[ale] how to create user with no password

James P. Kinney III jkinney at localnetsolutions.com
Thu Feb 26 11:28:30 EST 2004 

On Thu, 2004-02-26 at 10:52, Geoffrey wrote:
> Armsby John-G16665 wrote:
> > All,
> > 
> > I am running an out of the box redhat 9.  I am required to set up an
> > account for corporate "bdnaadmin' with NO PASSWORD.  It seems that
> > the GUI (how embarassing for me) requires a password.  I have tried
> > deleting the account, then using "adduser bdnaadmin".  RedHat put one
> > in for me...
> 
> Actually you have two options.  Editing the /etc/passwd or /etc/shadow 
> and removing the password, the id will not be prompted for a password. 
> If you change the password as root, just hit return, it might complain 
> about the password, but hit return again anyway and then the user will 
> be prompted for a password and be required to simply hit return.

And while your editing the /etc/passwd file, change the line that reads:
/bin/bash
to:
/bin/false

This will prevent shell access. Since this account is for some process
too stupid to use a password, that process is WAY too stupid to access
to shell commands. Better yet, make the only character between the first
and second ":" a "!". This will prevent logins.

For remote access security, setup this account to use ssh access with
RSA keys only. 

As an admin who has been faced with brain-damaged decisions that just
beg for unauthorized system access, I have used the line "I can't do
that. The system REQUIRES a password on EVERY account."

If the brain-damage continues, be sure to document the entire process
(who said what and when) so when it comes back to bite you in the butt,
you will have some recourse.
-- 
James P. Kinney III          \Changing the mobile computing world/
CEO & Director of Engineering \          one Linux user         /
Local Net Solutions,LLC        \           at a time.          /
770-493-8244                    \.___________________________./
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part

More information about the Ale mailing list