Tom Diehl on 19 Aug 2005 20:03:43 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Re: Terminal/shell login with no password


On Fri, 19 Aug 2005, Michael C. Toren wrote:

On Thu, Aug 18, 2005 at 10:32:29PM -0400, Tom Diehl wrote:
On Thu, 18 Aug 2005, John Von Essen wrote:
Use "vipw" to edit the password file when making these types of changes,
DONT simply edit /etc/passwd.

[..]

Unless you are using some ancient version of *nix the encrypted passwds
are in /etc/shadow. Contrary to the above advice it is very possible to
edit the files directly as long as you are careful. Besides the passwd
file is not the one you want to edit.

Sure, it's possible, but you risk shooting yourself in the foot.

You have that possibility every time you login as root. There is nothing to keep someone from typing rm -rf foo * when you wanted to do rm -rf foo*. Depending on what directory you are in you not only shot yourself in the foot you blew your whole leg off. That is the *nix way. It is assumed you know what you are doing and are responsible for your actions.

vipw(8) locks the password file using the same locking mechanism that
passwd(1), chfn(1), useradd(8), etc all do, which means you avoid
concurrent update problems.  Additionally, many implementations of vipw
will merge the appropriate fields of the passwd and shadow files together
for the editor session, and unmerge the fields and store them in the
appropriate file when you save and exit.  While the implementation of vipw
many Linux distributions include does not support this feature, it does
permit you to edit the shadow file by specifying a command line argument
("-s") while still locking the file appropriately.

Not here it doesn't. There is no mention of a -s option on either fedora core 4 or RHEL4 man pages, so while some distros have the -s option it would appear that anything based on Red Hat does not. In addition there is no mention of the shadow file. You can however use vigr to edit the group file.

Regards,

Tom
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug