Hey guys just wondering how i could lock a specific acount by prepending LK
to the password field in the /etc/shadow file.
it cannot be done through a command since the script gets called by a menu driven interface so i cant use "passwd". Is there a way where i can search for a specific account then maybe write to the file which the field needs LK?
For the project we are doing where not aloud to use any commands like passwd we have to modify the shadow directly they just love making things hard for us
On most unixes with a shadow file you'll need to run "pwconv" immediately after a manual edit.
See "man pwconv" an check against your local circumstances.
man shadow
username:password:lastchg:min:max:warn:inactive:expire:flag
/etc/shadow entries should appear in exactly the same order as /etc/passwd entries;
If you prepend *LK* to the beginning of a line in /etc/shadow, you will break things.
If you append *LK* to the end of the line, you may get unexpected results.
<soapbox>
Manually mangling /etc/shadow is problematic for the following reason:
If you corrupt the root entry, you will not be able to perform administrative tasks on the server, and will need to reboot from alternate media to repair.
There is a reason that we have commands like passwd. They are to ensure the integrity of the system as a whole. If you wish to bypass these safeties, you risk the entire environment.</soapbox>
Copy the shadow file.
Create an account.
Lock that account with "passwd -l".
Compare shadow file with the copy (man diff).
Post the output from "diff" for the awk experts to see.