Re: User?s and Shells

From: Philipp Schulte (
Date: 12/19/02

  • Next message: Christian Hammers: "Re: User?s and Shells"
    Date: Thu, 19 Dec 2002 21:04:06 +0100
    From: Philipp Schulte <>
    To: "''" <>

    OTERO Hernan Gustavo EDS wrote:

    > Looking in the /etc/passwd in my RH 8.0 instalation, the users
    > news:x:9:13:news:/etc/news:
    > rpm:x:37:37::/var/lib/rpm:/bin/bash
    > has shell. Why this users need shell?

    I don't know why RH does this. But having a valid shell in /etc/passwd
    is not sufficent for an attacker. The account also must have a valid
    password in /etc/shadow (or wherever your OS keeps them). Usually the
    role-accounts look somewhat like this:


    The "*" or some other symbol like "!" means, that this is not a valid
    password and so nobody can enter a correct password for this account.