Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Ubuntu User (http://www.linux-archive.org/ubuntu-user/)
-   -   Editing /etc/passwd to disable password not working (http://www.linux-archive.org/ubuntu-user/639311-editing-etc-passwd-disable-password-not-working.html)

Santanu Chatterjee 03-01-2012 08:26 AM

Editing /etc/passwd to disable password not working
 
Hello Everybody,

I tried to disable the password of an account on my home ubuntu 11.04
box, by blanking the 2nd field of the corresponding user line in
/etc/passwd and /etc/shadow file. However, whenever I try to login to
the user account I am still being asked for the password and just
pressing 'enter' is not working.

Is there something else that I should be doing? IIRC, I have tried
this some time back in probably ubuntu 8.10 (or maybe some lower
version) and it used to work.

Thanks and regards,
Santanu

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Joaquin Nadal Dura 03-01-2012 09:06 AM

Editing /etc/passwd to disable password not working
 
On 03/01/2012 10:26 AM, Santanu Chatterjee wrote:
> Hello Everybody,
>
> I tried to disable the password of an account on my home ubuntu 11.04
> box, by blanking the 2nd field of the corresponding user line in
> /etc/passwd and /etc/shadow file. However, whenever I try to login to
> the user account I am still being asked for the password and just
> pressing 'enter' is not working.
>
> Is there something else that I should be doing? IIRC, I have tried
> this some time back in probably ubuntu 8.10 (or maybe some lower
> version) and it used to work.
>

Hello,

Try:
$ sudo passwd --delete username

Best regards,

--
ximo.nadal@ific.uv.es

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Ken Adams 03-01-2012 09:43 AM

Editing /etc/passwd to disable password not working
 
On Thu, 2012-03-01 at 14:56 +0530, Santanu Chatterjee wrote:
> Hello Everybody,
>
> I tried to disable the password of an account on my home ubuntu 11.04
> box, by blanking the 2nd field of the corresponding user line in
> /etc/passwd and /etc/shadow file. However, whenever I try to login to
> the user account I am still being asked for the password and just
> pressing 'enter' is not working.
>
> Is there something else that I should be doing? IIRC, I have tried
> this some time back in probably ubuntu 8.10 (or maybe some lower
> version) and it used to work.
>
> Thanks and regards,
> Santanu
>

If you use the following the account will stay in place but be inactive.

sudo passwd --lock [LOGIN]

If you wish to activate the account again then use...

sudo passwd --unlock [LOGIN]

This will put activate the account with the original password.

man passwd is your friend

Rgds Ken


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Santanu Chatterjee 03-01-2012 11:19 AM

Editing /etc/passwd to disable password not working
 
On Thu, Mar 1, 2012 at 3:36 PM, Joaquin Nadal Dura
<ximo.nadal@ific.uv.es> wrote:
>
> Try:
> $ sudo passwd --delete username

Nope. Still not working. I am getting the account disables (i.e.
locked), but not "password-less". But as you said, the manual for
passwd does indicate that this should render the account passwordless!

Any ideas?

-Santanu

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Santanu Chatterjee 03-01-2012 11:28 AM

Editing /etc/passwd to disable password not working
 
On Thu, Mar 1, 2012 at 4:13 PM, Ken Adams <adams.ken.j@gmail.com> wrote:
> On Thu, 2012-03-01 at 14:56 +0530, Santanu Chatterjee wrote:
>> Hello Everybody,
>>
>> I tried to disable the password of an account on my home ubuntu 11.04
>> box, by blanking the 2nd field of the corresponding user line in
>> /etc/passwd and /etc/shadow file. However, whenever I try to login to
>> the user account I am still being asked for the password and just
>> pressing 'enter' is not working.
>>
>> Is there something else that I should be doing? IIRC, I have tried
>> this some time back in probably ubuntu 8.10 (or maybe some lower
>> version) and it used to work.
>>
>> Thanks and regards,
>> Santanu
>>
>
> If you use the following the account will stay in place but be inactive.
>
> sudo passwd --lock [LOGIN]
>
> If you wish to activate the account again then use...
>
> sudo passwd --unlock [LOGIN]
>
> This will put activate the account with the original password.
>
> man passwd is your friend

Yes, its as you said. But this seems to be betraying me! Even "passwd
--delete [LOGIN]" does not render the account passwordless as apparent
from the manual. The commands you mentioned work, but I could do the
same thing using "sudo vipw" and "sudo vipw -s" to directly edit the
passwd and shadow files, and that works.

