I have found this entry in /etc/passwd:
debian-tor:x:117:123::/var/lib/tor:/bin/false
But there is no /var/lib/tor folder. This is on a server not a desktop.
When looking into /etc/passwd and /etc/shadow I found many non human users. I read a bit about it and know what they do (as a group, though specifically I see many I have no clue about). All of them (excluding root (locked pwd) and my human user account) have never established passwords (*'s).
Are there any tests or things I can or should do to ensure these are not leaks and we can trust them.
My OS is Ubuntu 12.10, and my account is called acgtyrant, and its UID is 1000. For the need of researching, I changed my UID from 1000 to 1010 in /etc/passwd, and then I found my files' master changed to a number:1000, which prove my suppose. But when I try to change my UID back, I found I can't edit the passwd file any more! Because when I try to run sudo vim /etc/passwd, the Bash told me sudo: unknown uid 1000: who are you?.
So how to solve it? Acctually I am a chinese student, so forgive my poor English please.
Just for my curiosity, where is the username and associated password stored in Ubuntu? And how it is verified at the login time?
On older Debian machines one could issue something like:
echo '<username>:*'|chpasswd -e
in order to change the password field of the user (<username>) to *.
Now I am aware of
passwd -d <username> && passwd -l <username>
to achieve a similar effect and set the password field to !. However, on some newer vanilla Ubuntu configurations (in particular 10.04 LTS) this leads to the user not being able to log into the machine anymore (for example via SSH and key) - with: Your account has expired; please contact your system administrator. - even though passwd(1) "warns" that this is possible.
Now that's exactly what I want to achieve, though. Manually changing the field in the /etc/shadow file from ! to * fixes the issue, but there seems to be no scriptable way to achieve the same without directly fiddling with the shadow file (e.g. with sed). chpasswd -e used to be a convenient alternative, but that has been obviously removed.
So what I am looking for is either a variation of passwd -l that lets me choose the token that gets written into the file or any other kind of replacement for the exact functionality that chpasswd -e offered.
NB: * is already used for system accounts alright, and there seems to be a semantic difference to PAM or whatever between ! and * in the password field.
Also note: on Debian 5 and 6 chpasswd -e works. So the functionality must have gotten stripped deliberately in Ubuntu. I tested Ubuntu 9.10, 10.04 (they don't have it), 11.04 and 11.10 have chpasswd -e.