SUMMARY: commenting out passwd entry

From: Dixon Ly (dly@csl.sri.com)
Date: Tue Jan 16 1996 - 17:57:06 CST


My question was:

>Don't ask me why, but I'd like to comment out (not take out)
>a couple of /etc/passwd entries. Using the customary "#" at
>the beginning of the entry seems to do the trick (the entry
>no long shows up on yp). Is there any caveats for doing this?
>

Alot of responses. Most pointed out that I'll just create
a new account with a # as part of the user name. I already
figured that...but the puzzling part is, the 'new' account
doesn't show up on the NIS passwd database. These accounts
don't own any files or directories, so dangling file
ownership/permission is not a problem here.

Syed Zaeem Hosain (szh@zcon.com) pointed out that, with SunOS 4.0.3,
this creates an account called '#*' that doens't require a password
for login when using YP. But again, I am not seeing the account in NIS.
The oldest OS rev I have running here is 4.1.1.

Most people pointed out that I should add an extra character to the
password field, notably an asterisk, to disable the account. But
these accounts have already been disabled as such previously.

Too many people responded for me to list them all, but thanks to all.
szh@zcon.com is the only one to specifically point out a security hole,
which was what I as going after...

My final solution was to just move those entries to a different file.
I guess my original problem was I wanted these accounts gone, but
I need a record of them.

thanks again,
-d

Dixon Ly mailto:dly@csl.sri.com http://www.csl.sri.com/~dly
Associate Systems Administrator (415) 859-2848
Computer Sciences Laboratory, SRI International



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:51 CDT