The '!' Means root login is disabled, not that the root account is disabled. su - With a blank root password lets anyone switch user to root without slowing down to crack the password. That is not a safe goal.
Sent from my iPhone > On Feb 6, 2015, at 3:41 AM, ML mail <mlnos...@yahoo.com> wrote: > > The result of running passwd --status tells me that the password needs to be > changed as actually I had in my /etc/shadow file only a "!" as password in > order to safely disable the root account. It looks like this is not > compatible with the cron.d system. I have changed the password and then > locked the account (passwd -l) and now it works. The thing is that I wanted > to remove the password from the /etc/shadow file as with the lock option the > password is still there but with a "!" before it. > > > > >> On Thursday, February 5, 2015 10:18 PM, Bob Proulx <b...@proulx.com> wrote: >> ML mail wrote: >> I am trying to run cron from /etc/cron.d with the root account which >> has password disabled in order not to be able to login as root but >> when the cron entry wants to run it simply does not and show the >> following error message in the log file: >> >> CRON[16785]: Authentication token is no longer valid; new one required > > This reads to me that the password for root has expired. It is the > state of an expired password that is a problem. > > When you say that the root password has been disabled what exactly do > you mean by that statement? Did you 'passwd -e root'? If so that is > the source of the problem. Root should not have an expired password. > > What does this say? Example from a system of mine. > > $ passwd --status root > root P 05/01/2010 0 99999 7 -1 > > >> Any idea how to run a cronjob from /etc/cron.d with the root account >> disabled? > > I didn't have time to test this procedure but I would use 'passwd > root' to change the password and to fix the expiration. (Actually *I* > would simply edit the /etc/shadow file and fix it but for others I > recommend using the tool to avoid a file editing mistake in that very > critical file.) After updating the password I think the expiration > problem will have been fixed. You don't actually ever have to use > that password. > > Bob > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: > https://lists.debian.org/1326385422.691043.1423212080587.javamail.ya...@mail.yahoo.com > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/18c531b7-3530-46b3-8288-2ee5e61e7...@gmail.com
