10

In some of my servers there is this strange line at the end of /etc/passwd/ consisting of just:

+::::::

Does anyone knows what it means?

I searched the net but only found the same, unanswered question by one Jim from 2012:

Anyone know what this means in Linux SLES 11 and can it be removed

(see https://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/).

Servers in question run SLES 12, the other Ubuntu bionic.

dr0i
  • 231
  • 1
  • 11
  • 4
    Did you already see this link: https://unix.stackexchange.com/questions/106215/whta-does-bin-bash-in-etc-passwd-mean? – Lorem ipsum Aug 31 '20 at 13:34
  • 1
    Lukas, thx for the pointer! I think this answers it. It really seems to be NIS specific, because since I removed the line I cannot login (via NIS). Lol. – dr0i Aug 31 '20 at 13:43
  • 2
    Dear God, people are still using NIS? That's scary. – Michael Hampton Aug 31 '20 at 14:12
  • It used to be useful for earlier LDAP databases too. – user2066657 Sep 01 '20 at 02:03
  • 3
    @MichaelHampton I hear you, but there's still nothing that does what NIS did without the associated problems, **and nothing else besides**. So it gets used because there's still no simple replacement for it. – MadHatter Sep 01 '20 at 06:14
  • @MichaelHampton My thought exactly, but I still come across libraries which default to using it until pummelled into panting submission. Also I suspect that the nsswitch.conf file goes back to that era, and that's still "bery much a thing". – Mark Morgan Lloyd Sep 01 '20 at 15:35

2 Answers2

12

As Lukas Räpple pointed out in the comments, that line is a legacy entry for using NIS with ancient libc5.

If you want to keep using NIS but remove that line, change the passwd: compat line in /etc/nsswitch.conf to passwd: files nis first. You should also check the shadow: and group: lines (and /etc/group and /etc/shadow files) for similar legacy settings.

telcoM
  • 4,153
  • 12
  • 23
11

I'm reposting the below from the following Unix stackexchange answer:

https://unix.stackexchange.com/questions/106215/whta-does-bin-bash-in-etc-passwd-mean

The answer lies in the nsswitch.conf(5) man page:

Interaction with +/- syntax (compat mode)

Linux libc5 without NYS does not have the name service switch but does allow the user some policy control. In /etc/passwd you could have entries of the form +user or +@netgroup (include the specified user from the NIS passwd map), -user or -@netgroup (exclude the specified user), and + (include every user, except the excluded ones, from the NIS passwd map).

You can override certain passwd fields for a particular user from the NIS passwd map by using the extended form of +user:::::: in /etc/passwd. Non-empty fields override information in the NIS passwd map.

Since most people only put a + at the end of /etc/passwd to include everything from NIS, the switch provides a faster alternative for this case (passwd: files nis) which doesn’t require the single + entry in /etc/passwd, /etc/group, and /etc/shadow. If this is not sufficient, the NSS compat service provides full +/- semantics. By default, the source is nis, but this may be overridden by specifying nisplus as source for the pseudo-databases passwd_compat, group_compat and shadow_compat. These pseudo-databases are only available in GNU C Library.

Lorem ipsum
  • 852
  • 3
  • 13