/ETC/PASSWD and/etc/shadow

/etc/passwd and/etc/shadow 2012-06-05 22:39:32|  Category: Linux | Tags:/etc/passwd/etc/shadow | report | font size large and small subscription/etc/passwd is the user database, where the domain gives the user name, encryption password and other information of the user. /etc/shadow is the shadow password file on the system where the Shadow (shadow) password software is installed. The shadow password file moves the encrypted password in the/etc/passwd file to/etc/shadow, which is readable only by the superuser (R o o T). This makes it more difficult to decipher the password, which increases the security of the system.

The record line in the Linux/etc/shadow file corresponds to one by one in/etc/passwd, which is automatically generated by the PWCONV command based on the data in the/etc/passwd. Its file format is similar to/etc/passwd and consists of several fields, separated by ":" Between the fields. These fields are:

Logon name: encrypted password: Last modified: Minimum time interval: Maximum time interval: Warning Time: Inactivity time: Time of expiry (1) "Login name" is a user account that matches the login name in the/etc/passwd file 2) The password field holds the encrypted user password Word. A length of 13 characters. If null, the corresponding user does not have a password, the password is not required at logon, and if it contains characters that are not part of the collection {./0-9a-za-z}, the corresponding user cannot log on. 3) "Last Modified Time" represents the number of days from the time the user last modified the password. The beginning of time may not be the same for different systems. For example, in Scolinux, the starting point for this time is January 1, 1970. 4) "Minimum time interval" refers to the minimum number of days required between changing the password two times. 5) "Maximum time interval" refers to the maximum number of days that a password remains valid. 6) The "Warning Time" field represents the number of days from the beginning of the system warning user to the official expiration of the user's password. 7) "Inactivity Time" represents the maximum number of days that a user does not have a login activity but the account remains valid. 8) The "Expiration Time" field gives an absolute number of days, and if this field is used, the lifetime of the corresponding account is given. After expiry, the account is no longer a legitimate account, and can no longer be used to log on. Here is an example of/etc/shadow: #cat/etc/shadow root:dnakfw28zf38w:8764:0:168:7:::

/ETC/PASSWD the directory stores the operating system user information, which is visible to all users. Add an account to the Linux system: Useradd-g mysql-d/home/test-m Test (: Create a new user test, belong to the MySQL group, start directory is/home/test) and then go to/etc/passwd, you can see the following information, In the last line you can see the information for the user you just added. The following sshd:x:74:74:privilege-separated Ssh:/var/empty/sshd:/sbin/nologin dovecot:x:97:97:dovecot:/usr/libexec/ Dovecot:/sbin/nologin Webalizer:x:67:67:webalizer:/var/www/usage:/sbin/nologin squid:x:23:23::/var/spool/squid:/ Sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin Haldaemon:x:68:68:hal Daemon:/:/sbin/nologin Xfs:x:43:43:X Font Server:/etc/x11/fs:/sbin/nologin Hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/ Nologin Hzmc:x:500:500:hzmc:/home/hzmc:/bin/bash Mysql:x:501:501::/home/mysql:/bin/bash chenhua:x:503:501::/home/ Chenhua:/bin/bash Test:x:504:501::/home/test:/bin/bash can be seen/etc/passwd file is the user's information, consisting of 6 semi-colons of 7 information, explained as follows (1): User name. (2): password (already encrypted) (3): UID (User ID), operating system Own (4): GID group identification. (5): User's full name or local account (6): Start directory (7): The shell used to log in is the tool to parse the login command. Set the password for the test user below and execute the following command passwd test [[Email protectEd] etc]# passwd test changing password for user test. New Unix Password:retype new UNIX Password:passwd:all authentication tokens updated successfully. [[email protected] etc]# then enter the/etc/shadow file below to see the following information gdm:!! : 14302:0:99999:7::: Hzmc:$1$jzmjxqxj$bvrpgqxburiea86kplhhc1:14302:0:99999:7::: mysql:!! : 14315:0:99999:7::: Chenhua:$1$ybjznyxj$bnpkfd58vsgqzsyro0zeo1:14316:0:99999:7::: test:$1$hkjqua40$ Oelb9h3ukognttkgmrpfr/:14316:0:99999:7::: Can be found, a total of 9 columns (1): Account name (2): Password: Here is encrypted, but the master can also decrypt. Major security issues (generation! Symbol ID cannot be used to log in) (3): Date of last password change (4): Number of days the password cannot be changed (5): Number of days the password needs to be changed (99999 means no change required) (6): Days before password change (7): Expiration Date (8): Account cancellation Date (9): Reserved entries, currently useless

The Unix system originally saved the password in clear text, and later, for security reasons, used the crypt () algorithm to encrypt the password and store it in the/etc/passwd file. Now, with the improvement of computer processing power, password cracking becomes more and more easy. The/etc/passwd file is accessible to all legitimate users, and everyone can see the encrypted string of the password, which poses a great security threat to the system. Modern UNIX systems use the Shadow Cryptography system, which separates passwords from/etc/pa sswd files, the real passwords are stored in/etc/shadow files, and shadow files can only be accessed by super users. This way the intruder cannot get an encrypted cipher string for the hack. With the shadow password file, the contents of the password domain for all accounts in the/etc/passwd file are "X", and if the contents of the password domain are "*", the account is deactivated. Use passwd This program to modify the user's secret

/ETC/PASSWD and/etc/shadow