Linux password files (/etc/passwd and/etc/shadow)

In linux, the password file is in/etc/passwd. in earlier versions, this file directly stores the encrypted password. The first two are "salt" values, which are a random number, the password is followed by an encrypted password. For security purposes, the current linux system provides the/etc/shadow file. The password is stored in this file and is only readable by the root user.

The following is an analysis of the/etc/passwd file. Each of its entries has seven fields: Name: Password: User id: Group id: User information: Home Directory: shell example: test: x: 509: 510:/home/test:/bin/bash

When the shadow file is used, the password is represented by an x, which is invisible to common users. If you take a closer look at this file, you will find some strange user names. They are the default accounts of the system, and the default accounts are common portals for attackers to intrude into the system. Therefore, you must be familiar with the default accounts, pay special attention to whether the password domain is empty. The following describes the default accounts.

Adm has an account file. The initial directory/var/adm usually contains a log file.
Bin: executable files with user commands
Daemon is used to execute the system daemprocess.
Games is used to play games.
Halt is used to execute the halt command
Lp has printer background print files
Mail has mail-related processes and files
News has usenet-related processes and files
Nobody is used by NFS (Network File System)
Shutdown
Sync to execute the sync command
Uucp has UCP tools and files

Traditionally, the/etc/passwd file is readable in a large range, because many applications need to use it to convert UID to user name. For example, if you cannot access/etc/passwd, the ls-l command displays UID instead of user name. However, the use of password guessing programs poses a huge security risk for readable/etc/passwd files with encrypted passwords. So the shadow file/etc/shadow appears.

The shadow password system divides the password file into two parts:/etc/passwd and/etc/shadow. The shadow password file stores the encrypted password. All the passwords in the/etc/passwd file are changed to x. Shadow can only be read by the root user, ensuring security. The format of each row of the/etc/shadow file is as follows:

Username: encrypted password: last modification time (days from January 1, January 1, 1970): minimum number of days for the password to be modified: Number of days before the password is changed: the number of days after the password is terminated: the number of days since January 1, January 1, 1970: the number of days when the account is disabled: the domain is retained.

Example: root: $1 $ t4sFPHBq $ JXgSGgvkgBDD/D7FVVBBm0: 11037: 0: 99999: 7:-1:-1: 1075498172

Bin: *: 11024: 0: 99999: 7 :::
Daemon: *: 11024: 0: 99999: 7: by default, password update is disabled. If your system does not start the shadow file, run the pwconv program.

Related commands
Pwconv
Generate/etc/shadow Based on the/etc/passwd file. It moves all passwords from/etc/passwd to/etc/shadow.
Pwunconv
Restore the information in/etc/shadow to/etc/passwd as much as possible.