[cwelug] Re: delete user password

Tue, 23 Aug 2016 08:00:15 -0700 

As far as I can tell, a user cannot become any user or escalate their
privileges until they create a password:

Create and configure zfoo and zbar users:

root@yoda:~# useradd -m zfoo
root@yoda:~# useradd -m zbar
root@yoda:~# passwd -d zbar
passwd: password expiry information changed.
root@yoda:~# grep z /etc/shadow
zfoo:!:17036:0:99999:7:::
zbar::17036:0:99999:7:::
root@yoda:~# grep %sudo /etc/sudoers
%sudo    ALL=(ALL:ALL) ALL
root@yoda:~# usermod -aG sudo zbar
root@yoda:~# id zbar
uid=1005(zbar) gid=1005(zbar) groups=1005(zbar),27(sudo)

Become zfoo and try to become zbar:

root@yoda:~# su - zfoo
zfoo@yoda:~$ su - zbar
Password:
su: Authentication failure
zfoo@yoda:~$ exit
logout

Become zbar and try to become zbar:

root@yoda:~# su - zbar
zbar@yoda:~$ su - zbar
Password:
su: Authentication failure

Try to run sudo as zbar:

zbar@yoda:~$ sudo id
[sudo] password for zbar:
Sorry, try again.
[sudo] password for zbar:
Sorry, try again.
[sudo] password for zbar:
Sorry, try again.
sudo: 3 incorrect password attempts

Change password:

zbar@yoda:~$ passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
zbar@yoda:~$ sudo id
[sudo] password for zbar:
uid=0(root) gid=0(root) groups=0(root)

Regards,
- Robert


On Tue, Aug 23, 2016 at 6:58 AM, Robert Citek <robert.ci...@gmail.com> wrote:
> Greetings all,
>
> On Ubuntu, I would like to have a user set their own password.  So on
> account creation I would do this:
>
> passwd --delete ${username}
> chage -d 0 ${username}
>
> Are there any security risks created by running those commands?
>
> Regards,
> - Robert

-- 
-- 
Central West End Linux Users Group (via Google Groups)
Main page: http://www.cwelug.org
To post: cwelug@googlegroups.com
To subscribe: cwelug-subscr...@googlegroups.com
To unsubscribe: cwelug-unsubscr...@googlegroups.com
More options: http://groups.google.com/group/cwelug
--- 
You received this message because you are subscribed to the Google Groups 
"Central West End Linux Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cwelug+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to