If a user on the Linux operating system needs to log in to the host, after entering the user name and password:
- First, look for your account in the /etc/passwd file. If not, you cannot log in. If so, read the user's UID and GID, and also read the user's shell settings.
- Then go to the /etc/shadow file to find the password of the corresponding user according to the UID, if the match is the same
- Enter the stage of shell control.
Below we explain these two files in detail:
One: /etc/passwd
root@kali:~# cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin test:x:1000:1000::/home/test:/bin/sh
:Separate fields with .
| field | meaning |
|---|---|
| 1 | username |
| 2 | The user's password was originally stored directly in the second field, but for security, the /etc/shadow file was finally created, which is now replaced by x by default |
| 3 | The user's uid, in general, root is 0, 1-499 is the default system account, and some are larger to 1000, 500-65535 is the user's login account, and some systems start from 1000. |
| 4 | The gid of the user and the user of linux will have two IDs, one is the user uid and the other is the user group id. When we log in, enter the user name and password. In fact, we will first go to /etc/passwd to see if there is an account you entered. Or the username, if any, read out the account and the corresponding UID and GID (in /etc/group). Then read the settings of the main folder and shell, and then check whether the password is correct. If it is correct, log in normally. |
| 5 | User account description explanation |
| 6 | user's home directory |
| 7 | If the shell used by the user is changed to /sbin/nologin/, there is no login environment by default. |
二:/etc/shadow
root@kali:~# cat /etc/shadow root:$6$DUiJ86eR$qR8rjOj3wK0niIGnFxatv/hw5/198D8kIVYa.RjxvdWgZMrPSrVU4tcio0G/vRvVoGY5AYOKziVo9kFVIgnYS1:17631:0:99999:7::: daemon:*:17557:0:99999:7::: bin:*:17557:0:99999:7::: sys:*:17557:0:99999:7::: sync:*:17557:0:99999:7::: games:*:17557:0:99999:7::: man:*:17557:0:99999:7:::
| field | meaning |
|---|---|
| 1 | username |
| 2 | User's password encrypted field |
| 3 | The date the password has been used (from 1970-01-01, why? Because the prototype of unix was released in 1969, based on the consideration of the system at that time, that's all) |
| 4 | The minimum number of days after the password can be modified (in the example, it is after 3 days, that is, it can be modified again after 3 days of modification) |
| 5 | How many days after the password must be changed (in the example, 99999 means that the password can never be changed) |
| 6 | Remind me to change the password a few days before the change (7 days in the example) |
| 7 | If there is no modification, it will be extended by a few days (in the example, it will be extended by 3 days) |
| 8 | In any case until this time expires (the time in the example is counted from 1970-01-01) |
| 9 | Reserved field, currently meaningless |
Reprinted from: https://blog.csdn.net/yangbodong22011/article/details/50753906