LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   shadow password - password field (https://www.linuxquestions.org/questions/linux-security-4/shadow-password-password-field-289104/)

ayhopkins 02-11-2005 06:42 PM
shadow password - password field
 
What is the difference between the "!" character and the "*" character in the encrypted password field in the shadow password file.

I have both and there must be a reason, but the only information I can find is that it disables the password.

Does it really mean login?

Thanks.

sigsegv 02-11-2005 08:01 PM
Either of those characters in the password field in /etc/shadow would disable the login.

ayhopkins 02-11-2005 09:05 PM
I noticed that you can still "su" to those users.

I am just worried about user's who are reallly processes.

Is one character preferred over the other?

lanjelot 11-15-2005 06:17 PM
Isn't there anyone who knows what really is the difference between a '*' and a '!' ???

It seems that piece of information isn't going to be easily found.

anomie 11-15-2005 07:52 PM
As far as I know, the '*' is standard.

edit: I take it back. I am not sure why '!' is used in some instances. Probably something a sufficiently motivated person (read: not me) could learn about on google.

int0x80 11-16-2005 01:34 AM
If you're worried about people using su to set user to a different account, set the other accounts to have the shell /dev/null. See this post -- http://www.linuxquestions.org/questi...62#post1954062

To answer your bang vs any question, my system can't tell the difference.

lanjelot 11-16-2005 02:12 AM
This is true that every account disabled with a '!' has /bin/false in its default shell field exept fetchmail actually (using Ubuntu linux breezy badger).
See below 2 lines from my /etc/passwd file:

fetchmail:x:104:65534::/var/run/fetchmail:/bin/sh
messagebus:x:105:109::/var/run/dbus:/bin/false

So i'm not sure whether or not i should set /bin/false to fetchmail.

Anyway this is off topic.

And i did a quick googling but i did not find anything. It seems that there is so much information for newbies that you always end up on websites that only describe the basics. But i certainly did not search well enough.

So maybe, i'll ask one of my teachers... that'd be a good test!

lanjelot 11-16-2005 02:43 AM
Well, I found that:

http://seclists.org/lists/security-b.../May/0107.html

I guess it resolves the topic. Moderators ?

lanjelot 11-17-2005 05:25 AM
* -> User cannot login by password (may login by other means like
ssh-key).
! -> User cannot login at all.

See man-page of adduser. "--disabled-password" creates '*', "--disabled-login" creates '!'.


All times are GMT -5. The time now is 10:12 PM.