Linux-/etc/passwd and/etc/shadow file structures

/ETC/PASSWD file Structure

1. Account Name:
It's an account! Used to correspond to the UID. For example, root UID corresponds to 0 (third field);

2. Password:
The password for the early Unix system is placed on this field! But because this file is characterized by all the programs can be read, so it is easy to cause the password data to be stolen, so then the password data of this field to his/etc/shadow. So here you will see an "x", hehe!

3. UID:
This is the user identifier! Linux usually has several limitations on UID that you need to know:

ID Range	The ID consumer attribute
0 (System administrator)	When the UID is 0 o'clock, this account is "system administrator"! So when you want other account names to have root privileges, change the UID of the account to 0. That is to say, the system administrator on a system is not the only root! However, it is not recommended to have multiple account UID is 0 ~
1~499 (System account)	The ID reserved for the system, in fact, except 0, the other UID permissions and features are not different. The default of 500 below the number of the system as a reserved account is just a habit. Since the services started on the system want to run with smaller permissions, we do not want to use root to run these services, so we have to provide the owner account of these running programs. These system accounts are usually not logged in, so there will be a special shell of the/sbin/nologin we mentioned in chapter 11th. According to the origin of the system account, usually the system account is also roughly divided into two types: 1~99: A system account created by the distributions itself; 100~499: If the user has the system account requirements, you can use the account UID.
500~65535 (Can login account)	For ordinary users. In fact, the current Linux core (2.6.x version) has been able to support the 4294967295 (2^32-1) Such a large UID number Oh!

Do you understand the above explanation? Yes, the UID is 0 when it is root yo! So please pay special attention to your/etc/passwd file!

4. GID:
This is related to/etc/group! In fact, the concept of/etc/group and/etc/passwd almost, but he is used to standardize the group name and GID of the corresponding only!

5, User Information description column:
This field basically doesn't have any important purpose, just to explain the meaning of this account! However, if you provide the ability to use finger, this field can provide a lot of information! The CHFN command later in this chapter explains the instructions here.

6. Home directory:
This is the user's home directory, for example, root home directory in/root, so when the root login, will immediately run to the/root directory! Oh! If you have an account with a very large space, you want to move the home directory of the account to the other hard drive to do? No mistake! Can be modified in this field yo! Default User home directory in/home/youridname

7. Shell:
When the user logs into the system, a Shell is made to communicate with the core of the system to carry out the user's operation tasks. So why is the default shell using bash? is specified in this field! It is important to note here that there is a shell that can be used to replace the login action that prevents the account from getting the shell environment! That's/sbin/nologin this thing! This can also be used to create pure POP mail account of the data of the person!

/etc/shadow

1. Account Name:
Because the password also need to correspond with the account AH ~ Therefore, the first column of this file is an account, must be the same as/etc/passwd!

2. Password:
The data in this field is the real password, and it is encoded password (encryption)! You'll only see the letters with some special symbols! It should be noted that although these encrypted passwords are difficult to solve, the "hard" is not equal to "no", so the default permission for this file is "-RW-------" or "-R--------", that is, only root can read and write! You have to pay attention, do not accidentally change the permissions of this file!

In addition, because of the different techniques of password coding, various coding systems will cause this field to be of varying lengths. For example, legacy DES encoding systems generate a different password length than the current MD5 (Note 2)! MD5 's password length is significantly longer. Since a fixed encoding system must produce a consistent password length, "When you change the length of this field, the password will expire (not be counted)". A lot of software through this function, add before this field! or * Change the password field length, will let the password "temporarily invalid".

3. Date of recent change of password:
This field records the date of the day when the password was changed, and the date of the Linux date is January 1, 1970 as 1, and the January 1, 1971 is 366.

4. Number of days for which the password cannot be changed: (Compared to the 3rd field)
The fourth field is recorded: the password for this account will be changed after a few days after the last change! If it is 0, it means that the password can be changed at any time. The limit is to be afraid of the password by some people to change and redesign! If configured for 20 days, then after you configure the password, within 20 days can not change the password yo!

5. Number of days the password needs to be re-changed: (Compared to the 3rd field)
Changing passwords often is a good habit! In order to force the user to change the password, this field can specify the number of days after the most recent password change password to be changed. You must reconfigure your password within this number of days, otherwise the password for this account will "become outdated". And if like the above 99999 (calculated as 273 years), it means that, hehe, the change of password is not mandatory meaning.

6, password need to change the warning days before the deadline: (compared with the 5th field)
When the password expiration date of the account is approaching (the 5th field), the system will issue "warning" statements to this account according to the configuration of this field, reminding him that "your password will expire in another n days, please reconfigure your password as soon as possible!" ", as in the above example, the system warns the user within 7 days before the password expires.

7, password expires after the account Grace time (password expiration date): (compared with the 5th field)
The password valid date is "Upgrade date (3rd field)" + "Re-change date (5th field)", after which the user still does not have the upgrade password, the password even expires. Although the password expires but the account can be used for other tasks, including the login system to get bash. However, if the password expires, then when you log into the system, the system will be forced to require you to reconfigure the password to log on to continue to use Oh, this is the password expiration feature.

What is the function of this field? After a few days after the password expires, if the user still does not login change password, then the password of the account will be "invalid", that is, the account can no longer use the password login. Be aware that password expiration is not the same as password invalidation.

8. Expiration date of account:
This date is the same as the third field, which is configured with the total number of days since 1970 years. This field indicates that the account will no longer be available after the date specified in this field. The so-called "account Failure", this time regardless of whether your password has expired, this "account" can no longer be used! This field will usually be used in the "paid service" system, you can specify a date so that the account can no longer be used!

9. Reservation:
The last field is reserved to see if any new features are added later.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Linux-/etc/passwd and/etc/shadow file structures