For todays quick tip we’re looking at /etc/shadow, password entries and user ids. If you check /etc/shadow you may notice entries like !! , *LK*, in the place where the password normally is (the second field). Here’s what they mean:

“NP” - No password. This is different to an empty password and means that the account is locked, no user can log in to it directly, .i.e. it is an administrative account.

- No password. This is different to an empty password and means that the account is locked, no user can log in to it directly, .i.e. it is an administrative account. “*LK*” - the account is Locked, user will be unable to log-in directly.

- the account is Locked, user will be unable to log-in directly. “!”, “*” , “!!” - these are set when a user is created and no password has been suppplied. It means that the account is locked and no one can log iin directly (!! is a Red Hat convention, other distros use “!” but all three are valid in linux)

Some examples

bin:*:15138:0:99999:7:::

nscd:!!:15138:0:99999:7:::

oraprod:*LK*$1$SdGGt1j7$Ya0l7mohFAm9IpbwTOxh8.:15819:0:99999:7:::

Each field (seperated by :) has a specific meaning. Taking the oraprod entry as an example, here’s what each field means:

oraprod - user name

*LK*$1$SdGGt1j7$Ya0l7mohFAm9IpbwTOxh8.- previously had a password but is now locked (*LK*)

15819 - when the password was last changed, expressed as the number of days since 1st Jan 1970 (useful!!!)

0 - minimum number of days that have to pass between password changes, 0 indicates it can be changed any time

99999 - maximum number of days that can pass after which the password needs to be changed (a long time)

7 - number of days before the password must be changed when a warning is issued

first blank field - number of days after the password expires when the account will be disabled (not set)

second blank field - an absolute number of days after 1st Jan 1970 when the account will be disabled (not set)

Unless you’re good at maths, the password change field is particularly useful. The chage command will interpret this and the other field and present them in English, e.g.

#chage -l oraprod

Last password change : Apr 24, 2013

Password expires : never

Password inactive : never

Account expires : never

Minimum number of days between password change : 0

Maximum number of days between password change : 99999

Number of days of warning before password expires : 7



#chage -l root Last password change : Dec 22, 2016

Password expires : never

Password inactive : never

Account expires : never

Minimum number of days between password change : 0

Maximum number of days between password change : 99999

Number of days of warning before password expires : 7



A useful command for checking for errors in /etc/passwd is pwck

#pwck

user adm: directory /var/adm does not exist

user news: directory /etc/news does not exist

user uucp: directory /var/spool/uucp does not exist

user gopher: directory /var/gopher does not exist

user ftp: directory /var/ftp does not exist

user pcap: directory /var/arpwatch does not exist

user oprofile: directory /home/oprofile does not exist

user avahi-autoipd: directory /var/lib/avahi-autoipd does not exist

user sabayon: directory /home/sabayon does not exist

pwck: no changes



Yay, it’s the weekend. Peace and love.