Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Shadow file help
Top Forums UNIX for Dummies Questions & Answers Shadow file help Post 302586432 by pinga123 on Monday 2nd of January 2012 02:31:28 AM
Old 01-02-2012
Shadow file help
As a part of linux hardening

In shadow file all Application accounts which are not locked must contain only an asterisk “*” in the Passwd field.

But how would i do it by using command?

Is there any way other than modifying shadow file to accomplish this task?
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

shadow file

Sirs, What is a shadow file,How it be usefull.For my project i have to keep the password in shawdow file also i am doing in php how can i do it. Thanks in advance, ArunKumar (3 Replies)
Discussion started by: arunkumar_mca
3 Replies

2. Programming

Doubt on shadow file

Hi guys, I have a doubt on shadow file ... In the Unix servers in which I am working, I cud see that the shadow file has only one permission set .. tht is read permission for only root user ... (-r--------) .... So my basic doubt here is that how this file is being written then ... only... (4 Replies)
Discussion started by: Sabari Nath S
4 Replies

3. UNIX for Advanced & Expert Users

shadow file

what does 'x' in the encrypted password field in /etc/shaodw file represent? (3 Replies)
Discussion started by: jbashir
3 Replies

4. Solaris

*LK* in /etc/shadow file

my etc/shadow file showing *LK* for a particular user.. can u tell me under which circumstances a user is locked (5 Replies)
Discussion started by: vikashtulsiyan
5 Replies

5. UNIX for Advanced & Expert Users

/etc/shadow file....

Does anyone know what "!!" represents in the password field of the /etc/shadow file? :confused: (6 Replies)
Discussion started by: avcert1998
6 Replies

6. UNIX for Dummies Questions & Answers

Shadow File

I see conflicting definitions for the shadow file. For Solaris, what are the fields please? Thanks. (3 Replies)
Discussion started by: DavidS
3 Replies

7. Shell Programming and Scripting

appending LK to the shadow file

Hey guys.. i need to be able to append 'LK' to a password field in the shadow file I cannot use commands such as usermod chsh i need to directly be able to manupilate the files through a menu driven interface. So in other words write to the shadow file How could i do this? so far... (1 Reply)
Discussion started by: musicmancanora
1 Replies

8. UNIX for Dummies Questions & Answers

How Do I Regenerate the Shadow file

I guess the earlier problem I had with changing user passwords and creating new users is related to the shadow file. Anytime I change something to /etc/passwd or shadow I get locked out. HOW DO I REGENERATE THIS FILE. (1 Reply)
Discussion started by: Waitstejo
1 Replies

9. Shell Programming and Scripting

Shadow file

Hi, In shadow file smithj:Ep6mckrOLChF.:10063:0:99999:7::: 3rd Field 10063 indicates the number of days (since January 1, 1970) since the password was last changed. I want to get the result with script the date on which the password was last changed in YYYY-MM-DD format. can... (8 Replies)
Discussion started by: pinnacle
8 Replies

10. Solaris

Solaris :regarding /etc/shadow file

what does the last column in /etc/shadow file indicate?? i read man page,it tells its FLAG..but i am not able to understand exactly why its there :confused: thanks in advance, shekhar (4 Replies)
Discussion started by: shekhar_4_u
4 Replies

LEARN ABOUT CENTOS

passwd

PASSWD(5)						     Linux Programmer's Manual							 PASSWD(5)

NAME

       passwd - password file

DESCRIPTION

       The  /etc/passwd  file  is  a  text file that describes user login accounts for the system.  It should have read permission allowed for all
       users (many utilities, like ls(1) use it to map user IDs to usernames), but write access only for the superuser.

       In the good old days there was no great problem with this general read permission.  Everybody could read the encrypted passwords,  but  the
       hardware  was  too  slow  to  crack a well-chosen password, and moreover the basic assumption used to be that of a friendly user-community.
       These days many people run some version of the shadow password suite, where /etc/passwd has an 'x' character in the password field, and the
       encrypted passwords are in /etc/shadow, which is readable by the superuser only.

       If  the	encrypted password, whether in /etc/passwd or in /etc/shadow, is an empty string, login is allowed without even asking for a pass-
       word.  Note that this functionality may be intentionally disabled in applications, or configurable  (for  example  using  the  "nullok"	or
       "nonull" arguments to pam_unix.so).

       If the encrypted password in /etc/passwd is "*NP*" (without the quotes), the shadow record should be obtained from an NIS+ server.

       Regardless  of  whether	shadow	passwords are used, many system administrators use an asterisk (*) in the encrypted password field to make
       sure that this user can not authenticate him- or herself using a password.  (But see NOTES below.)

       If you create a new login, first put an asterisk (*) in the password field, then use passwd(1) to set it.

       Each line of the file describes a single user, and contains seven colon-separated fields:

	      name:password:UID:GID:GECOS:directory:shell

       The field are as follows:

       name	   This is the user's login name.  It should not contain capital letters.

       password    This is either the encrypted user password, an asterisk (*), or the letter 'x'.  (See pwconv(8) for an explanation of 'x'.)

       UID	   The privileged root login account (superuser) has the user ID 0.

       GID	   This is the numeric primary group ID for this user.	(Additional groups for the user are defined in the system group file;  see
		   group(5)).

       GECOS	   This  field	(sometimes called the "comment field") is optional and used only for informational purposes.  Usually, it contains
		   the full username.  Some programs (for example, finger(1)) display information from this field.

		   GECOS stands for "General Electric Comprehensive Operating System", which was renamed to GCOS when GE's large systems  division
		   was	sold to Honeywell.  Dennis Ritchie has reported: "Sometimes we sent printer output or batch jobs to the GCOS machine.  The
		   gcos field in the password file was a place to stash the information for the $IDENTcard.  Not elegant."

       directory   This is the user's home directory: the initial directory where the user is placed after logging in.	The value in this field is
		   used to set the HOME environment variable.

       shell	   This  is  the  program to run at login (if empty, use /bin/sh).  If set to a nonexistent executable, the user will be unable to
		   login through login(1).  The value in this field is used to set the SHELL environment variable.

FILES

       /etc/passwd

NOTES

       If you want to create user groups, there must be an entry in /etc/group, or no group will exist.

       If the encrypted password is set to an asterisk (*), the user will be unable to login using login(1), but may still login using	rlogin(1),
       run  existing  processes  and  initiate new ones through rsh(1), cron(8), at(1), or mail filters, etc.  Trying to lock an account by simply
       changing the shell field yields the same result and additionally allows the use of su(1).

SEE ALSO

       login(1), passwd(1), su(1), getpwent(3), getpwnam(3), crypt(3), group(5), shadow(5)

COLOPHON

       This page is part of release 3.53 of the Linux man-pages project.  A description of the project, and information about reporting bugs,  can
       be found at http://www.kernel.org/doc/man-pages/.

Linux								    2012-05-03								 PASSWD(5)
All times are GMT -4. The time now is 03:45 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy