1 |
On Mon, 1 Oct 2007 09:47:37 +0200 |
2 |
Bertram Scharpf <lists@×××××××××××××××.de> wrote: |
3 |
|
4 |
> Hi, |
5 |
> |
6 |
> Am Sonntag, 30. Sep 2007, 20:15:06 -0500 schrieb Dan Farrell: |
7 |
> > On Sun, 30 Sep 2007 04:30:11 +0200 |
8 |
> > Bertram Scharpf <lists@×××××××××××××××.de> wrote: |
9 |
> > > Now I detect there are users in passwd that don't have a |
10 |
> > > shadow entry... |
11 |
> > that makes sense, because some users aren't allowed to log in. For |
12 |
> > example: |
13 |
> > | man:x:13:15:man:/usr/share/man:/bin/false |
14 |
> > the man user can't log in. the shell is /bin/false. |
15 |
> |
16 |
> I detected it because there is a warning message in case |
17 |
> there is _no_ shadow entry. Instantiating an _empty_ shadow |
18 |
> entry makes it disappear: |
19 |
> |
20 |
> myhost ~ # su - man |
21 |
> su: Authentication service cannot retrieve authentication |
22 |
> info. |
23 |
> (Ignored) |
24 |
> myhost ~ # su - portage |
25 |
> su: Authentication service cannot retrieve authentication |
26 |
> info. |
27 |
> (Ignored) |
28 |
> myhost ~ # vi /etc/shadow |
29 |
> myhost ~ # grep portage /etc/shadow |
30 |
> portage:!:13784:0:99999:7::: |
31 |
> myhost ~ # su - portage |
32 |
> myhost ~ # echo $? |
33 |
> 1 |
34 |
> myhost ~ # |
35 |
> |
36 |
> |
37 |
> Bertram |
38 |
> |
39 |
> |
40 |
You cannot 'su' to that user because they don't have authentication |
41 |
info. In other words, a missing password is not the same as an empty |
42 |
password. |
43 |
|
44 |
I wonder if you could run a program as a particular user if they only |
45 |
had authentication info in shadow? I am guessing not, since they |
46 |
wouldn't have an associated uid, group, and so on. But, if possible, |
47 |
it would explain the situation. |
48 |
-- |
49 |
gentoo-user@g.o mailing list |