Robot Pirate Ghost
The ! symbol means the account is locked. In this instance locked and disable are synonymous.
When you lock a password, you ultimately disable it, as if you want to unlock it, you'll need to create a new one.
Or use the -u(unlock flag), in which case the old password will be re-enabled. But if, as it is in this case, you never set a password, then unlocking it would be moot, as you never knew what is/was.
Splat Double Splat Triple Splat
Earn Your Keep
Don't mind me, I'm only passing through.
Once in a blue moon, I'm actually helpful.
5 Cups of Ubuntu
So the information I saw somewhere else (from google I have to admit) that the ! in the password field indicates a key based logon is possible is wrong then?
Good news. Thank you all and sorry that the original wording of the question was poor.
5 Cups of Ubuntu
Cool. It's good to see that my file is still in the default settings (as it should be). Thank you very much!Originally Posted by matt_symes
Walking moon
The discussion here is for the most part spot on.
The ! and * symbols prevent root from logging in via a password.
You can obtain root access via several other means, however. This might include booting a live CD, booting to recovery mode, using sudo, logging in via ssh (keys) or kerberos. This list is incomplete , but hopefully you get the idea.
See https://help.ubuntu.com/community/RootSudo
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
5 Cups of Ubuntu
So that means that IF a remote desktop service of some type is installed and IF a shh key exists then a remote root logon would be possible?
Ubuntu Cappuccino Scuro
From the manual page for shadow(5)
In short, you can use any character outside the [a-zA-Z0-9./] set to lock password in /etc/shadow. By convention, passwd -l uses ! for it, and passwd -u strips the ! prefix from locked password.Refer to crypt(3) for details on how this string is interpreted.
If the password field contains some string that is not a valid
result of crypt(3), for instance ! or *, the user will not be able
to use a unix password to log in (but the user may log in the
system by other means).
This field may be empty, in which case no passwords are required to
authenticate as the specified login name. However, some
applications which read the /etc/shadow file may decide not to
permit any access at all if the password field is empty.
A password field which starts with a exclamation mark means that
the password is locked. The remaining characters on the line
represent the password field before the password was locked.
Last edited by schragge; February 27th, 2013 at 01:16 PM.
Ubuntu Cappuccino Scuro
The access for root over ssh can be disabled in the configuration file /etc/ssh/sshd_config. From the manual page for sshd_config(5)
PermitRootLogin
Specifies whether root can log in using ssh(1). The argument
must be “yes”, “without-password”, “forced-commands-only” or
“no”. The default is “yes”.
If this option is set to “without-password” password authentica-
tion is disabled for root.
If this option is set to “forced-commands-only” root login with
public key authentication will be allowed, but only if the
command option has been specified (which may be useful for taking
remote backups even if root login is normally not allowed). All
other authentication methods are disabled for root.
If this option is set to “no” root is not allowed to log in.
Walking moon
Depending on how ssh and your VNC is configured, yes. I listed other protocols in my post.
As indicated by schragge, you configure each service (ssh, kerberos, VNC, etc) to allow/restrict users, including root.
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
Posting Permissions
Adv Reply
Bookmarks