Interpretation of Linux account related documents

1.PASSWD Interpretation: This file is structured, each line represents an account, a few lines on behalf of a few accounts, there are many accounts are necessary for the system to function properly, such as bin,daemon,adm, such as the path/etc/passwd

Eg:root:x:0:0:root:/bin/bash

Each line is separated by: seven paragraphs, respectively:

1) account name, which corresponds to UID

2) Password: Early UNIX system store password directly here, but because this file all programs can read, so it is easy to cause the password data is stolen, so this field password data is put in/etc/shadow

3) UID: The identifier of the user, different permissions correspond to different ID segments, as follows:

0: When the UID is 0 o'clock, represents this account is the system account, so when you want to let other account name also has root permission, the UID of the account is changed to 0.

1~499: reserved for the system to use the ID, in fact, in addition to 0, the other UID permissions and features are not different. The default of 500 below the number of the system as a reserved account is just a habit.

Since the services started on the system want to use the smaller permissions to operate, so do not want to use root identity to operate, so we have to provide these operating procedures in the owner account, these accounts are not allowed to log in.

According to the origin of the system account, usually the system account is also roughly divided into two types:

1~99: Distributions self-established system account

100~499: If the user has the system account requirements, can use the account UID

500~65535: For ordinary users. However, Linux core 2.6.x can support the UID account of 2^32-1=4294967295.

4) GID: Related to/etc/group

5) User Information Description bar: Explain the meaning of this account, you can check the information through the finger command

6) Home directory: Root,/root; other,/home/user name

8) Shell: User-used Bash command library

2.shadow Interpretation: Store user password, path,/etc/shadow. eg

Root:$1$/30qqe5e$y9n/d0bh6raacbez.hqo00:14126:0:99999:7:::

Shadow also takes: as a separator, divided into nine fields, these nine fields represent:

1) Account name

2) Password: The file only root has permission to read and write, now generally use MD5 encrypted ciphertext, because the fixed encoding system to generate the password length must be consistent, so when you let the length of this field change, the password will be invalidated.

3) Date of recent password change: The time stamp is displayed in the form

4) The number of days the password cannot be changed: the password of this account will be changed after a few days after the last modification. 0, indicating that it can be modified at any time

5) The number of days the password needs to be modified: that is, after the most recent password change, the number of days to re-modify the password, if the password is not changed, the password will expire.

6) Password need to change the duration of the warning days: When the user's password expiration speech to this near the time, the system will be based on the setting of this field to issue a warning to this account, remind him how many days password expires, please change the password as soon as possible yo.

7) password expires after the period of time: the password expires, the user can still log in the system, but after the login, the system will force the user to change the password, and then re-login system

8) Account expiration Date: After the date is reached, the account will be disabled regardless of whether its password expires.

9) Reservation: The last one is the reserved field, see if there are any new features added

3.group interpretation: Each line of this file represents a group, with: As a delimiter, divided into 4 columns, the meaning of the representative:

1) Group name

2) group password: Usually not set, this setting is usually used for the group administrator, there is little chance to set the group administrator, similarly, the password has been moved to/etc/gshadow, so this field will only exist an X.

3) GID: Group ID

4) The group supports the name of the account: separated by commas, to let users join the group, just add the user face here can

4.groups: Displays the group to which the current user belongs, the first of which is a valid group, that is, when the user creates a new profile, the group name is the group name

5.NEWGRP Active Group Name: Switch the active group in the supported (owning) group, and after the instruction executes, the system will enable the new shell and re-read the GID, so if you want to switch to the original environment, exit login is required.

6.gshadow Interpretation: Storage group password, path,/etc/gshadow, delimiter ":"

Eg:root:::root, the meaning of each paragraph,

1) Group name

2) password bar, at the beginning if! means no legal password, i.e. no group administrator

3) Group Admin Account

4) All accounts for this group

This article is from "Tiger Brother's Blog" blog, please be sure to keep this source http://7613577.blog.51cto.com/7603577/1597036

Interpretation of Linux account related documents