Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: what should /etc/shadow look like?

  1. #11
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    8,084
    Distro
    Ubuntu

    Re: what should /etc/shadow look like?

    The ! symbol means the account is locked. In this instance locked and disable are synonymous.
    When you lock a password, you ultimately disable it, as if you want to unlock it, you'll need to create a new one.
    Or use the -u(unlock flag), in which case the old password will be re-enabled. But if, as it is in this case, you never set a password, then unlocking it would be moot, as you never knew what is/was.
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  2. #12
    Join Date
    Jul 2012
    Beans
    25

    Re: what should /etc/shadow look like?

    So the information I saw somewhere else (from google I have to admit) that the ! in the password field indicates a key based logon is possible is wrong then?

    Good news. Thank you all and sorry that the original wording of the question was poor.

  3. #13
    Join Date
    Jul 2012
    Beans
    25

    Re: what should /etc/shadow look like?

    Quote Originally Posted by matt_symes View Post
    Hi

    You have not been hacked, as i have not. the x's i added.

    Code:
    matthew-S206:/home/matthew/fxp % sudo grep root /etc/shadow
    root:!:xxxx:x:xxxx:7:::
    matthew-S206:/home/matthew/fxp %
    Kind regards
    Cool. It's good to see that my file is still in the default settings (as it should be). Thank you very much!

  4. #14
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: what should /etc/shadow look like?

    The discussion here is for the most part spot on.

    The ! and * symbols prevent root from logging in via a password.

    You can obtain root access via several other means, however. This might include booting a live CD, booting to recovery mode, using sudo, logging in via ssh (keys) or kerberos. This list is incomplete , but hopefully you get the idea.

    See https://help.ubuntu.com/community/RootSudo
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  5. #15
    Join Date
    Jul 2012
    Beans
    25

    Re: what should /etc/shadow look like?

    Quote Originally Posted by bodhi.zazen View Post
    The discussion here is for the most part spot on.

    The ! and * symbols prevent root from logging in via a password.

    You can obtain root access via several other means, however. This might include booting a live CD, booting to recovery mode, using sudo, logging in via ssh (keys) or kerberos. This list is incomplete , but hopefully you get the idea.

    See https://help.ubuntu.com/community/RootSudo
    So that means that IF a remote desktop service of some type is installed and IF a shh key exists then a remote root logon would be possible?

  6. #16
    Join Date
    Feb 2013
    Beans
    Hidden!

    Re: what should /etc/shadow look like?

    From the manual page for shadow(5)
    Refer to crypt(3) for details on how this string is interpreted.

    If the password field contains some string that is not a valid
    result of crypt(3), for instance ! or *, the user will not be able
    to use a unix password to log in (but the user may log in the
    system by other means).

    This field may be empty, in which case no passwords are required to
    authenticate as the specified login name. However, some
    applications which read the /etc/shadow file may decide not to
    permit any access at all if the password field is empty.

    A password field which starts with a exclamation mark means that
    the password is locked. The remaining characters on the line
    represent the password field before the password was locked.
    In short, you can use any character outside the [a-zA-Z0-9./] set to lock password in /etc/shadow. By convention, passwd -l uses ! for it, and passwd -u strips the ! prefix from locked password.
    Last edited by schragge; February 27th, 2013 at 01:16 PM.

  7. #17
    Join Date
    Feb 2013
    Beans
    Hidden!

    Re: what should /etc/shadow look like?

    Quote Originally Posted by lou21 View Post
    So that means that IF a remote desktop service of some type is installed and IF a shh key exists then a remote root logon would be possible?
    The access for root over ssh can be disabled in the configuration file /etc/ssh/sshd_config. From the manual page for sshd_config(5)
    PermitRootLogin
    Specifies whether root can log in using ssh(1). The argument
    must be “yes”, “without-password”, “forced-commands-only” or
    “no”. The default is “yes”.

    If this option is set to “without-password” password authentica-
    tion is disabled for root.

    If this option is set to “forced-commands-only” root login with
    public key authentication will be allowed, but only if the
    command option has been specified (which may be useful for taking
    remote backups even if root login is normally not allowed). All
    other authentication methods are disabled for root.

    If this option is set to “no” root is not allowed to log in.

  8. #18
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: what should /etc/shadow look like?

    Quote Originally Posted by lou21 View Post
    So that means that IF a remote desktop service of some type is installed and IF a shh key exists then a remote root logon would be possible?
    Depending on how ssh and your VNC is configured, yes. I listed other protocols in my post.

    As indicated by schragge, you configure each service (ssh, kerberos, VNC, etc) to allow/restrict users, including root.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •