Recently I received a support request as follows:
After adding a user using useradd command:
useradd -s /bin/false -d foo
passwd foo
Following error reported
user foo does not exist
However, after sometime user foo allowed to login. What is going on? Is my system hacked?
First I went through system password database located at /etc/passwd, /etc/shadow, /etc/group – there exists an entry for foo user.
After close investigation I found name service cache daemon (nscd). It is a daemon that provides a cache for the most common name service requests including caching of /etc/passwd file (thanks for top and lsof command for hint).
So the solution is to stop the nscd service add user and start nscd again. This time it worked.
# /etc/init.d/nscd stop
# useradd -s /bin/false -d bar
# passwd bar
# /etc/init.d/nscd start
Now bar is allowed to login immediately :).
Refer to nscd man page for detailed information (hint setup correct TTL to get rid of this problem and upgrade to latest version):
man nscd
man nscd.conf
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 0 comments... add one ↓
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |