Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Maintain health of passwd file
Homework and Emergencies Homework & Coursework Questions Maintain health of passwd file Post 302688159 by Don Cragun on Saturday 18th of August 2012 04:36:55 AM
Old 08-18-2012
Quote:
Originally Posted by Learn4Life
Maybe you should save your 2 cents, since I have no idea what you mean with this statement.

Passwords are usually encrypted using MD5, so passwords in shadow would be $\d$, that is all I need.

What are you trying to say here?

I don't want grep to print the line encountered with my criteria and does it really matter what I use? I use awk since it is convenient for me to use. I wonder why I have to discuss procedures and tools here rather than the problem itslef. A hint on how to ACCESS THE SHADOW FILE FOR REG EXPR COMPARISON WITHOUT ROOT PRIVILEGES is asked here.
You seem to be expecting the /etc/passwd entry for root to be something like:
Code:
root:*:0:0:System Administrator:/var/root:/bin/sh

with root as the user name, but what vbe was saying is that an entry like:
Code:
super:*:0:0:System Administrator:/var/super:/bin/sh

has exactly the same privileges as root in the entry you're looking for, but your script won't notice it.

Some accounts are set up so that they can never be used to login. They may have an entry in the password field in the shadow file like NOPASSWD, NOLOGIN, or any other string that can never match an encrypted password. From the statement of the problem, it isn't clear whether you should be looking for an MD5 password or just looking for a field that is not empty. This is intended to answer your 2nd and 3rd questions.

You can use grep -c or grep with stdout redirected and check the exit status to determine whether or not at least one line matches your search pattern. When you post to a forum like this, we assume that you're asking for suggestions on how to do the job you're trying to do. If what you are using is grossly inefficient or overly complex, why don't you want to know about alternative methods to accomplish what you're trying to do?

There is no way to ACCESS THE SHADOW FILE FOR REG EXPR COMPARISON WITHOUT ROOT PRIVILEGES. Or, if there is, your system's security mechanisms have been disabled and any user that can access your system can hack it to do anything they want. It sounds like your assignment is to determine a way to get the privileges needed to access that file. Some possibilities could include using a setuid root shell script (which you would have to be root to setup), su to root before running your script (which would require you to know root's password and find secure way to enter it from a shell script), or sudo. (Note also that some systems use an open directory or other authentication system and don't even have a traditional shadow file.) I don't think anybody here is going to give you a script that will do any of these, but this may give you some ideas to investigate. Also note that ways to do this may vary considerably from system to system.
 

10 More Discussions You Might Find Interesting

1. Cybersecurity

/etc/passwd file

hi Does anyone anyone know what the last line of a unix user passwd file signifes? Mine shows "+:::::" best (4 Replies)
Discussion started by: s_mad010
4 Replies

2. Shell Programming and Scripting

help in /etc/passwd file

Hi all, As all of us know that in /etc/passwd file the first field correspond to username could any one tell me what is bin , damoen etc in the first field, and r they in user field , what is nologin in the last column ? root:x:0:0:root:/root:/bin/bash ... (4 Replies)
Discussion started by: useless79
4 Replies

3. UNIX for Dummies Questions & Answers

sed a file and maintain date stamp and permissions

I need to alter a file. I'm using sed then passing output to temp file then using touch -r to maintain the date but the permissions do not get preserved How can I sed a file and maintain date and permissions currently it's preserving the date but the permissions revert back to the... (3 Replies)
Discussion started by: andyatit
3 Replies

4. Solaris

passwd cmd reenables passwd aging in shadow entry

Hi Folks, I have Solaris 10, latest release. We have passwd aging set in /etc/defalut/passwd. I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging. When I reset the users passwd using passwd command, it re enables... (3 Replies)
Discussion started by: BG_JrAdmin
3 Replies

