From owner-freebsd-questions Sun Oct 20 14:49:47 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 653CF37B401 for ; Sun, 20 Oct 2002 14:49:46 -0700 (PDT) Received: from rhadamanth.submonkey.net (pc1-cdif2-4-cust210.cdf.cable.ntl.com [80.4.10.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 925E243E97 for ; Sun, 20 Oct 2002 14:49:45 -0700 (PDT) (envelope-from setantae@submonkey.net) Received: from setantae by rhadamanth.submonkey.net with local (Exim 4.10) id 183Nx9-0008d4-00; Sun, 20 Oct 2002 22:49:43 +0100 Date: Sun, 20 Oct 2002 22:49:43 +0100 From: Ceri Davies To: Bsd Neophyte Cc: Jan Grant , freebsd-questions Subject: Re: FreeBSD version of Linux's "passwd -l" Message-ID: <20021020214943.GA33135@submonkey.net> Mail-Followup-To: Ceri Davies , Bsd Neophyte , Jan Grant , freebsd-questions References: <20021020214343.7987.qmail@web20106.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021020214343.7987.qmail@web20106.mail.yahoo.com> X-message-flag: All your linuxconf-configured redhat are belong to us. User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Oct 20, 2002 at 02:43:43PM -0700, Bsd Neophyte wrote: > --- Jan Grant wrote: > > "man pw lock" doesn't do what you think it does. It displays the man > > page for pw(8), then the man page for lock(1). > > hmmm... you're right. thank you. > > however, i'm still confused about this. > > this is what i found from the lock option in 'pw' after looking again. > > -------- > USER LOCKING > Pw supports a simple password locking mechanism for users; it works by > prepending the string `*LOCKED*' to the beginning of the password field > in master.passwd to prevent successful authentication. > > The lock and unlock commands take a user name or uid of the account to > lock or unlock, respectively. The -V, -C, and -q options as described > above are accepted by these commands. > --------- > > my confusion lies with the fact that, to me at least, this doesn't seem > similar to what the "passwd -l" in the fact that the account is still > availible to root. they both seem to lock the account... but can someone > explain how the account is still used by root if it's locked? I think this just means that root is always allowed to su to a user - the password check is not done when root su's, so the fact that the password is set to an impossible value doesn't matter. Ceri -- you can't see when light's so strong you can't see when light is gone To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message