Security of using sudo rather than su?
Adam Funk
a24061 at yahoo.com
Fri Sep 15 09:46:19 UTC 2006
On 2006-09-15, Alan McKinnon <alan at linuxholdings.co.za> wrote:
> On Thursday 14 September 2006 19:45, Adam Funk wrote:
>> What's the practical difference in effect (I mean beyond what
>> appears in /etc/shadow) of passwd -d and passwd -l? Is it
>> just that the effect of -l can be reversed back to the
>> previously valid password?
>
> Pretty much. Both options are provided so that root can do
> either.
>
> -d is also useful if you have a situation where a system user
> (like bin or apache) somehow got a password. I had this with a
> database product and the manual said to useradd a user with
> login abilities. Later on I realised the db could run as a
> daemon so I hacked the startup scripts and did -d on the db
> owner account
In /etc/shadow I find bin's password field is '*' but cupsys has '!'.
`passwd -S` for both of them gives a status of 'L' (locked). `man
passwd` says there are three possibilities: "the account is locked (L),
has no password (NP), or has a usable password (P)".
So now I'm wondering:
* Does `passwd -d` produce status NP?
* What's the difference between '*' and '!' in the encrypted password
field?
* Why are the daemon-ish accounts L rather than NP, since you
shouldn't want to unlock them? And what would happen if you tried
`passwd -u`, since they haven't had passwords yet?
More information about the ubuntu-users
mailing list