Page MenuHomePhabricator
Create Task
Maniphest T12529

Documentation improvement: avoid potentially problematic manual edits to /etc/shadow
Closed, ResolvedPublic
Actions

Description

Issue: Manual edits to /etc/shadow can be problematic if mangled
Version:current/master/whatever secure.phabricator.com is running
Reproduction steps:
https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/#additional-ssh-user-conf contains the following advisement...

/etc/shadow: Open /etc/shadow and find the line for the vcs-user account.

The second field (which is the password field) must not be set to !!. This value will prevent login. If it is set to !!, edit it and set it to NP ("no password") instead.

Recommended resolution:
Change verbiage to the following...

The second field (which is the password field) must not be set to !!. This value will prevent login. If it is set to !!, run 'usermod -p NP vcs-user' to block only password logins.

Revisions and Commits

rP Phabricator
D17648rPdee9c33be260 Suggest use of "usermod" rather than manually editing critical files in /etc

Related Objects

Event Timeline

Rtzq0 created this task.Apr 10 2017, 6:43 PM
epriestley added a subscriber: epriestley.Apr 10 2017, 7:16 PM
epriestley@orbital ~ $ usermod
-bash: usermod: command not found

That said, this is reasonable to suggest on systems where it is available.

Rtzq0 added a comment.Apr 10 2017, 7:22 PM

@epriestley would

The second field (which is the password field) must not be set to !!. This value will prevent login. If it is set to !!, run 'usermod -p NP vcs-user' to block only password logins. If usermod is not available on your system you will need to set the password field value for vcs-user to 'NP' by manually editing /etc/shadow.

be acceptable?

epriestley added a revision: D17648: Suggest use of "usermod" rather than manually editing critical files in /etc.Apr 10 2017, 7:22 PM
epriestley added a comment.Apr 10 2017, 7:23 PM

Does the language in D17648 look OK?

Rtzq0 added a comment.Apr 10 2017, 8:06 PM

Absolutely. Thanks very much.

epriestley closed this task as Resolved by committing rPdee9c33be260: Suggest use of "usermod" rather than manually editing critical files in /etc.Apr 10 2017, 9:15 PM
epriestley added a commit: rPdee9c33be260: Suggest use of "usermod" rather than manually editing critical files in /etc.
Phabricator · Built by Phacility