Hi,
I want to create users with no password who can’t login, i.e. only users with passwords can login, but users can be created without passwords.
I’m using LDAP & YAST2 to maintain users.
How do I do this? Any advice?
Thanks
David
Does the Disable User Login checkbox on the Add A User screen in YaST do what you want?
I used to control user authentication from LDAP with PAM. It’s a bear to learn and use, but if your using ldap, it may be necessary. “pam-config --help” will get you started. Just don’e make any changes until you’ve had a chance to do it on a test machine.
I don’t think you can do this within the Unix philosophy which requires that everyone who has access to the system has an identity, even as a guest. You could set up a group where all the users had autologin; if you then forbade access to the ‘users’ group for ‘others’, they wouldn’t be able to see anything in the ‘users’ group but they would be able to use the system.
Doesn’t setting the shell field in */etc/passwd *to /bin/false help?
Basicaly login is still possible, but when done, that is the end of it.
I have a set of user ids and group ids which are used for access control or for batch jobs such as mirroring sites or backups.
These user ids must not be able to interactively login to the machines, but they should be usable through su or through crontab entries.
Setting “disable login” prevents their use in su.
I haven’t tried the /bin/false - I’ll try that. Are there ways of circumventing this?
I thought I’d be able to create users with null passwords and then have kdm / gdm / login (which, I guess, means pam) reject them if they try to login.
I haven’t found out how to allow the one without the other in a simple manner.
Thanks
David
It may not be supported in YaST, but from the CLI it’s fairly simple. You just use usermod to lock the account, or you edit /etc/shadow and make their password the ! character, which is never a valid hashed password. Then they cannot login. However to su requires a valid shell, so you cannot set that to /bin/false.
First you want to block from login (which includes CLI, su, GUI), now only GUI, but not su. Have you decided on CLI?
Yes, su requires a usable shell (like CLI), but IMHO su also requires a password (except when executed by root).
Well, no password was one of the requirements, so I assume he’s allowed the user to su via sudo or something other way.
apart from initial testing & setup (via su), the main uses of these userids will be from cron or on folders (directories). They won’t confer higher privileges but be an owner for sets of files / directories which are, e.g. mirrors of live sites for internal access.
Thanks. I’ll give this a whirl!