For only academic purposes I am doing a research about the usermod command working with the -p or --password option:
Through man usermod exists:
-p, --password PASSWORDThe encrypted password, as returned by crypt(3).Note: This option is not recommended because the password(or encrypted password) will be visible by users listing theprocesses.The password will be written in the local /etc/passwd or /etc/shadow file.This might differ from the password database configured in your PAM configuration.You should make sure the password respects the system's password policy.I know that the following two commands are the same
sudo usermod -p rodimus_prime rodimusprime-disabledloginsudo usermod -p 'rodimus_prime' rodimusprime-disabledloginIs reflected as:
sudo cat /etc/shadow | grep primerodimusprime-disabledlogin:rodimus_prime:19838:0:99999:7:::Theoretically it is a plain password but it is not correct, is expected from the beginning an encrypted password instead. Therefore the correct approach would be:
sudo usermod --password $(openssl passwd <plainpasswordtext>) rodimusprime-disabledloginsudo usermod --password $(openssl passwd -1 <plainpasswordtext>) rodimusprime-disabledloginNow, the reason of this question, the following note
Note: This option is not recommended because the password(or encrypted password) will be visible by users listing theprocesses.If is executed the sudo cat /etc/shadow | grep usernamepattern command then is listed each user according the matched pattern with his respective encrypted password. It as expected. Therefore according with the mentioned special note: even if is visible the password: Is it encrypted, right? So:
Question
- Why exactly
usermod -pcommand is not recommended?