/ETC/PASSWD,/etc/shadow, and/etc/group file content interpretation in Linux

One,/etc/passwd is the user database, where the domain gives the user name, encryption password and other information of the user

The record line in the/etc/shadow file corresponds to one by one in/etc/passwd, which is automatically generated by the PWCONV command based on the data in the/etc/passwd. Its file format is similar to/etc/passwd and consists of several fields, separated by ":" Between the fields. These fields are:

login: encrypted password: Last modified: Minimum time interval: Maximum time interval: Warning Time: Inactivity time: Expiry time flag
1) "Login name" is a user account that is consistent with the login name in the/etc/passwd file
2) The password field holds the encrypted user password Word with a length of 13 characters. If it is empty, the corresponding user does not have a password, login

3) "Last Modified Time" represents the number of days from the time the user last modified the password. The time start point to different

4) "Minimum time interval" refers to the minimum number of days required between changing the password two times.
5) "Maximum time interval" refers to the maximum number of days that a password remains valid. The

7) "Inactivity Time" represents the maximum number of days that a user does not have a login activity but the account remains valid. The

Here is an example of/etc/shadow:
#cat/etc/shadow
Root:dnakfw28zf38w:8764:0:168:7:::

/etc/passwd
This directory stores the operating system user information, which is visible to all users.
add an account to the Linux system:
useradd-g mysql-d/home/test-m Test (: Create a new user test, belong to the MySQL group, start directory is/home/test)
then enter the/etc/passwd, you can see the following information, in the last line you can see the information of the newly added user. as follows
sshd:x:74:74:privilege-separated Ssh:/var/empty/sshd:/sbin/nologin
Dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
Webalizer:x:67:67:webalizer:/var/www/usage:/sbin/nologin
Squid:x:23:23::/var/spool/squid:/sbin/nologin
Pcap:x:77:77::/var/arpwatch:/sbin/nologin
Haldaemon:x:68:68:hal Daemon:/:/sbin/nologin
xfs:x:43:43:x Font Server:/etc/x11/fs:/sbin/nologin
Hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin
Gdm:x:42:42::/var/gdm:/sbin/nologin
Hzmc:x:500:500:hzmc:/home/hzmc:/bin/bash
Mysql:x:501:501::/home/mysql:/bin/bash
Chenhua:x:503:501::/home/chenhua:/bin/bash
Test:x:504:501::/home/test:/bin/bash
you can see that the/etc/passwd file is the user's information, consisting of 6 semi-colons of 7 information, explained as follows
(1): User name.
(2): password (already encrypted)
(3): UID (User ID), operating system's own
(4): GID group identification.
(5): User's full name or local account
(6): Start directory
(7): The shell used for login is the tool to parse the login command.

Second,/etc/shadow is the shadow password file on the system with the Shadow (shadow) password software installed

Shadow is a shadow file for passwd.
In Linux, the password file in/etc/passwd, the earlier file directly stored encrypted password, the first two bits is the "salt" value, is a random number, followed by an encrypted password. For the sake of security, Linux now provides/etc/shadow this shadow file, the password is placed in this file, and is only the root readable.
Each entry for the/etc/passwd file has 7 domains, the name: password: User id: Group ID: User information: Home directory: Shell
Example: Ynguo:x:509:510::/home/ynguo:/bin/bash
In the case of using the shadow file, the password is represented by an X, and no password information is visible to the ordinary user. The shadow password file holds the encrypted password, and the password in the/etc/passwd file becomes x. Shadow can only be root readable, thus ensuring security.
/etc/ The format of each line of the shadow file is as follows: User name: encrypted password: The last modified time (days from January 1, 1970): The minimum number of days that the password has been changed between two changes: number of days before password modification to warn the user: number of days after the password has been disabled the account has been deactivated: the number of days since January 1, 1970: Reserved domain 。
Example: root:$1$t4sfphbq$jxgsggvkgbdd/d7fvvbbm0:11037:0:99999:7:-1:-1:1075498172

set the password for the test user below and execute the following command
passwd Test
[email protected] etc]# passwd test
changing password for user test.
New UNIX Password:
Retype new UNIX password:
Passwd:all authentication Tokens updated successfully.
[email protected] etc]#
then go to the/etc/shadow file below to see the following information
gdm:!! : 14302:0:99999:7: ::
hzmc:$1$jzmjxqxj$bvrpgqxburiea86kplhhc1:14302:0:99999:7 :::
mysql:!! : 14315:0:99999:7: ::
chenhua:$1$ybjznyxj$bnpkfd58vsgqzsyro0zeo1:14316:0:99999:7 :::
test:$1$hkjqua40$oelb9h3ukognttkgmrpfr/:14316:0:99999:7 :::
can be found, a total of 9 columns
(1): Account name
(2): Password: Here is encrypted, but the master can also be decrypted. To the main security issue (generation! Symbol ID not available for this account
to log in)
(3): Date of last password change
(4): Number of days for which the password cannot be changed
(5): Number of days the password needs to be re-changed (99999 means no change required)
(6): A few days prior to the password change warning
(7): Account Expiration Date
(8): Account Cancellation Date
(9): Keep the entry, not currently useless

The Unix system originally saved the password in clear text, and later, for security reasons, used the crypt () algorithm to encrypt the password and store it in the/etc/passwd file. Now, with the improvement of computer processing power, password cracking becomes more and more easy. The/etc/passwd file is accessible to all legitimate users, and everyone can see the encrypted string of the password, which poses a great security threat to the system. Modern UNIX systems use the Shadow Cryptography system, which separates passwords from/etc/pa sswd files, the real passwords are stored in/etc/shadow files, and shadow files can only be accessed by super users. This way the intruder cannot get an encrypted cipher string for the hack. With the shadow password file, the contents of the password domain for all accounts in the/etc/passwd file are "X", and if the contents of the password domain are "*", the account is deactivated. Use passwd This program to modify the user's password.

/etc/group store information about local user groups

1) GroupName GID to the name of a mapping, group name
2) password where to save the password
3) GID Group ID
4) User group member