On Wed, Jun 06, 2007 at 11:53:31AM +0100, Ted Harding wrote:
Hi Folks,
Can anyone interpret the following for me? I can't find it referred to in 'man' documentation.
Some "user" entries in /etc/passwd have "!!" in the encrypted password field, e.g.
sshd:!!:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpc:!!:32:32:Portmapper RPC user:/:/sbin/nologin
mysql:!!:27:27:MySQL Server:/var/lib/mysql:/bin/bash postgres:!!:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
For the acounts which have /sbin/nologin as "shell" I cannot of course gain entry, even from root.
Yes you can...
su - username -s /bin/bash
Which overrides the shell from the passwd file.
On the other hand, for the accounts (mysql, postgres) which have a normal shell, I can 'su' from root without entering a password; while if I try to 'su' from any other user I'm prompted for a password (which of course does not exist).
I'm wondering what the full interpretation of the "!!" is. I know about "*" in the encrypted password field: there is no possible password which encrypts fo "*", so such accounts cannot be logged into.
! is quite common, I've not seen !! - but generally anything that can *not* be generated by crypt in there would mean it's an account without password.
I've already found out something (see above) about "!!" accounts, but is there more that I should know?
In particular, if I were (as root) to use the 'passwd' command to give a "!!" account a real password, would I be treading on any toes in the system?
The system won't care - but you'd be compromising security a bit... if you often need to run commands as that user consider using: sudo -u username command
And setting up sudo so that you can run commands as that user.
Thanks,