[PLUG] Re: Terminal/shell login with no password

Tom Diehl on 19 Aug 2005 20:03:43 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Re: Terminal/shell login with no password

From: Tom Diehl <tdiehl@rogueind.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: [PLUG] Re: Terminal/shell login with no password

Date: Fri, 19 Aug 2005 16:03:17 -0400 (EDT)

Cc: plug@phillylinux.org

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

On Fri, 19 Aug 2005, Michael C. Toren wrote:

On Thu, Aug 18, 2005 at 10:32:29PM -0400, Tom Diehl wrote:
On Thu, 18 Aug 2005, John Von Essen wrote:
Use "vipw" to edit the password file when making these types of changes, DONT simply edit /etc/passwd.

[..]

Unless you are using some ancient version of *nix the encrypted passwds are in /etc/shadow. Contrary to the above advice it is very possible to edit the files directly as long as you are careful. Besides the passwd file is not the one you want to edit.
Sure, it's possible, but you risk shooting yourself in the foot.

You have that possibility every time you login as root. There is nothing to keep someone from typing rm -rf foo * when you wanted to do rm -rf foo*. Depending on what directory you are in you not only shot yourself in the foot you blew your whole leg off. That is the *nix way. It is assumed you know what you are doing and are responsible for your actions.

vipw(8) locks the password file using the same locking mechanism that passwd(1), chfn(1), useradd(8), etc all do, which means you avoid concurrent update problems. Additionally, many implementations of vipw will merge the appropriate fields of the passwd and shadow files together for the editor session, and unmerge the fields and store them in the appropriate file when you save and exit. While the implementation of vipw many Linux distributions include does not support this feature, it does permit you to edit the shadow file by specifying a command line argument ("-s") while still locking the file appropriately.

Not here it doesn't. There is no mention of a -s option on either fedora core 4 or RHEL4 man pages, so while some distros have the -s option it would appear that anything based on Red Hat does not. In addition there is no mention of the shadow file. You can however use vigr to edit the group file.

Regards,

Tom ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Terminal/shell login with no password
From: "Michael C. Toren" <mct@toren.net>

References:

[PLUG] Terminal/shell login with no password
From: Eric <eric@lucii.org>

Re: [PLUG] Terminal/shell login with no password
From: John Von Essen <john@essenz.com>

[PLUG] Re: Terminal/shell login with no password
From: Tom Diehl <tdiehl@rogueind.com>

Re: [PLUG] Re: Terminal/shell login with no password
From: "Michael C. Toren" <mct@toren.net>

Prev by Date: Re: [PLUG] Terminal/shell login with no password

Next by Date: [PLUG] NIC problem

Previous by thread: Re: [PLUG] Re: Terminal/shell login with no password

Next by thread: Re: [PLUG] Terminal/shell login with no password

Index(es):

Date

Thread