Difference between ! vs !! vs * in /etc/shadow

The second field in the Linux /etc/shadow file represents a password. However, what we have seen is that:

  1. Some of the password fields may have a single exclamation
    <account>:!:.....
  2. Some of the password fields may have a double exclamation
    <account>:!!:.....
  3. Some of the password fields may have an asterisk sign
    <account>:*:.....

By some research on internet and through this thread, I can understand that * means password never established, ! means locked.

Can someone explain what does double exclamation (!!) mean? and how is it different from (!)?

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

Both “!” and “!!” being present in the password field mean an account is locked.

As it can be read in the following document, “!!” in an account entry in shadow means the account of an user has been created, but not yet given a password. Until being given an initial password by a sysadmin, it is locked by default.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/System_Administration_Guide/s2-redhat-config-users-process.html

Method 2

It may also be worth noting <account>::..... meaning that there is no password required (empty password).

If you are creating an ssh key-only user you could use <account>::0:0:99999:7::: to require that the user set their password (i.e. that they use for sudo) on their first login.

Note: key-only authentication means that a password is NOT an authentication factor.


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments