Linux prohibits users from changing the and reset password
- 2020-06-12 11:38:37
- OfStack
preface
The Linux user's username is saved in
/etc/passwd
File in which the password is saved
/etc/shadow
In the. To prevent users from changing/resetting passwords, set both files to read-only.
Methods the following
chattr +i /etc/passwd
chattr +i /etc/shadow
To allow password changes, unmark the file as read-only:
chattr -i /etc/passwd
chattr -i /etc/shadow
Pay attention to
After setting the two files to read only, the additional effect is that a new user cannot be created. For example, if you install MySQL using yum, the installer will not be able to create a new mysql user and will not be able to start the MySQL service properly. If you have a file read-only setting, it is recommended that you turn off read-only when installing yum.
miscellaneous
i
Represents immutable, which is immutable. For additional options on file properties, refer to chattr's command note: man chattr.
conclusion