Difference between !, !! and * in /etc/shadow



So this week at work we encountered something strange in the /etc/shadow file. My Co- Worker and me had an almost identical setup of our accounts on the host, especially regarding the ability to login via password (which was disabled).

But he appeared in the /etc/shadow with a ! in the password field where I (and almost all system accs) had an * in it.

Strangely interesting. Here’s why and how:

While this may vary from system to system, on our ubuntu machine this meant the following:

Symbol Meaning
! The user originally had the right to login via password but was revoked it
* This user was created without ability to login via password (only via ssl cert) and never had a password

!! and ! essentially mean the same thing, but different tools use different notations.
Also ! means that the user login should be blocked (with password) which lead to another confusing thing.



My Co-Worker (with an !) could login via ssh and execute sudo commands without password prompt even if the sudoers file was configured to prompt for a password…

When I (with an *) tried to sudo I had to give a password, even if I never had any…

Seems weird. Maybe a sudoers bug, maybe a /etc/shadow bug.

Sources: