| 1 |
On Mon, 1 Oct 2007 09:47:37 +0200 |
| 2 |
Bertram Scharpf <lists@×××××××××××××××.de> wrote: |
| 3 |
|
| 4 |
> Hi, |
| 5 |
> |
| 6 |
> Am Sonntag, 30. Sep 2007, 20:15:06 -0500 schrieb Dan Farrell: |
| 7 |
> > On Sun, 30 Sep 2007 04:30:11 +0200 |
| 8 |
> > Bertram Scharpf <lists@×××××××××××××××.de> wrote: |
| 9 |
> > > Now I detect there are users in passwd that don't have a |
| 10 |
> > > shadow entry... |
| 11 |
> > that makes sense, because some users aren't allowed to log in. For |
| 12 |
> > example: |
| 13 |
> > | man:x:13:15:man:/usr/share/man:/bin/false |
| 14 |
> > the man user can't log in. the shell is /bin/false. |
| 15 |
> |
| 16 |
> I detected it because there is a warning message in case |
| 17 |
> there is _no_ shadow entry. Instantiating an _empty_ shadow |
| 18 |
> entry makes it disappear: |
| 19 |
> |
| 20 |
> myhost ~ # su - man |
| 21 |
> su: Authentication service cannot retrieve authentication |
| 22 |
> info. |
| 23 |
> (Ignored) |
| 24 |
> myhost ~ # su - portage |
| 25 |
> su: Authentication service cannot retrieve authentication |
| 26 |
> info. |
| 27 |
> (Ignored) |
| 28 |
> myhost ~ # vi /etc/shadow |
| 29 |
> myhost ~ # grep portage /etc/shadow |
| 30 |
> portage:!:13784:0:99999:7::: |
| 31 |
> myhost ~ # su - portage |
| 32 |
> myhost ~ # echo $? |
| 33 |
> 1 |
| 34 |
> myhost ~ # |
| 35 |
> |
| 36 |
> |
| 37 |
> Bertram |
| 38 |
> |
| 39 |
> |
| 40 |
You cannot 'su' to that user because they don't have authentication |
| 41 |
info. In other words, a missing password is not the same as an empty |
| 42 |
password. |
| 43 |
|
| 44 |
I wonder if you could run a program as a particular user if they only |
| 45 |
had authentication info in shadow? I am guessing not, since they |
| 46 |
wouldn't have an associated uid, group, and so on. But, if possible, |
| 47 |
it would explain the situation. |
| 48 |
-- |
| 49 |
gentoo-user@g.o mailing list |
Archives