Search the VMware Knowledge Base (KB)
View by Article ID

Security Audit account issues after an ESX install (1025565)

  • 1 Ratings


There are a number of default users that are created during a default installation of an ESX host. Security Audit may take issue with these accounts (especially Sync, Shutdown, and News) because they do not have the NoLogin value set in the etc/passwd file.


The x in the etc/passwd file indicates that the encrypted password is stored in the /etc/shadow file. For example:

news:x:9:13:news:/etc/news :

When viewing the /etc/shadow, file you can see that the 3 users are in the same format. For example:

news:*:13971:0:99999:7 :::

The * in the /etc/shadow file indicates that account has been disabled.
This means that without already having gained root access to the system, the Sync, Shutdown, and News accounts cannot be exploited.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 1 Ratings