So this week at work we encountered something strange in the
/etc/shadow file. My Co- Worker and me had an almost identical setup of our accounts on the host, especially regarding the ability to login via password (which was disabled).
But he appeared in the
/etc/shadow with a
! in the password field where I (and almost all system accs) had an
* in it.
Strangely interesting. Here’s why and how:
While this may vary from system to system, on our ubuntu machine this meant the following:
||The user originally had the right to login via password but was revoked it|
||This user was created without ability to login via password (only via ssl cert) and never had a password|
! essentially mean the same thing, but different tools use different notations.
! means that the user login should be blocked (with password) which lead to another confusing thing.
My Co-Worker (with an
!) could login via ssh and execute
sudo commands without password prompt even if the sudoers file was configured to prompt for a password…
When I (with an
*) tried to
sudo I had to give a password, even if I never had any…
Seems weird. Maybe a sudoers bug, maybe a