Options

Can you log on as System users in Linux?

exampasserexampasser Member Posts: 718 ■■■□□□□□□□
in Off-Topic
I was wondering if you can login as a System User in Linux such as logging into the 'shutdown' account?
· Share on FacebookShare on Twitter

Comments

  • Options
    Forsaken_GAForsaken_GA Member Posts: 4,024
    Well, yeah, you can technically login as any user, as long as their not specifically disallowed through other configuration, there's a password set, and they have a valid shell.

    This is not recommended, however, as it presents a security risk. Most system accounts have no passwords set, so they have no valid login by default. Something like rebooting or shutting down the system requires root access, and root can pretty much do anything it wants. The proper way to grant privileges to a user who doesn't need full root access is to use sudo to give them access to only the commands they need to run as root.
    · Share on FacebookShare on Twitter
  • Options
    tierstentiersten Member Posts: 4,505
    If you give it a password then you can log in if you really want to. The shell is set to the shutdown command though so you'll shutdown that machine. That particular account exists so people can allow others the ability to shutdown the machine if necessary without giving them superuser access.

    Generally most system accounts in a *NIX are there because somebody has to own those devices or files and you don't want everything to be owned by root or a user. The only one with extra powers is root (assuming no ACLs or privs etc...).
    · Share on FacebookShare on Twitter
  • Options
    NightShade03NightShade03 Member Posts: 1,383 ■■■■■■■□□□
    Correct me if I'm wrong but I have also noticed that if you give system accounts a password, valid shell, and the ability to login you can't completely reverse the process. By that I mean I think you would have to lock the account and change the shell back afterwards.
    Modular Learning - Learn Something New

    SE Notebook
    · Share on FacebookShare on Twitter
  • Options
    exampasserexampasser Member Posts: 718 ■■■□□□□□□□
    I tried it out and I got the message saying only the root can do that, even though I already was logged on as root.
    · Share on FacebookShare on Twitter
  • Options
    Forsaken_GAForsaken_GA Member Posts: 4,024
    NightShade03 wrote: »
    Correct me if I'm wrong but I have also noticed that if you give system accounts a password, valid shell, and the ability to login you can't completely reverse the process. By that I mean I think you would have to lock the account and change the shell back afterwards.

    Nah, just use passwd with the --delete option and it'll remove the password for the account. When I need to disable a login, I usually just edit the shadow file and add something like DISABLED- before the hashed password, has the same effect, and lets me reenable the account again quickly if I need to.

    (and i just found out that specifying the path to the shadow file makes the forums unhappy!)
    · Share on FacebookShare on Twitter
  • Options
    Forsaken_GAForsaken_GA Member Posts: 4,024
    exampasser wrote: »
    I tried it out and I got the message saying only the root can do that, even though I already was logged on as root.

    If root can't issue the shutdown system, then you've got something else going on. Is this your own personal machine, or a machine that's live in production?
    · Share on FacebookShare on Twitter
  • Options
    exampasserexampasser Member Posts: 718 ■■■□□□□□□□
    Forsaken_GA wrote: »
    If root can't issue the shutdown system, then you've got something else going on. Is this your own personal machine, or a machine that's live in production?

    I'm using a pre-built image of Redhat on VMware that I have obtained from my class. I have taken a snapshot of the OS so if I mess anything up it's not a problem.
    · Share on FacebookShare on Twitter
  • Options
    NightShade03NightShade03 Member Posts: 1,383 ■■■■■■■□□□
    Forsaken_GA wrote: »
    Nah, just use passwd with the --delete option and it'll remove the password for the account. When I need to disable a login, I usually just edit the shadow file and add something like DISABLED- before the hashed password, has the same effect, and lets me reenable the account again quickly if I need to.

    (and i just found out that specifying the path to the shadow file makes the forums unhappy!)

    --delete ? Really ?! I didn't see any such option in the documentation...I will totally need to try this out! Thanks!
    Modular Learning - Learn Something New

    SE Notebook
    · Share on FacebookShare on Twitter
  • Options
    Forsaken_GAForsaken_GA Member Posts: 4,024
    NightShade03 wrote: »
    --delete ? Really ?! I didn't see any such option in the documentation...I will totally need to try this out! Thanks!

    It's in the man pages (on debian anyway hehe)
    · Share on FacebookShare on Twitter
  • Options
    NightShade03NightShade03 Member Posts: 1,383 ■■■■■■■□□□
    Well thats interesting....

    I have an older version of ubuntu that has it listed as -d | --delete in the man page but if you run a passwd --help it doesn't show that option?!

    On my newer ubuntu system it is listed on the man page and in the --help options.

    Weird...lol

    Still that is def good to know thanks for the tip!
    Modular Learning - Learn Something New

    SE Notebook
    · Share on FacebookShare on Twitter
Sign In or Register to comment.