installation of cdrecord needs an user "bin"

J.A. Neitzel jan.listbox at belvento.org
Thu Oct 4 12:47:33 PDT 2001


Ian Molton wrote:
> On stardate Thu, 04 Oct 2001 11:55:03 -0500
> J.A. began the full scale invasion of earth with the following words:
> 
>> Also be sure that /etc/shadow, if you use shadow, contains:
>> bin:!:XXXXX:X:XXXXX:X:::
>>  |  | |
>>  |  | |= you won't see "X". I put "X" to indicate "not important".
>>  |  |= passwd. "!" indicates a locked account.
>>  |= user
>> 
>> The most important thing is that the account be locked (L). To be
>> sure, simply do a `/usr/bin/passwd -S bin'. You should see a big "L"
>> along with other useful info of course.
>> 
>> Setting the shell as /bin/false is just for extra assurance. This is
>> the easiest way on Linux. Other UNIX systems actually have a program
>> for use with no login accounts. OpenBSD for example has /sbin/nologin
> 
> hmm. what happens when bin is in /etc/passwd and not /etc/shadow

Sounds like you probably added this user with `/usr/sbin/vipw'. Note
that this only deals with the /etc/passwd file. `/usr/sbin/vipw -s' does
the same with the /etc/shadow file. `/usr/sbin/useradd' is a little
better to use because you don't have to go and edit 2 files. Just run
one command with the right flags and you're all set (mostly). This is
not the whole story, but it's close enough for here.

If *any* username, bin or not, is in the passwd file but not in the
shadow file... You would have what amounts to a small inconsistency.
The ramifications of which I don't know, but it appears that whatever
utilities need to access authentication info on your system would
think that the passwd for bin is hidden in /etc/shadow and fail because
it's not. Granted, you want it to fail for this account anyway. This
is very much a generalization of the issue.

In this case, if it is not in /etc/shadow you would be better to
actually replace the "x" for password in /etc/passwd with a "!".
What this means is that this user, bin, is not shadowed. Does it
matter? I don't know really...

If bin is not in /etc/shadow, you can do a quick little experiment.
This may help with understanding how the whole mess works...
Do a `passwd -S bin' before and after changing the pass for bin from
a "x" to a "!" and see the difference. One is locked; the other isn't.

Anyway, after all this you may want to consider simply using useradd
for adding new users to your system. IMHO, it's just a wee bit safer.
-- 
Jeff

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list