Hello friends
For only academic purposes I am doing a research about the usermod command working with the -p or --password option:
Through man usermod exists:
-p, --password PASSWORD
The encrypted password, as returned by crypt(3).
Note: This option is not recommended because the password
(or encrypted password) will be visible by users listing the
processes.
The password will be written in the local /etc/passwd or /etc/shadow file.
This might differ from the password database configured in your PAM configuration.
You should make sure the password respects the system's password policy.
I know that the following two commands are the same
sudo usermod -p rodimus_prime rodimusprime-disabledlogin
sudo usermod -p 'rodimus_prime' rodimusprime-disabledlogin
Is reflected as:
sudo cat /etc/shadow | grep prime
rodimusprime-disabledlogin:rodimus_prime:19838:0:99999:7:::
Theoretically it is a plain password but it is not correct, is expected from the beginning an encrypted password instead. Therefore the correct approach would be:
sudo usermod --password $(openssl passwd <plainpasswordtext>) rodimusprime-disabledlogin
sudo usermod --password $(openssl passwd -1 <plainpasswordtext>) rodimusprime-disabledlogin
Now, the reason of this question, the following note
Note: This option is not recommended because the password
(or encrypted password) will be visible by users listing the
processes.
If is executed the sudo cat /etc/shadow | grep usernamepattern command then is listed each user according the matched pattern with his respective encrypted password. It as expected. Therefore according with the mentioned special note: even if is visible the password: Is it encrypted, right? So:
Question
- Why exactly
usermod -pcommand is not recommended?