[lug] Users added during install with no password
Zan Lynx
zlynx at acm.org
Thu Jul 1 17:54:55 MDT 2004
On Thu, 2004-07-01 at 17:52, Bill Thoen wrote:
> I recently installed RH 9.0 and noticed that the user named 'rpm' was
> added in the process and assigned the /bin/bash shell... but no password.
> I assume this is normal and no big threat to security, but is that right?
>
> What is the login status of accounts created with useradd if no password
> is assigned to them? They seem to be un-login-able, but I'd like to know
> whether that's the case or if there's some default password I just don't
> know about.
Are you sure it's blank? On my system, the rpm user has an "x" for a
password in the /etc/passwd file and !! in the /etc/shadow file. An x
is not a valid crypt or MD5 hash, so it really means the rpm user isn't
allowed to log in at all. If you are using shadow passwords, an "x"
means a shadow password; for those you look in /etc/shadow. Again, an
invalid hash in /etc/shadow means the user isn't allowed to log in.
So, it should look like:
rpm:x:37:37:...
but not like:
rpm::37:37:...
I hope that's helpful, or at least not too confusing.
--
Zan Lynx <zlynx at acm.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20040701/91c6c9dc/attachment.pgp>
More information about the LUG
mailing list