shadow

2025-04-21

My server was recently hacked by changing the password for the daemon user and logging into a shell. ( http://webhostingtalk.com/showthread.php?t=485157 )

Among my security measures on my rebuild system I'd like to prevent that from being possible, even with malicious PHP code.

I recall that adding a "!" in place of the "*" in the password field of /etc/shadow (I'm using shadow passwords) is more secure than "*", but I am now unable to find where I read that and get confirmation.

I'd like to do this for nobody, daemon, www-data (debian 3.1 system), mail and so forth.

Will putting a "!" in the password field prevent a service running under that user account from changing the password? And will there be any detrimental side effects? (If so, why aren't the service accounts set to "!" by default?)

Thanks!