I think there something else in play here. Any ideas? I can't think of
any right now. If someone can provide a command that _will_ make an
account passwordless, then I could do this: Make a checksum of the etc
directory. Then give the command. Do the checksum again (using
something like Tripwire). That would help me figure out what was
changed by that command. But unless I have the command that does what
I want, there is no point is doing this.

But one thing is for sure, I _could_ make an account passwordless in
some previous ubuntu version (and other distros) by just removing the
password field in shadow/passwd files. ("sudo passwd --delete" seems
to be doing the same thing.)

-Santanu

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Marius Gedminas 03-01-2012 12:28 PM

Editing /etc/passwd to disable password not working
 
On Thu, Mar 01, 2012 at 05:58:41PM +0530, Santanu Chatterjee wrote:
> On Thu, Mar 1, 2012 at 4:13 PM, Ken Adams <adams.ken.j@gmail.com> wrote:
> > On Thu, 2012-03-01 at 14:56 +0530, Santanu Chatterjee wrote:
> >> Hello Everybody,
> >>
> >> I tried to disable the password of an account on my home ubuntu 11.04
> >> box, by blanking the 2nd field of the corresponding user line in
> >> /etc/passwd and /etc/shadow file. However, whenever I try to login to
> >> the user account I am still being asked for the password and just
> >> pressing 'enter' is not working.
> >>
> >> Is there something else that I should be doing? IIRC, I have tried
> >> this some time back in probably ubuntu 8.10 (or maybe some lower
> >> version) and it used to work.
> >>
> >> Thanks and regards,
> >> Santanu
> >>
> >
> > If you use the following the account will stay in place but be inactive.
> >
> > sudo passwd --lock [LOGIN]
> >
> > If you wish to activate the account again then use...
> >
> > sudo passwd --unlock [LOGIN]
> >
> > This will put activate the account with the original password.
> >
> > man passwd is your friend
>
> Yes, its as you said. But this seems to be betraying me! Even "passwd
> --delete [LOGIN]" does not render the account passwordless as apparent
> from the manual. The commands you mentioned work, but I could do the
> same thing using "sudo vipw" and "sudo vipw -s" to directly edit the
> passwd and shadow files, and that works.

/etc/shadow should be the only file you need to edit. (But don't do
that; use passwd --delete.)

> I think there something else in play here. Any ideas?

Having a blank password may not be enough to log in; the PAM module
needs to accept blank passwords too. The default configuration uses
pam_unix.so with nullok_secure, which means a blank password is only
accepted if the user is trying to login from a terminal listed in
/etc/securetty.

How exactly did you try to log in? Via GDM? /etc/securetty
lists :0 so X logins should be allowed, but maybe GDM itself has
an option about this?

I see a curious line in /etc/pam.d/gdm on my 11.04 box:

auth sufficient pam_succeed_if.so user ingroup nopasswdlogin

Maybe this means gdm will accept passwordless logins if the user is
added to a 'nopasswdlogin' group? This is the first time I see such a
group mentioned, though, so maybe I'm misunderstanding something.

Marius Gedminas
--
Shift happens.
-- Doppler
--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Joaquin Nadal Dura 03-01-2012 12:35 PM

Editing /etc/passwd to disable password not working
 
On 03/01/2012 01:19 PM, Santanu Chatterjee wrote:
> On Thu, Mar 1, 2012 at 3:36 PM, Joaquin Nadal Dura
> <ximo.nadal@ific.uv.es> wrote:
>>
>> Try:
>> $ sudo passwd --delete username
>
> Nope. Still not working. I am getting the account disables (i.e.
> locked), but not "password-less". But as you said, the manual for
> passwd does indicate that this should render the account passwordless!
>
> Any ideas?
>

Hi again,

See usermod options --lock & --unlock. But I'm not sure if it works.

BR,

--
ximo.nadal@ific.uv.es

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Santanu Chatterjee 03-01-2012 12:40 PM

Editing /etc/passwd to disable password not working
 
On Thu, Mar 1, 2012 at 7:05 PM, Joaquin Nadal Dura
<ximo.nadal@ific.uv.es> wrote:
> On 03/01/2012 01:19 PM, Santanu Chatterjee wrote:
>> On Thu, Mar 1, 2012 at 3:36 PM, Joaquin Nadal Dura
>> <ximo.nadal@ific.uv.es> wrote:
>>>
>>> Try:
>>> $ sudo passwd --delete username
>>
>> Nope. Still not working. I am getting the account disables (i.e.
>> locked), but not "password-less". But as you said, the manual for
>> passwd does indicate that this should render the account passwordless!
>>
>> Any ideas?
>>
>
> Hi again,
>
> See usermod options --lock & --unlock. But I'm not sure if it works.
>

"usermod --lock" and "usermod --unlock" are quite (exactly ?) similar
in effect to "passwd --lock [LOGIN]" and "passwd --unlock [LOGIN]".
All they do is prefix a '!' to the encrypted password field in
/etc/shadow. But that will only deactivate/activate the account, not
make it passwordless.

