On Tue, 10 Jan 2012 13:46:59 -0500 Tanstaafl <tansta...@libertytrek.org> wrote:
> Ok, I did something really dumb... > > I changed the root passwd for a system I manage last week, but > neglected to write it down, and now what I *thought* I had changed it > to isn't working... I know, I know, really *really* dumb, but that's > where I am... > > I know I can boot into Single User mode, remount the root partition > read/write, and edit /etc/shadow (removing the encrypted passwd), > then rest it using passwd, but... > > Some of the accounts in /etc/shadow have a '*' where the encrypted > passwd would be, and some have a '!'... (ie, one is sshd:!:... and > another is halt:*:...) > > Does it matter what I change it to? Should I use a *, !, or nothing > at all (so that there is *nothing* between the two :: that would > normally contain the encrypted passwd)? The password field in shadow contains one of three types of values: - a valid hash - nothing (meaning the account has no password at all) - an invalid hash (meaning the account cannot be logged into as no password will ever hash to that value) The third type has some standard values set by convention over the years to indicate why the password is not valid. Because they are just loose conventions there's not much consistency by usually is goes like this: * means the account is definitely a system account, should never have a valid shell and no-one must ever log into that account. Accounts like bin are like this, and Gentoo gives these /bin/false as a shell ! means it is a valid account that probably should not have a login shell but might run with a proper environment. The man account is like this and Gentoo usually gives these nologin as a shell. So what's the difference? Not much really, it's all a fine case of semantics and to you they ought to be treated the same. I might even have the explanation the wrong way round or be completely wrong, that's how poorly documented this all is :-) To reset root's password, set the field to blank (nothing between the ::) -- Alan McKinnnon alan.mckin...@gmail.com
