After a few upgrades; I noticed that new users added with useradd(8)
(using commands in upgradeXX.htm) are created with 13 asterisks in
passwd field. During a new install only one asterisk is placed in this
field for system users. I was curious about this difference and feeling
a bit adventurous; so I changed them all from 13 to 1 (including some
created for packages).
The next day; there is a message in "daily insecurity output":
Checking the /etc/master.passwd file:
Login _pgsql is off but still has a valid shell and alternate access
files in home directory are still readable.
When I need to login (rarely) as _pgsql; I use "sudo su - _pgsql".
Since I don't need to have a password on this user; I changed _pgsql
back to 13 asterisks.
I looked at /etc/security - at about line 40 and following there is a
statement that bypasses the test for shell and home directory if the
password is 13 characters.
Finally, the point...
I was thinking that new users added in upgradeXX should have only one
asterisk instead of 13; so that /etc/security will produce warning if
these users somehow have shells in the future?
Frank