/ETC/PASSWD,/etc/shadow, and/etc/group file content interpretation in Linux

One,/etc/passwd is the user database, where the domain gives the user name, encryption password and other information of the user

The record line in the/etc/shadow file corresponds to one by one in/etc/passwd, which is automatically generated by the PWCONV command based on the data in the/etc/passwd. Its file format is similar to/etc/passwd and consists of several fields, separated by ":" Between the fields. These fields are:

login: encrypted password: Last modified: Minimum time interval: Maximum time interval: Warning Time: Inactivity time: Expiry time: Flag
1) "Login name" is the user account that is consistent with the login name in the/etc/passwd file
2) "Password" The field holds the encrypted user password Word with a length of 13 characters. If it is empty, the corresponding user does not have a password, the login
does not require a password, if it contains characters that do not belong to the collection {./0-9a-za-z}, the corresponding user cannot log on.
3) "Last Modified Time" represents the number of days from the time the user last modified the password. The beginning of time may not be the same for systems with different
4) "Minimum time interval" refers to the minimum number of days required between changing the password two times.
5) "Maximum time interval" refers to the maximum number of days that a password remains valid. The
6) "Warning Time" field represents the number of days from the beginning of the system warning user to the official expiration of the user's password.
7) "Inactivity Time" represents the maximum number of days that a user does not have a login activity but the account remains valid. The
8) "Failure time" field gives an absolute number of days, and if this field is used, the lifetime of the corresponding account is given.
after the expiry, the account is no longer a legitimate account, it can no longer be used to login.

Here is an example of/etc/shadow:
#cat/etc/shadow
Root:dnakfw28zf38w:8764:0:168:7:::

/etc/passwd
This directory stores the operating system user information, which is visible to all users.
Add an account to the Linux system:
Useradd-g mysql-d/home/test-m Test (: Create a new user test, belong to the MySQL group, start directory is/home/test)
Then enter the/etc/passwd, you can see the following information, in the last line you can see the information of the newly added user. As follows
Sshd:x:74:74:privilege-separated Ssh:/var/empty/sshd:/sbin/nologin
Dovecot:x:97:97:dovecot:/usr/libexec/dovecot:/sbin/nologin
Webalizer:x:67:67:webalizer:/var/www/usage:/sbin/nologin
Squid:x:23:23::/var/spool/squid:/sbin/nologin
Pcap:x:77:77::/var/arpwatch:/sbin/nologin
Haldaemon:x:68:68:hal Daemon:/:/sbin/nologin
Xfs:x:43:43:x Font Server:/etc/x11/fs:/sbin/nologin
hsqldb:x:96:96::/var/lib/hsqldb:/sbin/nologin
Gdm:x:42:42::/var/gdm:/sbin/nologin
hzmc:x:500:500:hzmc:/home/hzmc:/bin/bash
mysql:x:501:501::/home/mysql:/bin/bash
Chenhua:x:503:501::/home/chenhua:/bin/bash
test:x:504:501::/home/test:/bin/ Bash
You can see that the/etc/passwd file is the user's information, consisting of 6 semicolons of 7 information, explained as follows
(1): User name.
(2): password (already encrypted)
(3): UID (User ID), operating system's own
Span style= "font-size:14px" > (4): GID group identification.
(5): User's full name or local account
(6): Start directory
(7): The shell used to log in is the tool for parsing the login command.

Second,/etc/shadow is the shadow password file on the system with the Shadow (shadow) password software installed

Shadow is a shadow file for passwd.
In Linux, the password file in/etc/passwd, the earlier file directly stored encrypted password, the first two bits is the "salt" value, is a random number, followed by an encrypted password. For the sake of security, Linux now provides/etc/shadow this shadow file, the password is placed in this file, and is only the root readable.
Each entry for the/etc/passwd file has 7 domains, the name: password: User id: Group ID: User information: Home directory: Shell
Example: Ynguo:x:509:510::/home/ynguo:/bin/bash
In the case of using the shadow file, the password is represented by an X, and no password information is visible to the ordinary user. The shadow password file holds the encrypted password, and the password in the/etc/passwd file becomes x. Shadow can only be root readable, thus ensuring security.
/etc/ The format of each line of the shadow file is as follows: User name: encrypted password: The last modified time (days from January 1, 1970): The minimum number of days that the password has been changed between two changes: number of days before password modification to warn the user: number of days after the password has been disabled the account has been deactivated: the number of days since January 1, 1970: Reserved domain 。
Example: root:$1$t4sfphbq$jxgsggvkgbdd/d7fvvbbm0:11037:0:99999:7:-1:-1:1075498172

Set the password for the test user below and execute the following command
passwd test
[Email protected] etc]# passwd test
Changing password for user test.
New UNIX Password:
Retype new UNIX Password:
Passwd:all authentication tokens updated successfully.
[Email protected] etc]#
Then go to the/etc/shadow file below to see the following information
Gdm:!! : 14302:0:99999:7:::
hzmc:$1$jzmjxqxj$bvrpgqxburiea86kplhhc1:14302:0:99999:7:::
mysql:!! : 14315:0:99999:7:::
chenhua:$1$ybjznyxj$bnpkfd58vsgqzsyro0zeo1 14316:0:99999:7:::
test:$1$hkjqua40$oelb9h3ukognttkgmrpfr/:14316:0:99999:7:: :
You can find a total of 9 columns
(1): Account name
(2): Password: Here is encrypted, but the master can also decrypt. To major security issues (generation! Symbol ID The account cannot be signed in with
(3): the date the password was last modified
Span style= "font-size:14px" > (4): The number of days the password cannot be changed
(5): The number of days the password needs to be re-changed (99999 means no change required)
Span style= "font-size:14px" > (6): Days before password change warning
(7): Account expiration date
(8): Account cancellation date
(9): Reserved entries, currently useless

The Unix system originally saved the password in clear text, and later, for security reasons, used the crypt () algorithm to encrypt the password and store it in the/etc/passwd file. Now, with the improvement of computer processing power, password cracking becomes more and more easy. The/etc/passwd file is accessible to all legitimate users, and everyone can see the encrypted string of the password, which poses a great security threat to the system. Modern UNIX systems use the Shadow Cryptography system, which separates passwords from/etc/pa sswd files, the real passwords are stored in/etc/shadow files, and shadow files can only be accessed by super users. This way the intruder cannot get an encrypted cipher string for the hack. With the shadow password file, the contents of the password domain for all accounts in the/etc/passwd file are "X", and if the contents of the password domain are "*", the account is deactivated. Use passwd This program to modify the user's password.

/etc/group store information about local user groups

1) GroupName GID to the name of a mapping, group name
2) password where to save the password
3) GID Group ID
4) User group member

/ETC/PASSWD,/etc/shadow, and/etc/group file content interpretation in Linux