User without a password - how can one login into that account from a non-root account
By default on enterprise GNU/Linux and its derivatives, the adduser
command creates a user which is disabled until you explicitly specify a password for that user.
Here is an example on CentOS 6.5, which should be the same as Scientific Linux.
$ sudo adduser test
$ sudo grep test /etc/shadow
test:!!:123456:0:99999:7:::
that's because in the /etc/shadow
file, the password field is !!
, as you can see in the example.
Once you run passwd
for this account, it will change the user's password and allow the user to be able to login.
So what you should be able to do is the following to have a user without a password, simply create an account then delete the password.
$ sudo adduser test
$ sudo passwd -d test
Removing password for user test.
passwd: Success
$ su test
$ whoami
test
now any user should be able to use su
and login as the user test
in my example. You will not have to use sudo
to login as the account.
Although this is possible and you can have an account without a password, it is not advised. If you simply set the password for the user, you should be allowed to login.
$ sudo passwd test
[sudo] password for <YOURACCOUNT>:
Changing password for user test.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
I have user guest which is passwordless. This is its record:
guest:U6aMy0wojraho:17057:0:99999:7:::
The string "U6aMy0wojraho" is the hashed password of the guest user. When I log in I simply hit enter for the password and the system allows me in.
You should edit the file /etc/shadow and add the above mentioned string right after the username and the first colon.
I copied this string from Ubuntu live CD - its user is paswordless.
User with empty password
sudo useradd test-user-0
echo test-user-0:U6aMy0wojraho | sudo chpasswd -e
su test-user-0
The password prompt still shows unfortunately.
But if you just hit enter without typing anything, and it logins as the user test-user-0
.
The -e
flags tells chpasswd
that the password is already encrypted, and U6aMy0wojraho
is the hash of the empty string.
Tested on Ubuntu 18.04.
BusyBox autologin
On the terminal at least, you don't need to create an user without a password to allow someone to not type their passwords everytime, hacking inittab
a bit is enough: How to login automatically without typing the root username or password in Buildroot BusyBox init?