A company mandates that service accounts must never allow password-based logins and must make it obvious to administrators that the account is not intended for an interactive shell.
You are preparing the following line for a new metrics-collector daemon in /etc/passwd:
Placing an asterisk ( * ) in the password field makes the string impossible for the authentication routines to interpret as a valid hash, so no password can ever match. Setting the shell to /usr/sbin/nologin cleanly terminates any interactive session attempt and returns a clear message, while still allowing the UID to be used by systemd or other services. Together, these two settings satisfy both policy points.
The placeholder x only delegates the real password hash to /etc/shadow, so the account could still be accessed with the correct password. A real SHA-512 hash similarly permits password authentication. Using !! in the password field locks the password but keeping /bin/bash as the shell would still drop the user into a shell if other authentication methods (for example SSH keys or sudo -u) were used, so it is not as explicit as required.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why does placing an asterisk (*) in the password field prevent password-based logins?
Open an interactive chat with Bash
What is the purpose of setting the shell to /usr/sbin/nologin?
Open an interactive chat with Bash
Why is using /bin/bash as the shell not secure in this scenario?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Services and User Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access