My (admittedly dated) understanding of unix is that in /etc/passwd if the second field is 'x' then the identity can login with a passwd that matches a hash found in /etc/shadow.
However, when I list /etc/passwd I see that all the identities are marked with an 'x' including those that should not be able to login. In the /etc/shadow file, the no-login entities have a double bang "!!" in the hash field whereas the loginable users have the expected hash.
So, I presume this double bang convention is some alternative to the old (?) mechanism of using '*' to mark no-login users. Why is the old method no longer used?
passwd(5)
andshadow(5)
manuals on your system (whatever it happens to be). Note that many Unix systems don't even use a "shadowed password file" (e.g. BSD systems). – Kusalananda Jan 27 '19 at 15:49/etc/passwd
, not about field #2 in/etc/shadow
, and so does not duplicate that. And I am sad to report, Kusalananda, that this is a case where the manual page forpasswd(5)
is misleading to the point of being wrong, as you can see. – JdeBP Jan 27 '19 at 17:26