-Santanu

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Mark Widdicombe 03-01-2012 12:49 PM

Editing /etc/passwd to disable password not working
 
On 1 March 2012 11:26, Santanu Chatterjee <thisissantanu@gmail.com> wrote:
> Hello Everybody,
>
> I tried to disable the password of an account on my home ubuntu 11.04
> box, by blanking the 2nd field of the corresponding user line in
> /etc/passwd and /etc/shadow file. However, whenever I try to login to
> the user account I am still being asked for the password and just
> pressing 'enter' is not working.
>
> Is there something else that I should be doing? IIRC, I have tried
> this some time back in probably ubuntu 8.10 (or maybe some lower
> version) and it used to work.

passwd -d

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Santanu Chatterjee 03-01-2012 01:49 PM

Editing /etc/passwd to disable password not working
 
On Thu, Mar 1, 2012 at 6:58 PM, Marius Gedminas <marius@pov.lt> wrote:
> On Thu, Mar 01, 2012 at 05:58:41PM +0530, Santanu Chatterjee wrote:
>> On Thu, Mar 1, 2012 at 4:13 PM, Ken Adams <adams.ken.j@gmail.com> wrote:
>> > On Thu, 2012-03-01 at 14:56 +0530, Santanu Chatterjee wrote:
>> >> Hello Everybody,
>> >>
>> >> I tried to disable the password of an account on my home ubuntu 11.04
>> >> box, by blanking the 2nd field of the corresponding user line in
>> >> /etc/passwd and /etc/shadow file. However, whenever I try to login to
>> >> the user account I am still being asked for the password and just
>> >> pressing 'enter' is not working.
>> >>
>> >> Is there something else that I should be doing? IIRC, I have tried
>> >> this some time back in probably ubuntu 8.10 (or maybe some lower
>> >> version) and it used to work.
>> >>
>> >> Thanks and regards,
>> >> Santanu
>> >>
>> >
>> > If you use the following the account will stay in place but be inactive.
>> >
>> > sudo passwd --lock [LOGIN]
>> >
>> > If you wish to activate the account again then use...
>> >
>> > sudo passwd --unlock [LOGIN]
>> >
>> > This will put activate the account with the original password.
>> >
>> > man passwd is your friend
>>
>> Yes, its as you said. But this seems to be betraying me! Even "passwd
>> --delete [LOGIN]" does not render the account passwordless as apparent
>> from the manual. The commands you mentioned work, but I could do the
>> same thing using "sudo vipw" and "sudo vipw -s" to directly edit the
>> passwd and shadow files, and that works.
>
> /etc/shadow should be the only file you need to edit. *(But don't do
> that; use passwd --delete.)
>
>> I think there something else in play here. Any ideas?
>
> Having a blank password may not be enough to log in; the PAM module
> needs to accept blank passwords too. *The default configuration uses
> pam_unix.so with nullok_secure, which means a blank password is only
> accepted if the user is trying to login from a terminal listed in
> /etc/securetty.
>
> How exactly did you try to log in? *Via GDM? */etc/securetty
> lists :0 so X logins should be allowed, but maybe GDM itself has
> an option about this?
>
> I see a curious line in /etc/pam.d/gdm on my 11.04 box:
>
> *auth * *sufficient * * *pam_succeed_if.so user ingroup nopasswdlogin
>
> Maybe this means gdm will accept passwordless logins if the user is
> added to a 'nopasswdlogin' group? *This is the first time I see such a
> group mentioned, though, so maybe I'm misunderstanding something.

Firstly, thanks a lot. It is indeed PAM that was behind all this. (I
really need to learn about this PAM stuff I managed to ignore so far)

Secondly, Oops. When I said blanking the 2nd field of the
corresponding user line in /etc/shadow did not make the account
passwordless, I was being careless. Actually I was using "su [LOGIN]"
to get into the account, which in turn was handled by /etc/pam.d/su
config file. But just now I tried a normal console login at that
account, and I could login passwordless. So it was actually working.

Thirdly, after reading your mail (and some googling), I added a line
"auth sufficient pam_permit.so" in /etc/pam.d/su, and now, regardless
of presence of password in the shadow file, I can su to any account on
the system without password! Scary!

So, indeed PAM is the one I need to know more about.

Thanks again.

-Santanu

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users


All times are GMT. The time now is 07:05 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.