Detailed description of / etc/passwd and / etc/shadow files in linux system

In the linux operating system, every user in the / etc/passwd file has a corresponding record line, which records the basic attributes of the user. This file is readable to all users.

And the / etc/shadow file, like his name, is a shadow of the passwd file. The record line in the / etc/shadow file corresponds to one of the / etc/passwd, which is automatically generated by the pwconv command according to the data in / etc/passwd. However, only the system administrator can modify and view the / etc/shadow file.

Introduction of/etc/passwd file

Firstly, we view the contents of the / etc/passwd file through the command line cat /etc/passwd:

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
libuuid:x:100:101::/var/lib/libuuid:
syslog:x:101:104::/home/syslog:/bin/false
messagebus:x:102:106::/var/run/dbus:/bin/false
usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false
dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false
avahi-autoipd:x:105:113:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
rtkit:x:107:114:RealtimeKit,,,:/proc:/bin/false
saned:x:108:115::/home/saned:/bin/false
whoopsie:x:109:116::/nonexistent:/bin/false
speech-dispatcher:x:110:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
avahi:x:111:117:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
lightdm:x:112:118:Light Display Manager:/var/lib/lightdm:/bin/false
colord:x:113:121:colord colour management daemon,,,:/var/lib/colord:/bin/false
hplip:x:114:7:HPLIP system user,,,:/var/run/hplip:/bin/false
pulse:x:115:122:PulseAudio daemon,,,:/var/run/pulse:/bin/false
yaofei:x:1000:1000:ubuntu14.04,,,:/home/yaofei:/bin/bash
sshd:x:116:65534::/var/run/sshd:/usr/sbin/nologin
mysql:x:117:125:MySQL Server,,,:/nonexistent:/bin/false

From the file, we can see that a row of records in / etc/passwd corresponds to a user, and each row of records is separated into seven fields by colons (:). Its format and specific meaning are as follows:
User Name: Password: User ID: Group ID: Annotative Description: Home Directory: Login Shell

  • Login_name: A string representing a user's account. Usually not more than eight characters in length and composed of upper and lower case letters and/or numbers. There can be no colon (:) in the login name because the colon is a separator here. For compatibility, it is best not to include dot characters (.) in the login name, and not to use hyphens (-) and plus signs (+) to start.
  • Passwd: In some systems, encrypted user passwords are stored. Although this field only stores the encrypted string of the user's password, not plaintext, it is still a security hazard because the / etc/passwd file is readable to all users. Therefore, many Linux systems, such as SVR4, now use shadow technology to store real encrypted user passwords in / etc/shadow files, while only one special character is stored in the password field of / etc/passwd files, such as "x" or "*".
  • User ID (UID): An integer that is used internally to identify users. Usually it corresponds to the user name one to one. If several user names correspond to the same user ID number, they will be regarded as the same user within the system, but they can have different passwords, different home directories and different login shells. The range of values is 0-65535. 0 is the logo number of the superuser root. 1-99 is reserved by the system. As a management account, the logo number of ordinary users starts from 100. In Linux, the limit is 500.
  • Group Identification Number (GID): The field records the user group to which the user belongs. It corresponds to a record in the / etc/group file.
  • Annotative Description (users): The field records the user's personal information, such as the user's real name, phone number, address, etc. This field has no practical use. In different Linux systems, the format of this field is not uniform. In many Linux systems, this field stores an arbitrary commentary descriptor for finger command output.
  • Home_directory: The user's starting working directory, which is the directory in which the user logs in to the system. In most systems, each user's home directory is organized in the same specific directory, and the name of the user's home directory is the user's login name. Each user has the right to read, write and execute (search) his own home directory, while other users have the right to access the directory according to the specific circumstances.
  • Login Shell: After a user logs in, he or she starts a process responsible for passing the user's actions to the kernel. This process is a command interpreter or a specific program, namely Shell, that the user runs after logging in to the system. Shell is the interface between users and Linux systems. There are many kinds of shell in Linux, each of which has its own characteristics. Commonly used are sh (Bourne Shell), CSH (CShell), KSH (Korn Shell), tcsh (TENEX/TOPS-20 type CShell), bash (Bourne Again Shell) and so on. System administrators can specify a shell for users according to system conditions and user habits. If no shell is specified, the system uses sh as the default login shell, that is, the value of this field is / bin/sh.

