does toor have passwd or not? According to logins -p: yes
Matthew Seaman
m.seaman at infracaninophile.co.uk
Wed Dec 30 13:21:16 UTC 2009
Anton Shterenlikht wrote:
> I was checking for passwordless accounts with 'logins -p'.
> None was found. However, I understand toor doesn't have
> passwd by default, and I never touched it, so I expected
> logins -p to show toor, but it didn't.
>
> Just to check I also tried to su toor with root passwd - no access.
>
> Please can somebody clarify if toor does indeed have
> passwd.
By default, the account is locked. Look at /etc/master.passwd -- the toor
entry probably looks like this:
toor:*:0:0::0:0:Bourne-again Superuser:/root:
That '*' in the second field means there's simply no possibility of login
using a password. In this case, everything is fine.
If it's a string of dollar signs and alphanumerics like this:
$1$salt$qJH7.N4xYta3aEG/dfqo/0
then the account does have a real password. This is probably OK, if you want
to be able to log in as toor directly. [Before anyone gets excited and
tries to break into any of my machines, no that isn't a real crypted password
from my master.passwd file. It's created like this:
% perl -le 'print crypt("password", "\$1\$salt\$")'
]
If there's nothing in the second field, then you have a problem, as that means
the account has a NULL password (ie. just hit return when prompted for a password
-- this is what 'logins -p' detects). That may or may not actually work to get
into the toor account depending on how you're trying to authenticate and on various other security settings eg. in /etc/pam.d, but even so it is something that should
be fixed pronto. Use vipw(8) to edit master.passwd and insert a * -- vipw will
regenerate /etc/passwd and pwd.db automatically for you.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20091230/05931cd7/signature.pgp
More information about the freebsd-questions
mailing list