Yes, yes I know there are no real passwords or even hashes in that file on modern systems. However, I am quite curious if this is a good, easy way to totally lock down a system from everyone and what would break first. I don't have a spare system, but it sure sounds like a fun experiment. Has anyone tried this?
Just for you I tried it :-)
Any user will be able to login like normal. This is because login runs with root privileges. After being logged in the user won't have access to
/etc/passwd
which might cause problems with userland applications.The first thing you might notice is that the shell cannot read your username which produce a prompt like
Setup an auditctl on /etc/passwd and see what tries to access it:
auditctl -w /etc/passwd -p war
Then afterwards analyse the output of:
ausearch -f /etc/passwd
See what's trying to access it, if it's all root processes then you're fine.