User management in Ubuntu (4) password management

Ubuntu user management (4) password management links: Ubuntu User Management (a) user account http://www.2cto.com/ OS /201207/143927.html?ubuntuin user management (2) Group management http://www.2cto.com/ OS /201207/143929.html;Ubun...
User management in Ubuntu (4) password management links: User management in Ubuntu (1) user account http://www.2cto.com/os/201207/143927.html ; User management in Ubuntu (2) Group management http://www.2cto.com/os/201207/143929.html ; User management in Ubuntu (3) User Management http://www.2cto.com/os/201207/143932.html Password is an important part of Linux Security. through this learning, you should learn how to create a password policy for your Linux system and where the password is stored, how to manage passwords for your users. Effective password policies are an important part of a good system management plan. This policy should include the following: the allowed password composition and the prohibited password composition change the password frequency to retrieve or reset the lost password the user's operation on the password file is/etc/passwd, it is the database file of all users on the system. The format of each row is as follows: username: password: uid: gid: gecos: homedir: shell to briefly introduce the gecos field. This field is used to record the diversity of users. For example, the user's full name, office location, office phone number, home phone number, and simple remarks. For the sake of security and privacy, this field is currently rarely used. However, the system administrator needs to know this field, because traditional Unix programs such as finger and mail will use this field. Therefore, the gecos field is usually finger information field. This field is in the comma-separated border format and can be changed using the chfn (change finger) command. If an asterisk is displayed in the password field, this user cannot log on to the Linux system. The system administrator can lock a user by modifying the password field or using the passwd-l command. Some system users usually have root permissions, so the system administrator does not want these users to log on to the Linux system, you can set the shell of these system users to sbin/nologin or bin/false to prevent these accounts from logging in. Under www.2cto.com/etc/passwd file content form: cindy @ cindy-ThinkPad-X200 :~ $ Cat/etc/passwd root: x: 0: 0: root:/bin/bash daemon: x: 1: 1: daemon:/usr/sbin: /bin/sh bin: x: 2: 2: bin:/bin/sh sys: x: 3: sys:/dev:/bin/sh sync: x: 4: 65534: sync:/bin/sync games: x: 5: 60: games:/usr/games:/bin/sh man: x: 6: 12: man:/var/cache/man:/bin/sh lp: x: 7: 7: lp:/var/spool/lpd:/bin/sh mail: x: 8: 8: mail:/var/mail:/bin/sh news: x: 9: 9: news:/var/spool/news:/bin/sh uucp: x: 10: 10: uucp:/var/spool/uucp:/bin/s H cindy: x: 1000: 1000: cindy,:/home/cindy:/bin/bash www.2cto.com ...... We noticed that no user shows the password, but there is an x in the password field. This is because the user password is shadow passwords, which is a security enhancement mechanism in Linux. The real password is stored in the file/etc/shadow. The/etc/shadow file is only readable to the system administrator and PAM. Shadow password is automatically enabled in Ubuntu. The following provides the/etc/shadow file content form: cindy @ cindy-ThinkPad-X200 :~ $ Sudo cat/etc/shadow [sudo] password for cindy: root: $7 $ h9pRtnF/$ Zf8pynVBJ/m. dfAl. q1lgw8ZCmeGYqKCe/47sNfEV6FUq59UnB1CTcZVr4. 7AwtyLpizdnwlqxe0f2J/mD6th.: 15536: 0: 99999: 7: daemon: *: 15453: 0: 99999: 7: bin: *: 15453: 0: 99999: 7 ::: sys: *: 15453: 0: 99999: 7: www.2cto.com sync: *: 15453: 0: 99999: 7: games: *: 15453: 0: 99999: 7: man: *: 15453: 0: 99999: 7: lp: *: 15453: 0: 99999: 7: cindy: $6 $/IMKHjoh $ osdeLeLwe3f11QXlRts 2huVISmSKUpTyaDeXihtYV39. 7OAqakAeLda4WAWXpIeeopBmrU/zCDaKhp/aL1gqW1: 15536: 0: 99999: 7 :::...... Description of fields separated by colons: The first field is the user name. The 2nd fields are encoded passwords. The first field indicates the time when the password was last modified. The time is calculated from January 1, 3rd. These days have become epoch in the UNIX field. The 4th fields indicate the number of days after which the password can be modified again (the original password cannot be changed quickly after the new password is changed) the 5th fields at www.2cto.com indicate the number of days after which the password must be modified again. The first field indicates the number of days before the password expires. the user will receive a warning. The first field indicates how many days after the password expires, and the user will be disabled. The first field indicates the number of days that the account was disabled since January 1, 8th. 9th fields are reserved fields. Note that the password expiration date and warning are disabled by default in Ubuntu. To enable the password policy, the system administrator needs to create the password policy. The permission of etc/shadow is limited to 600, which is not readable by regular users. The system administrator can manually edit the/etc/shadow file or use the chage command to change the password rules (for details, refer to the man pages of shadow and chage ). The system administrator can run the chpasswd command to modify user passwords in batches. The command is input as user name/password pair: sudo chpasswd username: password. you can use the redirection file input to batch work. In addition, Ubuntu also provides the newusers command to add users in text files in batches, assign groups to users, and assign/home directories. Author lqhbupt