5. UNIX for Dummies Questions & Answers

help with passwd file

Not an unix expert, I read a few pages on the web about passwd files, but I didn't find the answers I need about the last 8 lines of the passwd file I'm taking a look at. I'm assuming their shortcuts to another file that may have the actual usernames of users on the system. Please, any help... (1 Reply)
Discussion started by: fusion31
1 Replies

6. Shell Programming and Scripting

Script to maintain file versions

I am developing a script to maintain 'n' number of versions of a file. The script will take a filename as a parameter and the number of versions to maintain. This basically does something like a FIFO. Here is what I developed. But something is not right. I have attached the script. Can u pls help... (2 Replies)
Discussion started by: vskr72
2 Replies

7. AIX

When did AIX start using /etc/security/passwd instead of /etc/passwd to store encrypted passwords?

Does anyone know when AIX started using /etc/security/passwd instead of /etc/passwd to store encrypted passwords? (1 Reply)
Discussion started by: Anne Neville
1 Replies

8. Shell Programming and Scripting

Maintain health of passwd file

Hello guys I am about to write a script that is based on "The Linux Administration Handbook" The exercise is as follows: Write a shell script to help monitor the health of the /etc/passwd file. Find entries that have UID0 Find entries that have no password (needs /etc/shadow) Find any... (4 Replies)
Discussion started by: Learn4Life
4 Replies

9. UNIX for Advanced & Expert Users

How to maintain a personal password file 'safely'?

Hi all, As time progresses, the number of servers that I have to login to has grown to the hundreds. Some of the servers has NIS so I can use one single password for this group of servers. The hard part comes to when you have 20+ other servers that now require different passwords and... (4 Replies)
Discussion started by: newbie_01
4 Replies

10. UNIX for Advanced & Expert Users

Removing special chars from file and maintain field separator

Running SunOs 5.6. Solaris. I've been able to remove all special characters from a fixed length file which appear in the first column but as a result all subsequent columns have shifted to the left by the amount of characters deleted. It is a space separated file. Line 1 in input file is... (6 Replies)
Discussion started by: iffy290
6 Replies

LEARN ABOUT SUSE

shadow

SHADOW(5)							File Formats Manual							 SHADOW(5)

NAME

       shadow - encrypted password file

DESCRIPTION

       shadow contains the encrypted password information for user's accounts and optional the password aging information. Included is

	    Login name

	    Encrypted password

	    Days since Jan 1, 1970 that password was last changed

	    Days before password may be changed

	    Days after which password must be changed

	    Days before password is to expire that user is warned

	    Days after password expires that account is disabled

	    Days since Jan 1, 1970 that account is disabled

	    A reserved field

       The  password  field must be filled. The encryped password consists of 13 to 24 characters from the 64 characters alphabet a thru z, A thru
       Z, 0 thru 9, . and /. Optionally it can start with a "$" character. This means the encrypted password was generated using another (not DES)
       algorithm. For example if it starts with "$1$" it means the MD5-based algorithm was used.

       Refer to crypt(3) for details on how this string is interpreted.

       The  date  of  the  last  password change is given as the number of days since Jan 1, 1970. The password may not be changed again until the
       proper number of days have passed, and must be changed after the maximum number of days.  If the minimum number of days required is greater
       than the maximum number of day allowed, this password may not be changed by the user.

       An  account is considered to be inactive and is disabled if the password is not changed within the specified number of days after the pass-
       word expires.  An account will also be disabled on the specified day regardless of other password expiration information.

       This information supercedes any password or password age information present in /etc/passwd.

       This file must not be readable by regular users if password security is to be maintained.

FILES

       /etc/passwd    - user account information
       /etc/shadow    - encrypted user passwords

SEE ALSO

       chage(1), login(1), passwd(1), su(1), passwd(5), pwconv(8), pwunconv(8), sulogin(8)

AUTHOR

       Julianne Frances Haugh (jockgrrl@ix.netcom.com)

																	 SHADOW(5)
All times are GMT -4. The time now is 07:31 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy