From owner-freebsd-questions@FreeBSD.ORG Thu Dec 18 06:26:28 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AAF8216A4F0 for ; Thu, 18 Dec 2003 06:26:28 -0800 (PST) Received: from mx.tele-kom.ru (mx.tele-kom.ru [213.80.148.6]) by mx1.FreeBSD.org (Postfix) with SMTP id B398543D55 for ; Thu, 18 Dec 2003 06:26:06 -0800 (PST) (envelope-from doublef@tele-kom.ru) Received: (qmail 93341 invoked by uid 555); 18 Dec 2003 17:26:05 +0300 Received: from hal.localdomain (213.80.149.143) by t-k.ru with TeleMail/2 id 1071757563-93332 for elite_bizkit@hotmail.com; Thu, 18 Dec 17:26:03 2003 +0300 (MSK) Date: Thu, 18 Dec 2003 17:27:43 +0300 From: Sergey 'DoubleF' Zaharchenko To: "Rhys John" Message-Id: <20031218172743.29c0fa30.doublef@tele-kom.ru> In-Reply-To: References: X-Mailer: Sylpheed version 0.9.6claws (GTK+ 1.2.10; i386-portbld-freebsd4.8) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Thu__18_Dec_2003_17_27_43_+0300_0nQP/Qx3H_W3jj7p" cc: freebsd-questions@freebsd.org Subject: Re: master.passwd -- securing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2003 14:26:28 -0000 --Signature=_Thu__18_Dec_2003_17_27_43_+0300_0nQP/Qx3H_W3jj7p Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit On Thu, 18 Dec 2003 11:44:14 +0000 "Rhys John" probably wrote: > Both accounts are now active but i would like to remove the encrypted > password from master.passwd and replace it with a *. Is this possible with > "vipw"? > It doesn't matter what you use for editing your password files (at least for this point). If you have a `*' in your master.passwd, that means that direct console logins for that user are disabled. If you are so much embarassed about root having a password, you may use sudo (from ports) and allow a certain user to "sudo sh" to gain root priveleges, for instance. He (you as a user) will then have to enter his own password, not root's. This way, you exchange a cracker's job of cracking your root password for a job of cracking your user password, so it's not much more secure:). > Thanks for your reply hugle > > >From: hugle > >Reply-To: hugle > >To: freebsd-questions@freebsd.org > >Subject: Re: master.passwd -- securing > >Date: Thu, 18 Dec 2003 03:39:18 -0800 > > > >RJ> Ive been playing with "vipw" trying to change passwords into "*" for a > >RJ> slightly higher level of security but ran into some very big problems. > >RJ> From reading through the FreeBSD handbook it seemed all i had to do was replace > >RJ> the encrypted password with *, which is what i did. I thought it seemed > >RJ> bit odd but continued anyway. Foolishly (although i was quite tired) i did > >RJ> this to both my user account and root. So they both had * as their password > >RJ> and looked the same as every other entry in the file. I saved it and "vipw" > >RJ> updated the database so i thought all was well and logged off to check... > >RJ> big mistake! The net result of this was not good, i couldnt access my user > >RJ> account or root :( Anyway i had to cut the power to my PC since i couldnt > >RJ> shut it down because i was locked out. After that i went into single user > >RJ> mode and changed the passwords back and its working now but i cant hide the > >RJ> passwords. So i guess after all this rambling my question is how to i secure > >RJ> the password file? How do i change from the encrypted password to * without > >RJ> screwing over my system? Any help would by much appreciated > >try doing that: > >#Forget your root pw? > >1. Reboot. when you see the "boot" prompt, type boot -s and hit enter > >2. run this command: fsck -p / && mount -u / > >3. use the `passwd` command to set a password for root > >4. reboot, done > > > >hope that helps.. > > > > > >_______________________________________________ > >freebsd-questions@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >To unsubscribe, send any mail to > >"freebsd-questions-unsubscribe@freebsd.org" > > _________________________________________________________________ > Find a cheaper internet access deal - choose one to suit you. > http://www.msn.co.uk/internetaccess > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- DoubleF Violence is the last refuge of the incompetent. -- Salvor Hardin --Signature=_Thu__18_Dec_2003_17_27_43_+0300_0nQP/Qx3H_W3jj7p Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/4bl1wo7hT/9lVdwRAucUAJ9xUMPqhtddJDdyal1ecEjLTDTfQgCePHb4 z5CsjrENVoKUulU8DwKHrjY= =gigX -----END PGP SIGNATURE----- --Signature=_Thu__18_Dec_2003_17_27_43_+0300_0nQP/Qx3H_W3jj7p--