[CentOS] /etc/passwd.rpmnew changes "x" to "*"

Sun Jun 29 00:31:29 UTC 2008
Johnny Hughes <johnny at centos.org>

Matt Seitz (matseitz) wrote:
>> From: John R Pierce <pierce at hogranch.com>
>>
>> * tells it to look in /etc/shadow, where I'd expect you would 
>> find said 
>> "x" for no login.
> 
> I'm confused.  My current "/etc/passwd" has "x" in the password field for user "root", and I can log in as root.
> 
> The CentOS documentation also says that "x" means "use /etc/shadow":
> 
> http://www.centos.org/docs/4/4.5/System_Administration_Guide/s2-redhat-config-users-process.html
> http://www.centos.org/docs/4/html/rhel-isa-en-4/s1-acctsgrps-rhlspec.html

A "*" means that the user in question can not login.

In this case you DO NOT want to integrate these changes ... as the 
default passwd file initially put in etc at system install time (by the 
setup rpm) is adjusted to have an "x" (by anaconda) if you are using a 
shadow password file (and almost everyone wants to use a shadow password 
file).  That default passwd.rpmnew file also has NO PASSWD for root ... 
BAD :D

If you look in your /etc/shadow file, you will see that all the users 
who have a "*" in that "default" passwd.rpmnew file have a "*" instead 
in /etc/shadow, so the that same restriction to login is now enforced in 
the shadow file (where the system will look if you have shadow passwds 
enabled).

This issue was caused in CentOS-4 (a /etc/passwd.rpmnew file) due to an 
update to the "setup" rpm in March ... and in this case, you can 
remove/ignore that file.

Thanks,
Johnny Hughes


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080628/e994dcaa/attachment-0005.sig>