UNIX-type system password file

1) passwd file

The/etc/passwd file stores the account information of each user, and each record corresponds to one user. Most of the information involved in the creation and Administrator account is stored in this file (in a newer Linux version, the encrypted password is stored in the shaow file ). This file is readable for general users, but can only be written by the system administrator.
The format of each record in the/etc/passwd file is as follows.

Login_name: passwd: UID: GID: user_name: directory: shell

1. login_name: the user's login name, that is, the user account. In a system, the account is unique.
2. passwd: the ciphertext domain of the user's password. If the password is shadow processed, the field is displayed as x (the encrypted password content is placed in/etc/shaow for security. If the field is *, this indicates that the user name is valid but cannot be logged on. If this domain is empty, it means that the user does not need a password to log on .)
3. UID (user id): the user's identification ID, which is the same as login_name and is unique for each user. However, UID is mainly provided to the system for identification, while login_name is a comparative image for users.
4. GID (group id): id of the group to which the user belongs. The group file is placed in/etc/group.
5. user_name: contains some user information, such as the name, phone number, and address. separated by commas (,). The content of user_name is displayed in the finger query. You can use the chfn command to modify the information.
6. directory: The main directory of the user, that is, the initial directory that the user enters upon login to the system.
7. shell: the name of the shell that the user runs at login. It is usually a complete shell program path, usually/bin/hash.

A typical record is as follows.
Nipc: x: 505: 505:/home/nipc:/bin/bash
In UNIX/Linux systems, DES or MD5 is used to encrypt passwords. It is very difficult to obtain the name from the ciphertext. The problem is that the/etc/passwd file is globally readable and the encryption algorithm is public. If a malicious user obtains the/etc/passwd file, he can enumerate all possible plain text, use the same algorithm to calculate and compare the ciphertext until the comparison results are consistent, so he cracked the password. To address this security problem, the UNIX/Linux system widely uses the shadow (shadow) mechanism to extract the user name-related content in the passwd file and transfer it to the/etc/shadow file, this file is only readable by the root user, and x is displayed in the ciphertext field of the/etc/passwd file to minimize the chance of ciphertext leakage.
When cracking the password, you need to combine the/etc/passed and/etc/shadow files.

2) shadow file

The/etc/shadow file contains information related to the user's encrypted password. To view the content of this file, you must log on as root. Each user has a record, which is divided into nine domains.
Username: passwd: lastchg: min: max: warn: inactive: expire: flag

1. username: Login Name
2. passwd: encrypted password
3. lastchg: indicates the number of days from January 1, January 1, 1970 to the last password change.
4. min: indicates the number of days between two password changes.
5. max: indicates the password validity period. If it is 99999, it indicates that the password will never expire.
6. warn: the number of days before the password expires. The system sends a warning to the user.
7. inactive: indicates the number of days before the user name is valid.
8. expire: indicates the number of days a user is prohibited from logging on.
9. flag: not used.

In the existing password file, the password validity period is a very useful parameter. The purpose of the password validity period is to encourage users to change the password within a certain period of time, thus improving system security.