[lug] Users added during install with no password

Zan Lynx zlynx at acm.org
Thu Jul 1 17:54:55 MDT 2004


On Thu, 2004-07-01 at 17:52, Bill Thoen wrote:
> I recently installed RH 9.0 and noticed that the user named 'rpm' was
> added in the process and assigned the /bin/bash shell... but no password. 
> I assume this is normal and no big threat to security, but is that right? 
> 
> What is the login status of accounts created with useradd if no password
> is assigned to them? They seem to be un-login-able, but I'd like to know
> whether that's the case or if there's some default password I just don't 
> know about.

Are you sure it's blank?  On my system, the rpm user has an "x" for a
password in the /etc/passwd file and !! in the /etc/shadow file.  An x
is not a valid crypt or MD5 hash, so it really means the rpm user isn't
allowed to log in at all.  If you are using shadow passwords, an "x"
means a shadow password; for those you look in /etc/shadow.  Again, an
invalid hash in /etc/shadow means the user isn't allowed to log in.

So, it should look like:
rpm:x:37:37:...
but not like:
rpm::37:37:...

I hope that's helpful, or at least not too confusing.
-- 
Zan Lynx <zlynx at acm.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20040701/91c6c9dc/attachment.pgp>


More information about the LUG mailing list