Learning / etc / group / etc / passwd and / etc / shadow

System file / etc / passwd management of user information
System file / etc / shadow management user password information
System file / etc / group management user group information

1./etc/group

The user group is a means for users to manage and control access to the Linux system.

Each user belongs to a user group; a group may have a plurality of users, a user may also belong to different groups. When a user is also a member of more than one group, the record in the / etc / passwd file is the primary group the user belongs, which is the default login group belongs, while the other group is called additional groups.

document content	Content explanation	For Li
cat /etc/group root:x:0: daemon:x:1: am: x: 2: sys:x:3: adm:x:4:roaddb	Group Name: Password: Group ID: the group user list Name the group: group name is the name of a user group composed of letters or numbers. And / etc / passwd login name as the group name should not be repeated . I.e. cryptography segment :( password) stored in the password field is the user password encrypted group. General Linux system user group have no password, that this field is usually empty, or . Group ID (GID): group ID similar to the user identification number, is an integer, is used to identify groups within the system.* Subscriber in the group list: a list of all users belonging to this group, (,) different users are separated by commas. This user group may be the user's primary group, it may be an additional group.	To root: x: 0: aa an example: Root user group, X is a code segment, indicating that neither a password, GID is 0, the root user group comprising aa and GID 0 to other users.

document content

Content explanation

For Li

cat /etc/group

root:x:0:
daemon:x:1:
am: x: 2:
sys:x:3:
adm:x:4:roaddb

Group Name: Password: Group ID: the group user list

Name the group: group name is the name of a user group composed of letters or numbers. And / etc / passwd login name as the group name should not be repeated .

I.e. cryptography segment :( password) stored in the password field is the user password encrypted group. General Linux system user group have no password, that this field is usually empty, or *.

Group ID (GID): group ID similar to the user identification number, is an integer, is used to identify groups within the system.

Subscriber in the group list: a list of all users belonging to this group, (,) different users are separated by commas. This user group may be the user's primary group, it may be an additional group.

To root: x: 0: aa an example:

Root user group, X is a code segment, indicating that neither a password, GID is 0, the root user group comprising aa and GID 0 to other users.

2./etc/passwd

document content	Content explanation
cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin	Username: Password: user ID: Group ID: Annotated Description: home directory: login Shell Username: usually no longer than eight characters, a case alphanumeric. . Login name can not have a colon (:), dot character (), and does not use a hyphen (-) and plus (+) starts. Password: password encryption, typically only store a special character, such as "x" or "." User identification number (UID): is an integer, within the system to use it to identify the user. Under normal circumstances it with the user name is one to one, if the user identification number corresponding to the number of user names are the same, within the system will treat them as the same user , but they can have different passwords, different home directories Shell, etc. as well as different login. The UID ranges 0-65535.0 super root user identification number, 1-99 retained by the system, as account management, common user identification number 100 from the beginning. On Linux systems, this limit is 500. Group ID (GID): recording user group the user belongs. Which corresponds to a record / etc / group file. Note description (users): stored in an arbitrary section is annotative text description, made with finger output command. Home directory (home_directory): the user's home working directory is a user directory located after logging on to the system. 登录Shell(Shell):用户登录后，要启动一个进程，负责将用户的操作传给内核*，这个进程是用户登录到系统后运行的命令解释器或某个特定的程序，即Shell。 Shell是用户与Linux系统之间的接口。Linux的Shell有许多种，每种都有不同的特点。常用的有sh(BourneShell), csh(CShell), ksh(KornShell), tcsh(TENEX/TOPS-20typeCShell), bash(BourneAgainShell)等。系统管理员可以根据系统情况和用户习惯为用户指定某个Shell。如果不指定Shell，那么系统使用sh为默认的登录Shell，即这个字段的值为/bin/sh。

document content

Content explanation

cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin

Username: Password: user ID: Group ID: Annotated Description: home directory: login Shell

Username: usually no longer than eight characters, a case alphanumeric. . Login name can not have a colon (:), dot character (), and does not use a hyphen (-) and plus (+) starts.

Password: password encryption, typically only store a special character, such as "x" or "*."

User identification number (UID): is an integer, within the system to use it to identify the user. Under normal circumstances it with the user name is one to one, if the user identification number corresponding to the number of user names are the same, within the system will treat them as the same user , but they can have different passwords, different home directories Shell, etc. as well as different login. The UID ranges 0-65535.0 super root user identification number, 1-99 retained by the system, as account management, common user identification number 100 from the beginning. On Linux systems, this limit is 500.

Group ID (GID): recording user group the user belongs. Which corresponds to a record / etc / group file.

Note description (users): stored in an arbitrary section is annotative text description, made with finger output command.

Home directory (home_directory): the user's home working directory is a user directory located after logging on to the system.

