On Mon, 1 Oct 2007 09:47:37 +0200 Bertram Scharpf <[EMAIL PROTECTED]> wrote:
> Hi, > > Am Sonntag, 30. Sep 2007, 20:15:06 -0500 schrieb Dan Farrell: > > On Sun, 30 Sep 2007 04:30:11 +0200 > > Bertram Scharpf <[EMAIL PROTECTED]> wrote: > > > Now I detect there are users in passwd that don't have a > > > shadow entry... > > that makes sense, because some users aren't allowed to log in. For > > example: > > | man:x:13:15:man:/usr/share/man:/bin/false > > the man user can't log in. the shell is /bin/false. > > I detected it because there is a warning message in case > there is _no_ shadow entry. Instantiating an _empty_ shadow > entry makes it disappear: > > myhost ~ # su - man > su: Authentication service cannot retrieve authentication > info. > (Ignored) > myhost ~ # su - portage > su: Authentication service cannot retrieve authentication > info. > (Ignored) > myhost ~ # vi /etc/shadow > myhost ~ # grep portage /etc/shadow > portage:!:13784:0:99999:7::: > myhost ~ # su - portage > myhost ~ # echo $? > 1 > myhost ~ # > > > Bertram > > You cannot 'su' to that user because they don't have authentication info. In other words, a missing password is not the same as an empty password. I wonder if you could run a program as a particular user if they only had authentication info in shadow? I am guessing not, since they wouldn't have an associated uid, group, and so on. But, if possible, it would explain the situation. -- [EMAIL PROTECTED] mailing list
