Remember kids, passwd is a readable file! You can have a very bad day trying to figure out a user's shell from side-channel attacks and getting nowhere, or you could remember that it LITERALLY SAYS WHAT IT IS PUBLICLY IF YOU DON'T FORGET THAT IT'S THERE.

On the plus side, I learned a ton about what you can do with ssh arguments and debugging logs. Shit's pretty cool.

  • 1
    Passwd only defines local accounts

    use ´getent passwd <user>´ to query all of them.
  • 1
    @netikras the issue is elevation; if your user doesnt have sudo privs, you cant use this iirc. A better option would be to just ls the /home directory, as it's default read-all.
  • 0
    @arcsector afaik getent does not need privs elevation. And checking /home contents is not a safe bet. /home is a default place for homedirs, but they can be set up to be anywhere. And you will not see anything if the user homedir has autofs rules defined.. If the user is not logged in at the moment of checking his homedir simply will not be mounted on that server.

    ´getent passwd´ should not require privileges [at least by default; haven't come across a server yet where it would need root] and it gives you info about all accounts that can access that server, obeying /etc/nsswitch.conf configuration
  • 1
    @arcsector frankly I have seen setups where /home does not have o+x. Prod dmz machines mostly, but I've seen stg have similar setups too
  • 1
    @netikras ah, the first thing my deployment scripts do is change nsswitch configs. God i need to remember what basic unix configs feel like... I don't wanna end up like one of those guys who can't function without their neovim setup
Add Comment