1

My (admittedly dated) understanding of unix is that in /etc/passwd if the second field is 'x' then the identity can login with a passwd that matches a hash found in /etc/shadow.

However, when I list /etc/passwd I see that all the identities are marked with an 'x' including those that should not be able to login. In the /etc/shadow file, the no-login entities have a double bang "!!" in the hash field whereas the loginable users have the expected hash.

So, I presume this double bang convention is some alternative to the old (?) mechanism of using '*' to mark no-login users. Why is the old method no longer used?

Tyler Durden
  • 5,631
  • Relating https://unix.stackexchange.com/q/46514/117549 and https://unix.stackexchange.com/q/492112/117549 – Jeff Schaller Jan 27 '19 at 15:41
  • 1
    This should be easily checked against the passwd(5) and shadow(5) manuals on your system (whatever it happens to be). Note that many Unix systems don't even use a "shadowed password file" (e.g. BSD systems). – Kusalananda Jan 27 '19 at 15:49
  • This is a question about field #2 in /etc/passwd, not about field #2 in /etc/shadow, and so does not duplicate that. And I am sad to report, Kusalananda, that this is a case where the manual page for passwd(5) is misleading to the point of being wrong, as you can see. – JdeBP Jan 27 '19 at 17:26

0 Answers0