0

on my server running UnraidOS I got a bit suspicious. There are both 'passwd' and 'passwd-' files (same goes for shadow(-)). These ones should be only backups as I understood.

Running:

root@Unraid-server:~# diff /etc/passwd{,-}

delivers:

2,8c2,8 < bin:x:1:1:bin:/bin:/bin/false < daemon:x:2:2:daemon:/sbin:/bin/false < adm:x:3:4:adm:/var/log:/bin/false < ftp:x:14:50::/home/ftp:/bin/false < rpc:x:32:32:RPC portmap user:/:/bin/false < sshd:x:33:33:sshd:/:/bin/false < ntp:x:44:44:User for NTP:/:/bin/false --- > bin:!:1:1:bin:/bin:/bin/false > daemon:!:2:2:daemon:/sbin:/bin/false > adm:!:3:4:adm:/var/log:/bin/false > ftp:!:14:50::/home/ftp:/bin/false > rpc:!:32:32:RPC portmap user:/:/bin/false > sshd:!:33:33:sshd:/:/bin/false > ntp:!:44:44:User for NTP:/:/bin/false 10,14c10,14 < dhcpcd:x:68:68:dhcp PrivSep:/var/lib/dhcpcd:/bin/false < avahi:x:61:214:Avahi Daemon User:/dev/null:/bin/false < avahi-autoipd:x:62:62:Avahi AutoIP Daemon User:/dev/null:/bin/false < messagebus:x:81:81:User for D-BUS:/var/run/dbus:/bin/false < nobody:x:99:100:nobody:/:/bin/false --- > dhcpcd:!:68:68:dhcp PrivSep:/var/lib/dhcpcd:/bin/false > avahi:!:61:214:Avahi Daemon User:/dev/null:/bin/false > avahi-autoipd:!:62:62:Avahi AutoIP Daemon User:/dev/null:/bin/false > messagebus:!:81:81:User for D-BUS:/var/run/dbus:/bin/false > nobody:!:99:100:nobody:/:/bin/false

As it seems, only all the 'x' for '!' were changed in the back-uped version. Nothing changed here in terms of the user id, just the 'locked' status was applied.

A) This is correct and not suspicious, right?

For shadow it is a bit different:

root@Unraid-server:~# diff /etc/shadow{,-} 2,11c2,11 < bin:!:19469:0:99999:7::: < daemon:!:19469:0:99999:7::: < adm:!:19469:0:99999:7::: < ftp:!:19469:0:99999:7::: < rpc:!:19469:0:99999:7::: < sshd:!:19469:0:99999:7::: < avahi:!:19469:0:99999:7::: < avahi-autoipd:!:19469:0:99999:7::: < messagebus:!:19469:0:99999:7::: < nobody:!:19469:0:99999:7::: --- > bin:!:19451:0:99999:7::: > daemon:!:19451:0:99999:7::: > adm:!:19451:0:99999:7::: > ftp:!:19451:0:99999:7::: > rpc:!:19451:0:99999:7::: > sshd:!:19451:0:99999:7::: > avahi:!:19451:0:99999:7::: > avahi-autoipd:!:19451:0:99999:7::: > messagebus:!:19451:0:99999:7::: > nobody:!:19451:0:99999:7::: 15c15 < ntp:!:19469:::::: --- > ntp:!:19451:::::: 17c17 < dhcpcd:!:19469:::::: --- > dhcpcd:!:19451::::::

Shouldn't there be the same user-id on shadow as well as shadow-? Why are the user-id's changed between the original file and the backup? -> on my /boot/config file the user-id of original shadow file are equivalent.

Improve this question
1
  • are you confusing the date (days) field with a user id field? Commented Apr 23, 2023 at 10:30

1 Answer 1

Reset to default
1

The filenames with a dash in the end are backup files which are created automatically wherever you add/alter/remove users or groups.

Shouldn't there be the same user-id on shadow as well as shadow-?

No. This is not an ID but the date of the most recent change (encoded as the number of days since Jan 1, 1970). See also the shadow(5) manual (man shadow).

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.