Whta does '\+::::::/bin/bash' in /etc/passwd mean?

The answer lies in the nsswitch.conf(5) man page:

Interaction with +/- syntax (compat mode)

Linux libc5 without NYS does not have the name service switch but does allow the user some policy control. In /etc/passwd you could have entries of the form +user or +@netgroup (include the specified user from the NIS passwd map), -user or -@netgroup (exclude the specified user), and + (include every user, except the excluded ones, from the NIS passwd map).

You can override certain passwd fields for a particular user from the NIS passwd map by using the extended form of +user:::::: in /etc/passwd. Non-empty fields override information in the NIS passwd map.

Since most people only put a + at the end of /etc/passwd to include everything from NIS, the switch provides a faster alternative for this case (passwd: files nis) which doesn’t require the single + entry in /etc/passwd, /etc/group, and /etc/shadow. If this is not sufficient, the NSS compat service provides full +/- semantics. By default, the source is nis, but this may be overridden by specifying nisplus as source for the pseudo-databases passwd_compat, group_compat and shadow_compat. These pseudo-databases are only available in GNU C Library.

Assuming that your /etc/nsswitch.conf contains passwd: compat, I believe that that line means "include all NIS users, but override the login shell to /bin/bash".

Related videos on Youtube

03 : 05

linux privilege escalation - weak file permissions - Writable /etc/passwd

knowing and doing

277

06 : 24

Shell Scripting Tutorial-44: The 'passwd' File Explained

Simplified

42

03 : 47

Linux /etc/passwd & /etc/shadow File

SysAdmGirl

37

05 : 54

Shell Scripting Tutorial-46: 'passwd' File Revisited

Simplified

33

21 : 49

/etc/passwd file & /etc/shadow file in linux | chage and passwd command | lock and disable accounts

Pedagogy

4

Author by

Funkwecker

Updated on September 18, 2022