Detailed explanation of the contents of Linux /etc/shadow (shadow file)

Others 2021-03-01 16:06:51 views: null

Article Directory

1. What is /etc/shadow used for?

The /etc/shadow file is used to store the password information of the user in the Linux system, also known as the "shadow file".

Earlier UNIX passwords are placed in the /etc/passwd file. Since this file allows all users to read it, it is easy to cause the user's password to be leaked. Therefore, it is separated from the /etc/passwd file and placed in this file separately. Only the root user has the read permission for the /etc/shadow file, which ensures the security of the user's password.

Let's take a look at what's in the /etc/shadow file first

root:!:17826:0:99999:7:::
daemon:*:17737:0:99999:7:::
bin:*:17737:0:99999:7:::
...太多了,省略一部分...
skx:$1$jP$V1agVNyLfEYwNQLc6IrJt0:17826:0:99999:7:::
lilei:$6$zvt9aWzy$aoZDNPL0.mXFfsJczn.9gZtHZwmFTAFIbe4qHZd48zeB1mIka7jOsrmGvGMBV8LUV.iUdr6bk0hQZyGSOPiTy/:18420:0:99999:7:::

Each line in the file represents a user, separated by ":", each line of user information has 9 fields, the format is as follows:

用户名:加密密码:最后一次修改时间:最小修改时间间隔:密码有效期:密码需要变更前的警告天数:密码过期后的宽限时间:账号失效时间:保留字段

Detailed introduction below

2. Detailed explanation of fields

2.1 Username

root, skx, lilei are all users.

2.2 Encrypted password

Here is the real encrypted password, take lilei's password as an example

$6$zvt9aWzy$aoZDNPL0.mXFfsJczn.9gZtHZwmFTAFIbe4qHZd48zeB1mIka7jOsrmGvGMBV8LUV.iUdr6bk0hQZyGSOPiTy/

This password is one-way irreversible. The current Linux password uses the SHA512 hash encryption algorithm, which originally used the MD5 or DES encryption algorithm. The SHA512 hash encryption algorithm has a higher encryption level and is more secure.

Note that the garbled codes generated by this series of passwords cannot be manually modified. If manually modified, the system will not be able to recognize the password, resulting in the password becoming invalid. Many softwares use this function to add "!", "*" or "x" before the password string to temporarily invalidate the password.

The passwords of all pseudo users are "!!" or "*", which means that they cannot log in without a password. Of course, if the newly created user does not set a password, its password item is also "!!", which means that the user cannot log in without a password.

2.3 Last modified time

This field indicates the time when the password was last modified. The meaning of the number is the number of days from January 1, 1970 to the present. January 1, 1970 is regarded as 1, and 1 is added after a day. The last modification time of the root account above is 17826. What day is this, you can use the following command to convert:

root@ubuntu:~# date -d "1970-01-01 17826 days"
2018年 10月 22日 星期一 00:00:00 +08

2.4 Minimum modification time interval

If this value is set, it means that the password cannot be changed again within a few days from the date when the password is changed. If it is 0, there is no limit.

2.5 Password validity period

The default value of this field is 99999, which is 273 years, which can be considered permanent. If it is changed to 90, it means that the password must be changed 90 days after the change, otherwise the user will expire soon. You can use this field to force users to change their passwords regularly.

2.6 The number of warning days before the password needs to be changed

The password is about to expire, the system will give a warning, reminding the user "Your password will expire in n days, please reset your password as soon as possible!". The default value of this field is 7.

2.7 Grace days after password expiration

After the password expires, it does not expire immediately. The user can still log in to the system within the grace days specified in this field; if the grace days have passed, the system will no longer allow the account to log in, and will not prompt the account to expire. It is completely Disabled.

Assuming that this field is set to 10, it means that the password expires 10 days after it expires; if it is 0, it means that the password expires immediately after it expires; if it is -1, it means that the password will never expire.

2.8 Account expiration time

The account cannot be used after this date. Use the total number of days since January 1, 1970 as the expiration time of the account. This field is usually used in systems with charging services.

2.9 Reservation

This field is currently not used, waiting for the addition of new features.

Reference: http://c.biancheng.net/view/840.html

Guess you like

Origin blog.csdn.net/happyjacob/article/details/109701906
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com