[lug] Users added during install with no password

Neil Doane caine at antediluvian.org
Fri Jul 2 07:22:55 MDT 2004


* Jeff Schroeder (jeff at neobox.net), on [07-01-04 16:59], wrote:
> Bill wrote:
> 
> > I recently installed RH 9.0 and noticed that the user named 'rpm' was
> > added in the process and assigned the /bin/bash shell... but no
> > password. I assume this is normal and no big threat to security, but
> > is that right?
> 
> Although I don't use RH (any more), I suspect that's correct.  Look in 
> the /etc/shadow file-- I assume RH uses shadow passwords-- and you 
> should see some users with passwords, and others with an 'x' or bang:
> 
> nobody:x:12598:0:99999:7:::
> jeff:jseCdKJfvLk:12598:0:99999:7:::

That's not your real hash is it? :)


Neil



> mysql:!:12598:0:99999:7:::
> 
> The 'nobody' and 'mysql' accounts won't permit logins.
> 
> HTH,
> Jeff
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug



More information about the LUG mailing list