/Etc/passwd &/etc/shadow

Source: Internet
Author: User

1. passwd file

The passwd file is stored in the/etc directory. This file stores information about all user accounts, including the user name and password. Therefore, it is critical to the system. Run the following command to view the file: CAT/etc/passwd

A passwd file consists of multiple records, each of which occupies one row and records all information of a user account. Each record consists of seven fields separated by the colon ":".FormatAs follows:

Username: Password: User ID: Group ID: Comment: Home Directory: Shell

Field description:

  • Username
    It uniquely identifies a user account, which is used when a user logs on.

  • Password the password of this account
    The password stored in the passwd file is encrypted. The encryption algorithm in Linux is very strict, and the password is almost impossible to crack. Account theft usually uses special hacker program to construct countless passwords, and then uses the same encryption algorithm to encrypt them, and then compares them with this field. If they are the same, it indicates that the constructed password is correct. Therefore, we recommend that you do not use birthdays or frequently used words as passwords. They are almost vulnerable to hacking. Especially for systems directly connected to a large network, system security is particularly important.

  • User ID, UID for short.
    In Linux, UID is used to identify the user rather than the user name. UID is an integer, and the user's UID is different from each other.

  • Group ID User Group Identifier, GID for short.
    Different users can belong to the same user group and have the same permissions. Similar to UID, GID uniquely identifies a user group.

  • Comment: This is an annotation for the user account.
    It is generally the user's real name, phone number, address, and so on, of course, it can also be empty.

  • Home directory
    This directory belongs to this account. After a user logs on, it will be placed in this directory, just like returning home. Generally, the main directory of the root account is/root, and the home directories of other accounts are all under the/home directory, with the same name as the user name.

  • Login command
    In general, this command will start a shell program. For example, after you log on to the bbs account, you can directly access the bbs system because the bbs account's login command points to the bbs program and runs these commands automatically when the system logs on to the bbs.

System Account

There are some default accounts in the system, such as daemon and bin. These accounts have special purposes and are generally used for system management. Most of the passwords of these accounts are expressed by (x), which means they cannot be used during logon.


2. shadow file

To enhance the security of the system, the Linux system can also provide users with MD5 and Shadow Security Password services. If the MD5 and shadow services are selected on the related configuration options during Linux installation, no matter which user is the passwd in the/etc/passwd file, all are "X", which means these users cannot log on. the system actually stores the real password data in the/etc/shadow file.

The/etc/shadow file can only be viewed as root. The reason for doing so is actually very simple. During system design, the/etc/passwd file can be read by anyone, then those who are interested can use this file and use a variety of tools to try out the user or even root password by encrypting the Linux Password, in this way, the entire system will be controlled by him, seriously endangering the security of the system and the confidentiality of user data.

3. Related commands

  • Pwconv
    Generate/etc/shadow Based on the/etc/passwd file. It moves all passwords from/etc/passwd to/etc/shadow.

  • Pwunconv
    Restore the information in/etc/shadow to/etc/passwd as much as possible.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.