When a user is created it is locked, which shows in the shadow file with a *LK* in the password field and a result of LK when you run passwd -s against it. When an account is locked, cron will not run for it. The way to fix that without giving the account a password is to set it to be a non-login account. You can change *LK* in the shadow file to NP for "No Password" which will change the passwd -s output to NL for non-login. That way the user still can't login, but it can run cron.
The reason I would want something like that is so that there is no way to do a password attack against the apache or mysql users, and yet I can set up a crontab to run as those users. Particularly useful when setting up mysql backups/dumps.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment