Linux password-related files (/etc/passwd and/etc/shadow)

In Linux, the password file in/etc/passwd, the earlier file directly stored encrypted password, the first two bits is the "salt" value, is a random number, followed by an encrypted password. For the sake of security, Linux now provides/etc/shadow this shadow file, the password is placed in this file, and is only the root readable.

The following analysis of the/etc/passwd file, each of his entries has 7 fields, the name: password: User id: Group ID: User information: Home directory: shell example: Test:x:509:510::/home/test:/bin/bash

In the case of using the shadow file, the password is represented by an X, and no password information is visible to the ordinary user. If you look at this file carefully, you will find some strange user names, they are the default account of the system, the default account is the attacker's common access to the invasion, so be sure to familiarize yourself with the default account, especially to note that the password field is empty. Here's a quick introduction to these default accounts

ADM has account files, starting directory/var/adm usually includes log files
Bin has an executable file with user commands
Daemon used to perform the system daemon
Games used to play the game
Halt used to execute halt commands
LP has printer spool file
Mail has processes and files associated with the message
News has processes and files related to Usenet
Nobody is used by NFS (Network File system)
Shutdown Execute shutdown command
Sync Run sync command
UUCP has UUCP tools and files

Traditionally,/etc/passwd files are readable in a wide range, because many applications need to use him to convert the UID to a user name. For example, if you cannot access/etc/passwd, the ls-l command displays the UID instead of the user name. But using a password guessing program, a readable/etc/passwd file with an encrypted password can be a huge security risk. So there's a shadow file/etc/shadow.

The shadow password system divides the password file into two parts:/etc/passwd and/etc/shadow. The shadow password file holds the encrypted password, and the password in the/etc/passwd file becomes x. Shadow can only be root readable, thus ensuring security. The format of each line of the/etc/shadow file is as follows:

User name: Encrypted password: The last modified time (days from January 1, 1970): The minimum number of days that the password is changed between two changes: number of days before password modification: Number of days that the account was disabled after the password was terminated: number of days since January 1, 1970 the account was disabled: reserved domain.

Example: root:$1$t4sfphbq$jxgsggvkgbdd/d7fvvbbm0:11037:0:99999:7:-1:-1:1075498172

Bin:*:11024:0:99999:7:::
Daemon:*:11024:0:99999:7::: By default, password updates are not turned on. If your system does not start a shadow file, run the Pwconv program.

< Span style= "font-size:18px" > about commands
pwconv

pwunconv