Many thanks to all who responded:
Rik Schneider
Steve Kay
Sean Ward
Michael Hill
Colin Melville
Glenn Pitcher
Jim Robertori
First, I will admit to a severe brain cramp. Since I follow a
dangerous practice of always using root to do EVERYTHING, I have
developed a habit of performing a su to different ids, and of course,
I don't need to supply a password when su'ing from root, which I
forgot. Thanks to everyone for pointing that out, and for responding.
I have attached the response from Rik Schneider who's response was
very helpful.
Thanks again.
"The password field (in /etc/passwd or /etc/shadow) contains the result of
a one way hash on the password. Your best bet is to put somthing that will
never be the result of the hashing function (e.g. *NP* or *) then set the
shell to something like /bin/false.
When a user attempts to login or su to this account they will be asked for
a password. No password will be able to match the hashed funtion and
they will be denied access. You can prevent a user who gets access to this
account from doing anything with the access by setting the shell to
/bin/false."
______________________________ Reply Separator
_________________________________ Subject: unix id/password for batch
Author: Mark_Conroy@em.fcnbd.com at Internet Date: 7/15/98 2:01 PM
Question for the group,
I have been asked to set up a unix id on a sun server that is running
Oracle. The purpose of the id will be for the developers to use it in
their programs to run batch.
My question is regarding the password. I can set it up to either have
a non expiring password, or to not assign a password to it - in the
/etc/passwd file, use *NP*. This way, no one can login into the
machine using it. However, if someone gets into the machine, they
could just issue a su to it and have all of the permissions for the
group that I have it assigned to - dba.
Any thoughts?
Thanks in advance.
Mark Conroy
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:44 CDT