/etc/shadow File Description

Source: Internet
Author: User

The root password for Linux exists in the "/etc/shadow" file, but you must have root permission to see the "/etc/shadow" file under Linux. I do a demo with my own virtual machine, as shown in:

In the above diagram, I did not set the root password, you can see the root of the line at the beginning of a "!". Then look at the following diagram, the root password has been set:

Here, mainly on the shadow password storage structure to do some introduction, refer to the relevant content on the network, to summarize their own.

The ciphertext string format is: $id $salt$encrypted, separated by $, where $id is used to specify the algorithm used, as shown in the following table:

Id Method
1 MD5
2a

Blowfish (not in mainline glibc;added in some Linux distribution)

5

SHA-256 (since GLIBC 2.7)

6

SHA-512 (since GLIBC 2.7)

As I can see from above, ciphertext uses the SHA-512 algorithm. $salt is a randomly generated string of up to 16 characters that is used to increase the difficulty of cracking. $encrypted is the ciphertext that is calculated by the encryption algorithm and salt.

Next, describe the structure of this password store.

    1. account name: the account name and the account name inside the/etc/passwd are one by one corresponding relationships.
    2. Password: Here you can see the 3 categories, which are weird strings, * and !! where the weird string is the encrypted password file. The asterisk for account number is locked, and the double exclamation mark indicates that the password has expired. Strange string is the beginning of $6$, indicating that it is encrypted with SHA-512, $1$ indicates that it is encrypted with MD5, $2$ is encrypted with Blowfish, $5$ is encrypted with SHA-256.
    3. Modified: This is the date that the password was last modified and the number of days apart from 1970-1-1 password cannot be changed: If this number is 8, then 8 days can not change the password, if it is 0, It can be changed at any time.
    4. password needs to be modified: If it is 99999, you will never have to change it. If it is another number such as 12345, then the password must be changed within 12,345 days from 1970-1-1, otherwise the password is invalid.
    5. n days before the modification deadline warning: For example, you specify in fifth that the password must be modified by June 20, and the system will warn the corresponding user from n days before the 6-20 number.
    6. Password expired grace: Assuming that this number is set to M, then the account expires within m days of the change password can be modified, after the account can continue to use.
    7. Account expiration Date: Assuming this date is X, as in the third, the date represented by X is still the number of days apart from 1970-1-1, and after X, the account expires.
    8. reserved: is reserved and has not been used for the time being.

Reference article: http://www.yucoat.com/linux_opensource/linux_etc_shadow.html

/etc/shadow File Description

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.