7th July 2014
Creating User Account With Empty Password on Linux
Assume you want to set-up a user-account which can only log-in to your machine if he sits in front of it and has to give no password. Let's name this user
kiosk. Unfortunately there is apparently no single command-line switch to accomplish this with
useradd. The task at hand is not be confused with automatic log-in at boot time.
groupadd -g 1011 kiosk useradd -u 1011 -g 1011 -c Kiosk -s /your/command/goes/here -m kiosk mkpasswd -m sha-512 -S My.Salt3
mkpasswd asks for a password. You just type
Enter. The output of
mkpasswd is pasted into
/etc/shadow and replaces the gibberish in the second field. Fields are separated with colons in
/etc/shadow, just as in
/etc/passwd. Of course, you can use whatever salt you please. Above salt was taken as
ArchLinux does not have
mkpasswd is already used by
expect). Instead use
perl -e 'print crypt("","\$6\$My.Salt3\$") . "\n"'
The first argument of
crypt() is the empty string, because we want an empty password.
PermitEmptyPasswords set to
kiosk user is an example for a kiosk-application. Another application is to use a shutdown-user, i.e., a user whose whole purpose is just to shut down the machine. For a
shutdown user one adds the following line to
shutdown ALL=(ALL:ALL) NOPASSWD: /sbin/shutdown
Above commands where digested from two good resources:
- How to create a linux user with an empty/blank password
- Understanding and generating the hash stored in /etc/shadow (dead link)
- How to create an SHA-512 hashed password for shadow?
It is quite surprising that the
passwd command does not have an option to set an empty password, though, look for
In former times it was not unusual for a Unix system to have a guest account, where one can see the current date and time, the people logged into the machine, etc. Nowadays Unix machines with accounts without passwords seem to be quite rare.
Added 16-Mar-2017: Above comments are valid for tty and xdm. For gdm use the procedures as outlined in GDM. It says:
If you want to bypass the password prompt in GDM then simply add the following line on the first line of
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
Then, add the group
nopasswdloginto your system. See Groups for group descriptions and group management commands.
Now, add your user to the
nopasswdlogin group and you will only have to click on your username to login.
Also see Linux pam and /etc/shells.