If you check /etc/shadow you may notice entries like !! , *LK*, in the place where the password normally is (the second field). Here's what they mean:

  • “NP” - No password. This is different to an empty password and means that the account is locked, no user can log in to it directly, i.e. it is an administrative account.
  • “*LK*” - the account is Locked, user will be unable to log-in directly.
  • “!”, “*” , “!!” - these are set when a user is created and no password has been suppplied. It means that the account is locked and no one can log iin directly (!! is a Red Hat convention, other distros use “!” but all three are valid in linux)

Some examples

 bin:*:15138:0:99999:7:::
    
 nscd:!!:15138:0:99999:7:::      
 
 oraprod:*LK*$1$SdGGt1j7$Ya0l7mohFAm9IpbwTOxh8.:15819:0:99999:7:::

Each field (seperated by : ) has a specific meaning. Taking the oraprod entry as an example, here's what each field means:

  • oraprod - user name
  • *LK*$1$SdGGt1j7$Ya0l7mohFAm9IpbwTOxh8.- previously had a password but is now locked (*LK*)
  • 15819 - when the password was last changed, expressed as the number of days since 1st Jan 1970 (useful!!!)
  • 0 - minimum number of days that have to pass between password changes, 0 indicates it can be changed any time
  • 99999 - maximum number of days that can pass after which the password needs to be changed (a long time)
  • 7 - number of days before the password must be changed when a warning is issued
  • first blank field - number of days after the password expires when the account will be disabled (not set)
  • second blank field - an absolute number of days after 1st Jan 1970 when the account will be disabled (not set)

Unless you're good at maths, the password change field is particularly useful. The chage command will interpret this and the other field and present them in English, e.g.

 #chage -l oraprod   
 Last password change                                    : Apr 24, 2013   
 Password expires                                        : never   
 Password inactive                                       : never   
 Account expires                                         : never   
 Minimum number of days between password change          : 0   
 Maximum number of days between password change          : 99999   
 Number of days of warning before password expires       : 7   
 
 #chage -l root
 Last password change                                    : Dec 22, 2016   
 Password expires                                        : never   
 Password inactive                                       : never   
 Account expires                                         : never   
 Minimum number of days between password change          : 0   
 Maximum number of days between password change          : 99999   
 Number of days of warning before password expires       : 7      

A useful command for checking for errors in /etc/passwd is pwck

 #pwck   
 user adm: directory /var/adm does not exist   
 user news: directory /etc/news does not exist   
 user uucp: directory /var/spool/uucp does not exist   
 user gopher: directory /var/gopher does not exist   
 user ftp: directory /var/ftp does not exist   
 user pcap: directory /var/arpwatch does not exist   
 user oprofile: directory /home/oprofile does not exist   
 user avahi-autoipd: directory /var/lib/avahi-autoipd does not exist   
 user sabayon: directory /home/sabayon does not exist   
 pwck: no changes      

Recent Changes

Contribute to this wiki

Why not help others by sharing your knowledge? Contribute something to this wiki and join out hall of fame!
Contact us for a user name and password