permission denied, please try again.
tommy@localhost's password: 
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
In the "old days", omitting the second field (stanza) would give you a password-less login, but that no longer works. I think that pam controls all of the login processing now.
 
Old 07-19-2011, 01:10 PM   #4
Reuti
Senior Member
 
Registered: Dec 2004
Location: Marburg, Germany
Distribution: openSUSE 15.2
Posts: 1,339

Rep: Reputation: 260Reputation: 260Reputation: 260
Quote:
Originally Posted by tommylovell View Post
In the "old days", omitting the second field (stanza) would give you a password-less login, but that no longer works. I think that pam controls all of the login processing now.
Yes, you have to use nullok therein for pam_unix2.so for the auth rule and allow it in sshd_config too.
 
1 members found this post helpful.
Old 07-25-2011, 09:05 AM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by jeriryan
I'm not trying to fix it, just want to know if the account is essentially not "login-able" in it's current state.
It should probably be cleaned up at some point so you (or a future sysadmin) doesn't have to puzzle over it again.

Most likely got to this state by someone editing the files manually. If you have to do that, always use vipw(8).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
shadow and passwd idlehands Linux - Security 2 07-28-2010 03:04 PM
/etc/passwd & /etc/shadow a7mlinux Linux - General 2 08-02-2009 12:19 PM
Moving /etc/passwd and /etc/shadow john8675309 Linux - Software 1 01-24-2005 08:44 PM
It is ok if i unshadow the /etc/passwd and /etc/shadow Paxmaster Linux - Software 1 01-12-2005 10:07 PM
/etc/passwd or /etc/shadow? tiger7007 Linux - Security 2 03-21-2004 04:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration