shadow password - password field
What is the difference between the "!" character and the "*" character in the encrypted password field in the shadow password file.
I have both and there must be a reason, but the only information I can find is that it disables the password. Does it really mean login? Thanks. |
Either of those characters in the password field in /etc/shadow would disable the login.
|
I noticed that you can still "su" to those users.
I am just worried about user's who are reallly processes. Is one character preferred over the other? |
Isn't there anyone who knows what really is the difference between a '*' and a '!' ???
It seems that piece of information isn't going to be easily found. |
As far as I know, the '*' is standard.
edit: I take it back. I am not sure why '!' is used in some instances. Probably something a sufficiently motivated person (read: not me) could learn about on google. |
If you're worried about people using su to set user to a different account, set the other accounts to have the shell /dev/null. See this post -- http://www.linuxquestions.org/questi...62#post1954062
To answer your bang vs any question, my system can't tell the difference. |
This is true that every account disabled with a '!' has /bin/false in its default shell field exept fetchmail actually (using Ubuntu linux breezy badger).
See below 2 lines from my /etc/passwd file: fetchmail:x:104:65534::/var/run/fetchmail:/bin/sh messagebus:x:105:109::/var/run/dbus:/bin/false So i'm not sure whether or not i should set /bin/false to fetchmail. Anyway this is off topic. And i did a quick googling but i did not find anything. It seems that there is so much information for newbies that you always end up on websites that only describe the basics. But i certainly did not search well enough. So maybe, i'll ask one of my teachers... that'd be a good test! |
Well, I found that:
http://seclists.org/lists/security-b.../May/0107.html I guess it resolves the topic. Moderators ? |
* -> User cannot login by password (may login by other means like
ssh-key). ! -> User cannot login at all. See man-page of adduser. "--disabled-password" creates '*', "--disabled-login" creates '!'. |
All times are GMT -5. The time now is 10:12 PM. |