Detailed explanation of /etc/passwd and /etc/shadow configuration files under Linux

Enterprise 2023-07-12 21:26:30 views: null

1./etc/passwd

passwdLog users by row.

Username: Password: UID: GID: Descriptive Information: Home Directory: Default Shell

1.1 Username

The character string representing the user account must not contain a colon (:), preferably not a dot character (.), and do not use a hyphen (-) or a plus sign (+) as the first character.

1.2 Password

"x" or "*", the real password is stored in /etc/shadow, the /etc/passwd file is readable by all users, and /etc/shadow is only readable and writable by root.

1.3 UID

UID is the user ID, and each user has a unique UID, which is used to identify different users in the Linux system. User UIDs in RHEL8 are classified as follows:

UID range User ID
0 The system's admin user.
1-999 system user. To avoid being elevated by hackers to the entire server due to a loophole in a service program, the default service program will be run by an independent system user, thereby effectively controlling the scope of damage. Normally it is not possible to log in . Such as: shutdown(6), bin(1), ftp(14), halt(7), mail(8)
0 general user. Users created by administrators for daily work.

1.4 GID

The group ID number of the user's initial group .

initial group . When the user logs in, he has the relevant permissions of this user group. Each user has only one initial group, and the group with the same name as the user name is usually used as the user's initial group. When the user "linuxprobe" is created by the system administrator, the linuxprobe group will be generated as the initial group.

additional group . Users can join multiple other user groups and have the permissions of other groups. These are additional groups, and there can be more than one.

1.5 Descriptive information

Stores arbitrary annotative description text.

1.6 Home directory

The directory where the user is after logging in to the system. In most cases, the home directory of each user is under a specific directory, and the name of the user’s home directory is the user’s login name. Each user has read and execute (search ) permissions.

For example, the home directory of root is /root, and the home directory of the newly created user linuxprobe is /home/linuxprobe.

1.7 Default Shell

The command interpreter (Shell) converts the commands entered by the user into machine language that the system can recognize. The mainstream Linux uses the Bash (/bin/bash) interpreter by default, such as:

linuxprobe: x:1000:1000:linuxprobe:/home/linuxprobe:/bin/bash

If it is changed to /sbin/nologin, it means that the user cannot log in.

bin : x : 1 : 1 : bin : / bin : / sbin / nologin

In addition, there are many kinds of Shells, such as sh, csh, ksh, tcsh, etc.

2./etc/shadow

shadow
Log users by row. The default permission of this file is [-rw------]/[---------], and only root can read and write.

Username: Encrypted Password: Last Modified Time: Minimum Modified Interval: Password Validity Period: Number of Days Warning Before Password Needs to Be Changed: Grace Time After Password Expires: Account Expiration Time: Reserved Field

2.1 Username

Same as the username in /etc/passwd.

2.2 Encryption password

The format of the encrypted password is \$id\$salt\$encrypted: id represents the encryption algorithm, salt is a random number, and encrypted is the encrypted ciphertext.

id Encryption Algorithm
1 MD5
5 SHA256
6 SHA512
2、2y、y Blowfish

Salt is a salt value, a random character string of fixed length. After changing the password each time, the character string is randomly generated, and the password is hashed with an interference value, and encrypted is the hash value.

2.3 Date of last modification

Indicates the time when the password was last changed. 19458 indicates that the password was changed 19458 days after January 1, 1970.

[root@hostname etc]# date -d “1970-01-01 19458 days”
Tue Apr 11 00:00:00 CST 2023

2.4 Minimum Modification Interval

Specifies how long the password cannot be changed from the date of the last password change, and 0 means that the password can be changed at any time.

2.5 Password Validity Period

Specifies how long the password must be changed from the date of the last password change. The default is 99999 (indicating that the password is permanently valid), and it is often changed to 90.

2.6 Warning days before password needs to be changed

Remind the user "the password expires in n days!", the default is 7, the last 7 days before the password is valid, and a warning will be issued every time the user logs in to the system.

2.7 Grace Time After Password Expiration

After the password expires, you can still log in without changing the password. 0 means that the password will expire immediately after it expires, -1 means it will never expire, and 10 means it will expire after 10 days.

2.8 Account expiration time

The total number of days since January 1, 1970 is used as the account expiration time. Outside this specified time, no matter whether it is expired or not, the account cannot be used.

2.9 Reserved fields

Not used yet.

Guess you like

Origin blog.csdn.net/weixin_47505548/article/details/130833278
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com