/etc/shadow, password entries and user ids
If you check /etc/shadow you may notice entries like !! , *LK*, in the place where the password normally is (the second field). Here's what they mean:
- “NP” - No password. This is different to an empty password and means that the account is locked, no user can log in to it directly, i.e. it is an administrative account.
- “*LK*” - the account is Locked, user will be unable to log-in directly.
- “!”, “*” , “!!” - these are set when a user is created and no password has been suppplied. It means that the account is locked and no one can log iin directly (!! is a Red Hat convention, other distros use “!” but all three are valid in linux)
bin:*:15138:0:99999:7::: nscd:!!:15138:0:99999:7::: oraprod:*LK*$1$SdGGt1j7$Ya0l7mohFAm9IpbwTOxh8.:15819:0:99999:7:::
Each field (seperated by : ) has a specific meaning. Taking the oraprod entry as an example, here's what each field means:
- oraprod - user name
- *LK*$1$SdGGt1j7$Ya0l7mohFAm9IpbwTOxh8.- previously had a password but is now locked (*LK*)
- 15819 - when the password was last changed, expressed as the number of days since 1st Jan 1970 (useful!!!)
- 0 - minimum number of days that have to pass between password changes, 0 indicates it can be changed any time
- 99999 - maximum number of days that can pass after which the password needs to be changed (a long time)
- 7 - number of days before the password must be changed when a warning is issued
- first blank field - number of days after the password expires when the account will be disabled (not set)
- second blank field - an absolute number of days after 1st Jan 1970 when the account will be disabled (not set)
Unless you're good at maths, the password change field is particularly useful. The chage command will interpret this and the other field and present them in English, e.g.
#chage -l oraprod Last password change : Apr 24, 2013 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 #chage -l root Last password change : Dec 22, 2016 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
A useful command for checking for errors in /etc/passwd is pwck
#pwck user adm: directory /var/adm does not exist user news: directory /etc/news does not exist user uucp: directory /var/spool/uucp does not exist user gopher: directory /var/gopher does not exist user ftp: directory /var/ftp does not exist user pcap: directory /var/arpwatch does not exist user oprofile: directory /home/oprofile does not exist user avahi-autoipd: directory /var/lib/avahi-autoipd does not exist user sabayon: directory /home/sabayon does not exist pwck: no changes