Dominique Martinet wrote:
They just expected no root password = no login possible, but it
turns
out 'su' just gave out a root shell with no password entered...
Then they need to RTFM of passwd. The correct way to block password login
for an account is passwd -l, not passwd -d.
Even passwd --help explicitly documents -d as removing the password lock,
not adding it.
Kevin Kofler