[ALUG] "!!" in /etc/passwd
Brett Parker
iDunno at sommitrealweird.co.uk
Wed Jun 6 14:02:22 BST 2007
On Wed, Jun 06, 2007 at 11:53:31AM +0100, Ted Harding wrote:
> Hi Folks,
>
> Can anyone interpret the following for me?
> I can't find it referred to in 'man' documentation.
>
> Some "user" entries in /etc/passwd have "!!" in the encrypted
> password field, e.g.
>
> sshd:!!:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
> rpc:!!:32:32:Portmapper RPC user:/:/sbin/nologin
>
> mysql:!!:27:27:MySQL Server:/var/lib/mysql:/bin/bash
> postgres:!!:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
>
> For the acounts which have /sbin/nologin as "shell" I cannot
> of course gain entry, even from root.
Yes you can...
su - username -s /bin/bash
Which overrides the shell from the passwd file.
> On the other hand, for the accounts (mysql, postgres) which
> have a normal shell, I can 'su' from root without entering a
> password; while if I try to 'su' from any other user I'm prompted
> for a password (which of course does not exist).
>
> I'm wondering what the full interpretation of the "!!" is.
> I know about "*" in the encrypted password field: there is
> no possible password which encrypts fo "*", so such accounts
> cannot be logged into.
! is quite common, I've not seen !! - but generally anything that can
*not* be generated by crypt in there would mean it's an account without
password.
> I've already found out something (see above) about "!!" accounts,
> but is there more that I should know?
>
> In particular, if I were (as root) to use the 'passwd' command
> to give a "!!" account a real password, would I be treading on
> any toes in the system?
The system won't care - but you'd be compromising security a bit... if
you often need to run commands as that user consider using:
sudo -u username command
And setting up sudo so that you can run commands as that user.
Thanks,
--
Brett Parker
More information about the main
mailing list