Reprinted from: https://www.cnblogs.com/fuyuanming/p/6519758.html
In the Linux system, the accounts and passwords of all users (including system administrators) can be found in the two files /etc/passwd and /etc/shadow. (Users and passwords are placed in the file, so you are not afraid of being seen by others Or modify it? /etc/passwd can only be modified by the system administrator, other users can view it, and /etc/shadow other users can not see it)
[root@localhost Python-3.5.0]# vim /etc/shadow [root@localhost Python-3.5.0]# ls -al /etc/passwd /etc/shadow -rw-r--r--. 1 root root 2250 12月 14 00:17 /etc/passwd ----------. 1 root root 1263 12月 14 00:17 /etc/shadow
The above lists the access authority information of passwd and shadow files. Passwd saves the account, and shadow saves the account password and other information. Let’s take a look at the contents of these two files in detail:
/etc/passwd
Use the command vi /etc/passwd to open the passwd file to have a look, the following are some of the contents as follows:
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh
Each line above represents a user, and each line is divided into seven parts by [:].
1. Account name
2. Originally used to save passwords, now the passwords are stored in /etc/shadow, so x
3. UID, which is the user ID, is displayed here . The default UID of the system administrator is 0. When we add users, it is better to use a UID above 1000, and the UID in the range of 1-1000 is best reserved for the system.
4. GID, which is the group ID
5. Some descriptive information about the account (can be ignored for the time being)
6. The home directory of the account, which is the default directory after you log in to the system.
7. The shell used by the account
/etc/shadow
vi /etc/shadow
root:!:15324:0:99999:7::: daemon:*:15259:0:99999:7::: bin:*:15259:0:99999:7::: letuknowit:$1$cPf/cIvr$sCws95uSip2ljTK052DDB.:15400:5:60:7:2:15490:
Here is also divided by [:], but there are a total of nine columns divided here, and the explanation of each column is as follows:
1. Account name (the password needs to correspond to the account)
2. The encrypted password (you can't learn CSDN to put plaintext passwords, right), if the first character in this column is! Or *, it means this is An account that cannot log in, as can be seen from the above, ubuntu does not enable the root account by default.
3. The date of the most recent password change (isn’t it a date, it’s a bunch of numbers, don’t worry, this is the total number of days since January 1, 1970). How can we know how many days are there since January 1, 1970? It's very simple, you change your password, and then see what the number in this column is!
4. The number of days that the password cannot be changed: If this value is set, it means how many days from the date the password was changed, the password cannot be changed again. If it is 0, there is no limit.
5. The number of days the password needs to be changed again: the password often Replacement can ensure security. In order to remind some users who often do not change their passwords, you can set a number of days to force the user to change the password, which means that the user's password will expire in how many days, if it is 99999, there is no limit.
6. Password expiration Warning days: If the number of days for the password to be changed is set in 5, it will be reminded how many days before the password expires, prompting the user how many days after the password will expire
7. Forgiveness time for password expiration: If set in 5 After the date has passed, if the user still does not change the password, the user can continue to use the number of days
8. The account expiration date, after this date, the account cannot be used
9. The reserved
Take the last user letuknowit above as an example (15400 corresponds to the date March 1, 2012), which protects the following information:
3. The last time the user letuknowit changed his password was March 1,
2012. 4. The password can no longer be changed before March 6, 2012.
5. During the period 2012-3-1 to 2012-4-29 letuknowit The password needs to be changed.
6. 7 days before 2012-4-29, when letuknowit logs in to the system, the system will prompt letuknowit that its password is about to expire.
7. If letuknowit has not changed the password until 2012-4-29, it will You can still use the account for 2 days, and the account will be unavailable after 2 days
8. In any case, the account will be invalidated on May 29, 2012