Introduction of/etc/shadow file

/ etc/shadow file format is similar to / etc/passwd file format, which also consists of several fields separated by ":".
_Enter sudo cat/etc/shadow from the command line to view the contents of the file:

root:!:17043:0:99999:7:::
daemon:*:16652:0:99999:7:::
bin:*:16652:0:99999:7:::
sys:*:16652:0:99999:7:::
sync:*:16652:0:99999:7:::
games:*:16652:0:99999:7:::
man:*:16652:0:99999:7:::
lp:*:16652:0:99999:7:::
mail:*:16652:0:99999:7:::
news:*:16652:0:99999:7:::
uucp:*:16652:0:99999:7:::
proxy:*:16652:0:99999:7:::
www-data:*:16652:0:99999:7:::
backup:*:16652:0:99999:7:::
list:*:16652:0:99999:7:::
irc:*:16652:0:99999:7:::
gnats:*:16652:0:99999:7:::
nobody:*:16652:0:99999:7:::
libuuid:!:16652:0:99999:7:::
syslog:*:16652:0:99999:7:::
messagebus:*:16652:0:99999:7:::
usbmux:*:16652:0:99999:7:::
dnsmasq:*:16652:0:99999:7:::
avahi-autoipd:*:16652:0:99999:7:::
kernoops:*:16652:0:99999:7:::
rtkit:*:16652:0:99999:7:::
saned:*:16652:0:99999:7:::
whoopsie:*:16652:0:99999:7:::
speech-dispatcher:!:16652:0:99999:7:::
avahi:*:16652:0:99999:7:::
lightdm:*:16652:0:99999:7:::
colord:*:16652:0:99999:7:::
hplip:*:16652:0:99999:7:::
pulse:*:16652:0:99999:7:::
yaofei:$1$5M0Rbozg$1fWsJaQB.TFAL24b96xi41:17043:0:99999:7:::
sshd:*:17043:0:99999:7:::
mysql:!:17048:0:99999:7:::

The main meaning of the field in the file is: login name: encrypted password: last modification time: minimum time interval: maximum time interval: warning time: inactivity time: expiration time: sign

  1. "Login name" is the user account that corresponds to the login name in the / etc/passwd file
  2. The password field stores the encrypted user passwords:

    1. If it is empty, the corresponding user does not have a password and does not need a password when logging in.
    2. The asterisk indicates that the account number is locked.
    3. Double exclamation marks indicate that the password has expired.
    4. Starting at $6, it indicates that it is encrypted with SHA-512.
    5. $1 indicates that it is encrypted with MD5;
    6. $2 is encrypted with Blowfish;
    7. $5 is encrypted with SHA-256;
  3. The "last modification time" denotes the number of days from a certain time to the last password modification by the user. The time starting point may be different for different systems. In SCOLinux, for example, the starting point was January 1, 1970.

  4. "Minimum time interval" refers to the minimum number of days required between two password modifications.
  5. "Maximum time interval" refers to the maximum number of days a password remains valid.
  6. The "Warning Time" field represents the number of days from the beginning of the warning system to the official failure of the user's password.
  7. The "inactivity time" means the maximum number of days when the user has not logged in but the account is still valid.
  8. The "expiration time" field gives an absolute number of days. If this field is used, the lifetime of the corresponding account is given. After expiration, the account is no longer a legitimate account and can no longer be used for login.

Tags: shell Linux MySQL DBus

Posted on Thu, 13 Dec 2018 01:36:06 -0800 by MrPen