为什么不推荐 usermod -p 命令?

为什么不推荐 usermod -p 命令?

仅限学术目的我正在研究与或选项usermod一起使用的命令:-p--password

通过man usermod存在:

-p, --password PASSWORD
The encrypted password, as returned by crypt(3).

Note: This option is not recommended because the password
(or encrypted password) will be visible by users listing the
processes.

The password will be written in the local /etc/passwd or /etc/shadow file.
This might differ from the password database configured in your PAM configuration.

You should make sure the password respects the system's password policy.

我知道以下两个命令是相同的

sudo usermod -p  rodimus_prime  rodimusprime-disabledlogin
sudo usermod -p 'rodimus_prime' rodimusprime-disabledlogin

反映为:

sudo cat /etc/shadow | grep prime
rodimusprime-disabledlogin:rodimus_prime:19838:0:99999:7:::

理论上这是一个简单的密码,但它不是正确,从一开始就需要加密密码。因此正确的方法是:

sudo usermod --password $(openssl passwd    <plainpasswordtext>) rodimusprime-disabledlogin
sudo usermod --password $(openssl passwd -1 <plainpasswordtext>) rodimusprime-disabledlogin

现在,这个问题的原因,以下说明

Note: This option is not recommended because the password
(or encrypted password) will be visible by users listing the
processes.

如果执行该sudo cat /etc/shadow | grep usernamepattern命令,则根据匹配的模式列出每个用户及其各自的加密密码。正如预期的那样。因此根据提到的特别说明:即使密码是可见的:它是加密的,对吗?所以:

问题

  • 为什么usermod -p不推荐这个命令?

相关内容