Very Computer

by **Ian Diddam** » Wed, 10 May 2000 04:00:00

I feel kind of daft asking this question because I have anagging feeling I
should know the answer to this, but I've just been asked how one could
comment
out a line in /etc/passwd and /etc/shadow - the use of "#" of course merely
mnakes that username be prefixed by a "#".

Of course the answer could simply be that one can't comment out lines in
this
file as all characters are legal first characters in a login name....

Ian

by **James A. William** » Wed, 10 May 2000 04:00:00

The proper way to disallow a user login is to lock the passwd. Use admintool or
put a *LK* in the password field in /etc/shadow. Or, remove the user.

> I feel kind of daft asking this question because I have anagging feeling I
> should know the answer to this, but I've just been asked how one could
> comment
> out a line in /etc/passwd and /etc/shadow - the use of "#" of course merely
> mnakes that username be prefixed by a "#".

> Of course the answer could simply be that one can't comment out lines in
> this
> file as all characters are legal first characters in a login name....

> Ian

by **Geoff La** » Fri, 12 May 2000 04:00:00

Quote:> I feel kind of daft asking this question because I have anagging feeling I
> should know the answer to this, but I've just been asked how one could
> comment
> out a line in /etc/passwd and /etc/shadow - the use of "#" of course merely
> mnakes that username be prefixed by a "#".

If the effect you want is to prevent the user accessing the system then
changing the password string to something like "*" would work - but why not
just lock the user with passwd -l ?

--
/\ Geoff. Lane. /\ Manchester Computing /\ Manchester /\ M13 9PL /\ England /\

Be wary of strong drink. It can make you shoot at tax collectors and miss.
Lazarus Long, "Time Enough for Love"

by **Ian Diddam** » Fri, 12 May 2000 04:00:00

>If the effect you want is to prevent the user accessing the system then
>changing the password string to something like "*" would work - but why not
>just lock the user with passwd -l ?

FWIW the requirement was as an "interim" move to phasing out all "local"
passwd entries rthat were otherwise now supplied via NIS - the "commenting
out" bit involving making the "old" passwd entry invalid and omnly the NIS
one
available, but leaving us in such a position that the "old" entry could be
recreated immediately without any hassle.

Geoff's comments are of course otherwise spot on!

Ian

by **Michael O'Sulliva** » Fri, 26 May 2000 04:00:00

A good idea may be to remove the line and put it in a file called
/etc/passwd.om (for example).

As an aside, it is a neat trick to purge the password file by removing old
locked accounts but keeping them in a /etc/passwd.goners file. The use of
this will be apparent when you encounter a file with no userid as the owner.
By cross-referencing the uid in the /etc/passwd.goners file you can tell who
owned it.

M.

> > I feel kind of daft asking this question because I have anagging feeling
I
> > should know the answer to this, but I've just been asked how one could
> > comment
> > out a line in /etc/passwd and /etc/shadow - the use of "#" of course
merely
> > mnakes that username be prefixed by a "#".

> If the effect you want is to prevent the user accessing the system then
> changing the password string to something like "*" would work - but why
not
> just lock the user with passwd -l ?

> --
> /\ Geoff. Lane. /\ Manchester Computing /\ Manchester /\ M13 9PL /\
England /\

> Be wary of strong drink. It can make you shoot at tax collectors and
miss.
> Lazarus Long, "Time Enough for Love"

Very Computer

Comment out a line in /etc/passwd & /etc/shadow

Comment out a line in /etc/passwd & /etc/shadow

Comment out a line in /etc/passwd & /etc/shadow

Comment out a line in /etc/passwd & /etc/shadow

Comment out a line in /etc/passwd & /etc/shadow

Comment out a line in /etc/passwd & /etc/shadow