shadow and gshadow have x in password field

skywarp · 2011-04-24 17:44:28

I tried doing some research to find out what an 'x' in the password field of the shadow and the gshadow files means and couldn't find an answer that I'm sure about. I know an 'x' in the passwd and groups files means that the Shadow Suite is being used and the 'x' acts as a place holder. Why would the shadow files have an 'x' in the password field though? It seems to only be for system accounts, so maybe it means that some other authentication method is being used besides passwords. I can't find any mention of it in the man files. The man files and Google search both indicate that the only thing that should in the password field should be an encrypted password, an '!', an '!!', or an '*'. I tried looking through the source code for the Shadow Suite a little bit too, but couldn't find an answer. Any ideas?

karol · 2011-04-24 18:53:47

Similar thread https://bbs.archlinux.org/viewtopic.php?id=34349

Last edited by karol (2011-04-24 19:04:41)

skywarp · 2011-04-24 19:09:26

The question posed in that post was never answered correctly. The answer posted referred to an 'x' being in the password field of the /etc/passwd file not the /etc/shadow file. My question and the question posed in the post you referenced is why is there an 'x' in the password field of the /etc/shadow file.

karol · 2011-04-24 19:17:40

skywarp wrote:

The question posed in that post was never answered correctly.

Yes, I know. Actually at first I answered the same way to your question and only later removed it 'P

skywarp wrote:

The answer posted referred to an 'x' being in the password field of the /etc/passwd file not the /etc/shadow file. My question and the question posed in the post you referenced is why is there an 'x' in the password field of the /etc/shadow file.

According to a Random Internet Post (tm), shadow file shouldn't have a 'x'. That's all I "know".

skywarp · 2011-04-24 19:22:00

karol wrote:

According to a Random Internet Post (tm), shadow file shouldn't have a 'x'. That's all I "know".

That's the answer I keep coming across too, but I'm left wondering if I should be changing the 'x' to an '!'. I didn't put them in the /etc/shadow file. Does your /etc/shadow file have an 'x' in the password field for various system accounts?

karol · 2011-04-24 19:40:11

[karol@black ~]$ sudo grep ':x:' /etc/shadow
bin:x:14871::::::
daemon:x:14871::::::
mail:x:14871::::::
ftp:x:14871::::::
http:x:14871::::::
nobody:x:14871::::::
[karol@black ~]$ sudo grep ':x:' /etc/gshadow
rfkill:x::
network:x::
video:x::
floppy:x::
storage:x::
scanner:x::
power:x::
dbus:x::
avahi:x::
aurbuild:x::

loafer · 2011-04-24 20:07:37

The x only seems to appear in shadow when the shell is /bin/false in passwd.

edit: I'm not sure if there's any need to worry about gshadow as groups don't tend to have passwords.

edit: They are the ones included in the filesystem package (root isn't there in the examples above because we set a password for root):

root::14871::::::
bin:x:14871::::::
daemon:x:14871::::::
mail:x:14871::::::
ftp:x:14871::::::
http:x:14871::::::
nobody:x:14871::::::

I'm pretty sure this isn't a problem. The field containing x is for the encrypted passwords and since "x" won't match a real password is there a problem here?

Last edited by loafer (2011-04-24 22:05:06)

rowdog · 2011-04-25 19:21:11

man 5 shadow

If the password field contains some string that is not a valid
result of crypt(3), for instance ! or *, the user will not be able
to use a unix password to log in (but the user may log in the
system by other means).

x is not a valid result of crypt.

skywarp · 2011-04-28 03:33:10

loafer wrote:

The x only seems to appear in shadow when the shell is /bin/false in passwd.
edit: I'm not sure if there's any need to worry about gshadow as groups don't tend to have passwords.
edit: They are the ones included in the filesystem package (root isn't there in the examples above because we set a password for root):
root::14871::::::
bin:x:14871::::::
daemon:x:14871::::::
mail:x:14871::::::
ftp:x:14871::::::
http:x:14871::::::
nobody:x:14871::::::
I'm pretty sure this isn't a problem. The field containing x is for the encrypted passwords and since "x" won't match a real password is there a problem here?

That is a good observation. I didn't catch the pattern with /bin/false. I didn't think anything was broken because I recently ran updates and the gshadow.pacnew file has x's in it too. I was just curious because I like to know why things are the way they are instead of just accepting it for the way it is.

rowdog wrote:

x is not a valid result of crypt.

That was what lead me down this road. Thanks for all responses!!

Arch Linux

#1 2011-04-24 17:44:28

shadow and gshadow have x in password field

#2 2011-04-24 18:53:47

Re: shadow and gshadow have x in password field

#3 2011-04-24 19:09:26

Re: shadow and gshadow have x in password field

#4 2011-04-24 19:17:40

Re: shadow and gshadow have x in password field

#5 2011-04-24 19:22:00

Re: shadow and gshadow have x in password field

#6 2011-04-24 19:40:11

Re: shadow and gshadow have x in password field

#7 2011-04-24 20:07:37

Re: shadow and gshadow have x in password field

#8 2011-04-25 19:21:11

Re: shadow and gshadow have x in password field

#9 2011-04-28 03:33:10

Re: shadow and gshadow have x in password field

Board footer