[ncolug] Re: /etc/shadow !! in password file
- From: "M. Knisely" <charon79m@xxxxxxxxx>
- To: "ncolug@xxxxxxxxxxxxx" <ncolug@xxxxxxxxxxxxx>
- Date: Thu, 20 Jun 2013 15:23:59 -0400
Tested and my command works properly.
I found w/out the nobody account, ESX licensing doesn't work. Other than
that, it looks like things were working properly w/out the nobody accounts.
So, here are the commands I ran:
adduser -d / -s /bin/nologin -r -u 99 nobody
useradd -d /var/lib/nfs -s /sbin/nologin -r -u 65534 nfsnobody
I hope Google finds this and it saves people some time.
Mike
On Thu, Jun 20, 2013 at 3:15 PM, Gary Sanders <ohgary@xxxxxxxxx> wrote:
> You can use chpasswd -e to put anything you want into the shadow password
> field
>
> Echo 'user_name:!!' | chpasswd -e
>
>
> Gary n8emr
>
> "M. Knisely" <charon79m@xxxxxxxxx> wrote:
>
> The basics is that a person deleted a bunch of service accounts on a
> VMware ESX machine. I need to recreate these service accounts. The
> original service accounts have in the /etc/shadow line for the user "!!"
> without the quotes in the password section of that user's line.
>
> After some help from Nosbig, we found that this is the standard value of a
> created account that has never had a password on any RedHat or derivative
> there of. On the Debian based machines I was using as my test, the default
> for them is just a simple "!" and not the double like RedHat does.
>
> So, what I believe I need to do to re-create these accounts is this:
>
> adduser -d / -s /sbin/nologin -r -u 99 nobody
>
> So, this is going to create a user called nobody with a home of root and a
> shell of /sbin/nologin. Since the UID I need for this user falls below
> 500, I have to use the -r and then I can tell it to use the original UID of
> 99 using the -u command.
>
> I'm testing this in the lab now and will post back the results.
>
> Mike K.
>
>
> On Thu, Jun 20, 2013 at 1:03 PM, Mike <bellyacres@xxxxxxxxx> wrote:
>
>> On 06/20/2013 10:49 AM, M. Knisely wrote:
>>
>>> I know that the ! can mean that the password field is blank or
>>> disabled... what I need to do is to use the passwd command to get it to
>>> write a !! in the password field of /etc/shadow.
>>>
>>> Any suggestions?
>>>
>>> Mike K.
>>>
>>> PS: Yes, I have googled it... extensively.
>>> PPS: Yes, I know I can, as root, edit /etc/shadow and do it manually.
>>> Trust me when I say that there are reasons I don't want to do that unless
>>> I absolutely have to.
>>>
>>
>> Here is a way....
>>
>> mike@tightrope:~$ apropos passwd
>> chgpasswd (8) - update group passwords in batch mode
>> chpasswd (8) - update passwords in batch mode
>> Crypt::PasswdMD5 (3pm) - Provides interoperable MD5-based crypt()
>> functions
>> exim4_passwd (5) - Files in use by the Debian exim4 packages
>> exim4_passwd_client (5) - Files in use by the Debian exim4 packages
>> gpasswd (1) - administer /etc/group and /etc/gshadow
>> grub-mkpasswd-pbkdf2 (1) - generate hashed password for GRUB
>> lppasswd (1) - add, change, or delete digest passwords.
>> makepasswd (1) - generate and/or encrypt passwords
>> mkpasswd (1) - Overfeatured front end to crypt(3)
>> mksmbpasswd (8) - formats a /etc/passwd entry for a smbpasswd file
>> pam_localuser (8) - require users to be listed in /etc/passwd
>> passwd (1) - change user password
>> passwd (1ssl) - compute password hashes
>> passwd (5) - the password file
>> smbpasswd (5) - The Samba encrypted password file
>> smbpasswd (8) - change a user's SMB password
>> update-passwd (8) - safely update /etc/passwd, /etc/shadow and
>> /etc/group
>> mike@tightrope:~$
>>
>> mike@tightrope:~$ man chpasswd
>>
>> mike@tightrope:~$ script
>> Script started on Thu 20 Jun 2013 12:42:53 PM EDT
>> mike@tightrope:~$ sudo adduser iputz
>> [sudo] password for mike:
>> Adding user `iputz' ...
>> Adding new group `iputz' (1001) ...
>> Adding new user `iputz' (1001) with group `iputz' ...
>> Creating home directory `/home/iputz' ...
>> Copying files from `/etc/skel' ...
>> Enter new UNIX password:
>> Retype new UNIX password:
>> passwd: password updated successfully
>> Changing the user information for iputz
>> Enter the new value, or press ENTER for the default
>> Full Name []: Ima Putz
>> Room Number []:
>> Work Phone []:
>> Home Phone []:
>> Other []:
>> Other []:
>> Is the information correct? [Y/n]
>> mike@tightrope:~$ sudo grep iputz /etc/passwd /etc/shadow
>> /etc/passwd:iputz:x:1001:1001:**Ima Putz,,,:/home/iputz:/bin/bash
>> /etc/shadow:iputz:$6$vrgqeJNq$**GF2OckxPdW5eJvM/**
>> Tu3avSBN73tT10e5VFhoH6MiRGcHOp**EumuMsbXOOrFsh0Gr0N3BLddMzYc5b**
>> M8ggvFi4M0:15876:0:99999:7:::
>> mike@tightrope:~$ echo 'iputz:!!' | sudo chpasswd -c NONE
>> sudo grep iputz /etc/passwd /etc/shadow
>> /etc/passwd:iputz:x:1001:1001:**Ima Putz,none,,:/home/iputz:/bin/**bash
>> /etc/shadow:iputz:!!:15876:0:**99999:7:::
>> mike@tightrope:~$ exit
>> Script done on Thu 20 Jun 2013 12:51:23 PM EDT
>> mike@tightrope:~$
>>
>>
>>
>> To unsubscribe send to ncolug-request@xxxxxxxxxxxxx with 'unsubscribe'
>> in the Subject field.
>>
>>
>
Other related posts:
