shadowsusepasswd

Invalid shadow entry with pwck -r


I'm trying to verify integrity of password files using the following command :

pwck -r

It seems that the checking of /etc/passwd is ok but nor for the /etc/shadow

And I get this error :

Invalid shadow entry.

Delete line 'sshd::17100:!!99999:7:::'?

What is the meaning of this ?


Solution

  • The pwck command looks at the /etc/passwd file and the corresponding /etc/passwd file to see if they are in sync. It also checks that all entries in the /etc/passwd and the /etc/shadow files have the proper format and contain valid data. As you have run the pwck command in read only mode (with the flag -r), the output shows you errors and warnings but it does not change the files. The output you are seeing is telling you that the utility has done the check and encountered an invalid entry in the /etc/shadow file and the line it has a problem with is sshd::17100:!!99999:7:::. You can break this line down into the fields that comprise it (the fields are delimited with a :):

    1) sshd

    2)

    3) 17100

    4) !!99999

    5) 7

    6)

    7)

    The meaning of these fields is:

    1) is the user name (sshd)

    2) is the password for this user, this field being blank means that there is no password set for this user

    3) stands for the number of days (since January 1, 1970) since the password was last changed

    4) is the number of days before password may be changed where a 0 means that the password may be changed at any time

    5) is the number of days after which the password must be changed where 99999 means that it can stay unchanged for a very long time

    6) is the number of days to warn the user of an expiring password where 7 stands for a full week

    7) tells you when the account will be disabled after the password has expired.

    With this in mind, it looks like you have an invalid entry in field number 4 which is the number of days before password may be changed where a 0 means that the password may be changed at any time. The invalid entry is !!. Maybe you were modifying the user sshd and used the wrong flag with the wrong value?