登录Shell(Shell):用户登录后，要启动一个进程，负责将用户的操作传给内核，这个进程是用户登录到系统后运行的命令解释器或某个特定的程序，即Shell。

Shell是用户与Linux系统之间的接口。Linux的Shell有许多种，每种都有不同的特点。常用的有sh(BourneShell), csh(CShell), ksh(KornShell), tcsh(TENEX/TOPS-20typeCShell), bash(BourneAgainShell)等。系统管理员可以根据系统情况和用户习惯为用户指定某个Shell。如果不指定Shell，那么系统使用sh为默认的登录Shell，即这个字段的值为/bin/sh。

3./etc/shadow

shadow内容包括用户及被加密的密码以及其它/etc/passwd 不能包括的信息，比如用户的有效期限等；这个文件只有root权限可以读取和操作，权限如下：

-r-------- 1 root root 1.5K 10月 16 09:49 /etc/shadow

文件内容	内容解释
sudo cat /etc/shadow root::18057:0:99999:7::: daemon::18057:0:99999:7::: bin::18057:0:99999:7::: sys::18057:0:99999:7::: sync::18057:0:99999:7::: games::18057:0:99999:7:::	/etc/shadow 文件的内容包括9个字段用户名:密码:上次修改密码的时间:两次修改口令间隔最少的天数:两次修改口令间隔最多的天数:提前多少天警告用户口令将过期:在口令过期之后多少天禁用此用户:用户过期日期:保留字段用户名:在/etc/shadow中，用户名和/etc/passwd 是相同的，这样就把passwd 和shadow中用的用户记录联系在一起；这个字段是非空的；密码(已被加密):如果是有些用户在这段是x，表示这个用户不能登录到系统；这个字段是非空的；上次修改口令的时间:这个时间是从1970年01月01日算起到最近一次修改口令的时间间隔（天数），您可以通过passwd 来修改用户的密码，然后查看/etc/shadow中此字段的变化；两次修改口令间隔最少的天数:如果设置为0,则禁用此功能，也就是说用户必须经过多少天才能修改其口令；此项功能用处不是太大；默认值是通过/etc/login.defs文件定义中获取，PASS_MIN_DAYS 中有定义；两次修改口令间隔最多的天数：这个能增强管理员管理用户口令的时效性，应该说在增强了系统的安全性；如果是系统默认值，是在添加用户时由/etc/login.defs文件定义中获取，在PASS_MAX_DAYS 中定义；提前多少天警告用户口令将过期:当用户登录系统后，系统登录程序提醒用户口令将要作废；如果是系统默认值，是在添加用户时由/etc/login.defs文件定义中获取，在PASS_WARN_AGE 中定义；在口令过期之后多少天禁用此用户:此字段表示用户口令作废多少天后，系统会禁用此用户，也就是说系统会不能再让此用户登录，也不会提示用户过期，是完全禁用；用户过期日期:此字段指定了用户作废的天数（从1970年的1月1日开始的天数），如果这个字段的值为空，帐号永久可用；保留字段:目前为空，以备将来Linux发展之用；

文件内容

内容解释

sudo cat /etc/shadow

root:*:18057:0:99999:7:::
daemon:*:18057:0:99999:7:::
bin:*:18057:0:99999:7:::
sys:*:18057:0:99999:7:::
sync:*:18057:0:99999:7:::
games:*:18057:0:99999:7:::

/etc/shadow 文件的内容包括9个字段

用户名:密码:上次修改密码的时间:两次修改口令间隔最少的天数:两次修改口令间隔最多的天数:提前多少天警告用户口令将过期:在口令过期之后多少天禁用此用户:用户过期日期:保留字段

用户名:在/etc/shadow中，用户名和/etc/passwd 是相同的，这样就把passwd 和shadow中用的用户记录联系在一起；这个字段是非空的；

密码(已被加密):如果是有些用户在这段是x，表示这个用户不能登录到系统；这个字段是非空的；

上次修改口令的时间:这个时间是从1970年01月01日算起到最近一次修改口令的时间间隔（天数），您可以通过passwd 来修改用户的密码，然后查看/etc/shadow中此字段的变化；

两次修改口令间隔最少的天数:如果设置为0,则禁用此功能，也就是说用户必须经过多少天才能修改其口令；此项功能用处不是太大；默认值是通过/etc/login.defs文件定义中获取，PASS_MIN_DAYS 中有定义；

两次修改口令间隔最多的天数：这个能增强管理员管理用户口令的时效性，应该说在增强了系统的安全性；如果是系统默认值，是在添加用户时由/etc/login.defs文件定义中获取，在PASS_MAX_DAYS 中定义；

提前多少天警告用户口令将过期:当用户登录系统后，系统登录程序提醒用户口令将要作废；如果是系统默认值，是在添加用户时由/etc/login.defs文件定义中获取，在PASS_WARN_AGE 中定义；

在口令过期之后多少天禁用此用户:此字段表示用户口令作废多少天后，系统会禁用此用户，也就是说系统会不能再让此用户登录，也不会提示用户过期，是完全禁用；

用户过期日期:此字段指定了用户作废的天数（从1970年的1月1日开始的天数），如果这个字段的值为空，帐号永久可用；