In the linux operating system, every user in the / etc/passwd file has a corresponding record line, which records the basic attributes of the user. This file is readable to all users.
And the / etc/shadow file, like his name, is a shadow of the passwd file. The record line in the / etc/shadow file corresponds to one of the / etc/passwd, which is automatically generated by the pwconv command according to the data in / etc/passwd. However, only the system administrator can modify and view the / etc/shadow file.
Firstly, we view the contents of the / etc/passwd file through the command line cat /etc/passwd:
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin libuuid:x:100:101::/var/lib/libuuid: syslog:x:101:104::/home/syslog:/bin/false messagebus:x:102:106::/var/run/dbus:/bin/false usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false avahi-autoipd:x:105:113:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false rtkit:x:107:114:RealtimeKit,,,:/proc:/bin/false saned:x:108:115::/home/saned:/bin/false whoopsie:x:109:116::/nonexistent:/bin/false speech-dispatcher:x:110:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh avahi:x:111:117:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false lightdm:x:112:118:Light Display Manager:/var/lib/lightdm:/bin/false colord:x:113:121:colord colour management daemon,,,:/var/lib/colord:/bin/false hplip:x:114:7:HPLIP system user,,,:/var/run/hplip:/bin/false pulse:x:115:122:PulseAudio daemon,,,:/var/run/pulse:/bin/false yaofei:x:1000:1000:ubuntu14.04,,,:/home/yaofei:/bin/bash sshd:x:116:65534::/var/run/sshd:/usr/sbin/nologin mysql:x:117:125:MySQL Server,,,:/nonexistent:/bin/false
From the file, we can see that a row of records in / etc/passwd corresponds to a user, and each row of records is separated into seven fields by colons (:). Its format and specific meaning are as follows:
User Name: Password: User ID: Group ID: Annotative Description: Home Directory: Login Shell
- Login_name: A string representing a user's account. Usually not more than eight characters in length and composed of upper and lower case letters and/or numbers. There can be no colon (:) in the login name because the colon is a separator here. For compatibility, it is best not to include dot characters (.) in the login name, and not to use hyphens (-) and plus signs (+) to start.
- Passwd: In some systems, encrypted user passwords are stored. Although this field only stores the encrypted string of the user's password, not plaintext, it is still a security hazard because the / etc/passwd file is readable to all users. Therefore, many Linux systems, such as SVR4, now use shadow technology to store real encrypted user passwords in / etc/shadow files, while only one special character is stored in the password field of / etc/passwd files, such as "x" or "*".
- User ID (UID): An integer that is used internally to identify users. Usually it corresponds to the user name one to one. If several user names correspond to the same user ID number, they will be regarded as the same user within the system, but they can have different passwords, different home directories and different login shells. The range of values is 0-65535. 0 is the logo number of the superuser root. 1-99 is reserved by the system. As a management account, the logo number of ordinary users starts from 100. In Linux, the limit is 500.
- Group Identification Number (GID): The field records the user group to which the user belongs. It corresponds to a record in the / etc/group file.
- Annotative Description (users): The field records the user's personal information, such as the user's real name, phone number, address, etc. This field has no practical use. In different Linux systems, the format of this field is not uniform. In many Linux systems, this field stores an arbitrary commentary descriptor for finger command output.
- Home_directory: The user's starting working directory, which is the directory in which the user logs in to the system. In most systems, each user's home directory is organized in the same specific directory, and the name of the user's home directory is the user's login name. Each user has the right to read, write and execute (search) his own home directory, while other users have the right to access the directory according to the specific circumstances.
- Login Shell: After a user logs in, he or she starts a process responsible for passing the user's actions to the kernel. This process is a command interpreter or a specific program, namely Shell, that the user runs after logging in to the system. Shell is the interface between users and Linux systems. There are many kinds of shell in Linux, each of which has its own characteristics. Commonly used are sh (Bourne Shell), CSH (CShell), KSH (Korn Shell), tcsh (TENEX/TOPS-20 type CShell), bash (Bourne Again Shell) and so on. System administrators can specify a shell for users according to system conditions and user habits. If no shell is specified, the system uses sh as the default login shell, that is, the value of this field is / bin/sh.
/ etc/shadow file format is similar to / etc/passwd file format, which also consists of several fields separated by ":".
_Enter sudo cat/etc/shadow from the command line to view the contents of the file:
root:!:17043:0:99999:7::: daemon:*:16652:0:99999:7::: bin:*:16652:0:99999:7::: sys:*:16652:0:99999:7::: sync:*:16652:0:99999:7::: games:*:16652:0:99999:7::: man:*:16652:0:99999:7::: lp:*:16652:0:99999:7::: mail:*:16652:0:99999:7::: news:*:16652:0:99999:7::: uucp:*:16652:0:99999:7::: proxy:*:16652:0:99999:7::: www-data:*:16652:0:99999:7::: backup:*:16652:0:99999:7::: list:*:16652:0:99999:7::: irc:*:16652:0:99999:7::: gnats:*:16652:0:99999:7::: nobody:*:16652:0:99999:7::: libuuid:!:16652:0:99999:7::: syslog:*:16652:0:99999:7::: messagebus:*:16652:0:99999:7::: usbmux:*:16652:0:99999:7::: dnsmasq:*:16652:0:99999:7::: avahi-autoipd:*:16652:0:99999:7::: kernoops:*:16652:0:99999:7::: rtkit:*:16652:0:99999:7::: saned:*:16652:0:99999:7::: whoopsie:*:16652:0:99999:7::: speech-dispatcher:!:16652:0:99999:7::: avahi:*:16652:0:99999:7::: lightdm:*:16652:0:99999:7::: colord:*:16652:0:99999:7::: hplip:*:16652:0:99999:7::: pulse:*:16652:0:99999:7::: yaofei:$1$5M0Rbozg$1fWsJaQB.TFAL24b96xi41:17043:0:99999:7::: sshd:*:17043:0:99999:7::: mysql:!:17048:0:99999:7:::
The main meaning of the field in the file is: login name: encrypted password: last modification time: minimum time interval: maximum time interval: warning time: inactivity time: expiration time: sign
- "Login name" is the user account that corresponds to the login name in the / etc/passwd file
The password field stores the encrypted user passwords:
- If it is empty, the corresponding user does not have a password and does not need a password when logging in.
- The asterisk indicates that the account number is locked.
- Double exclamation marks indicate that the password has expired.
- Starting at $6, it indicates that it is encrypted with SHA-512.
- $1 indicates that it is encrypted with MD5;
- $2 is encrypted with Blowfish;
- $5 is encrypted with SHA-256;
The "last modification time" denotes the number of days from a certain time to the last password modification by the user. The time starting point may be different for different systems. In SCOLinux, for example, the starting point was January 1, 1970.
- "Minimum time interval" refers to the minimum number of days required between two password modifications.
- "Maximum time interval" refers to the maximum number of days a password remains valid.
- The "Warning Time" field represents the number of days from the beginning of the warning system to the official failure of the user's password.
- The "inactivity time" means the maximum number of days when the user has not logged in but the account is still valid.
- The "expiration time" field gives an absolute number of days. If this field is used, the lifetime of the corresponding account is given. After expiration, the account is no longer a legitimate account and can no longer be used for login.