Acquaintance Linux / etc / passwd and / etc / shadow

Language 2020-03-08 21:21:42 views: null

20.3.8
White Learning Diary three: / etc / passed and / etc / shadow file content analysis

Understanding / etc / passwd and / etc / shadow

Two Linux file system is the most important documents, information and user and group related files in these systems, if the problem can not log normal system.

/ Etc / passwd file:

		[root@mling ~]# cat /etc/passwd | head
		root: x:0:0:root:/root:/bin/bash
		bin: x:1:1:bin:/bin:/sbin/nologin
		daemon: x:2:2:daemon:/sbin:/sbin/nologin
		adm: x:3:4:adm:/var/adm:/sbin/nologin
		lp: x:4:7:lp:/var/spool/lpd:/sbin/nologin
		sync: x:5:0:sync:/sbin:/bin/sync
		shutdown:  x:6:0:shutdown:/sbin:/sbin/shutdown
		halt: x:7:0:halt:/sbin:/sbin/halt
		mail: x:8:12:mail:/var/spool/mail:/sbin/nologin
		operator: x:11:0:operator:/root:/sbin/nologin

head is displayed at the beginning of ten lines. | Pipeline operator, role of the front of the output command to enter subsequent commands.

/ etc / passwd file contents by the seven parts consisting of:
root: the X-: 0: 0: root: / root: / bin / bash
user, password, uid, gid, Information (comment), home directory, script

The first field is the user name (e.g., user name root is in row 1), which is a string representing the user account. User name
characters can be uppercase and lowercase letters, numbers, minus sign (can not appear in the first place), or underscore the point, the other characters are not legitimate.
Although user names can appear in the points, but not recommended, especially in the first place. In addition, the minus sign is not recommended to use, easy to build
into confusion.

The second field is stored in the account's password . Why here it is x? Early Unix system password stored in this really
was, but for security reasons, then it will be stored in / ete / shadow in the here only one x instead.

The third field is a number, this number represents a user identification number, also known as UID . With this digital system is to identify
the user's identity. Here is the root of 0, which means we can modify the test user's uid is 0, then the system will consider
root and test for the same account. uid ranges from 0 to 65,535 (but actually can support 4294967294),
0 is a super user (root) identification number, CentOS common user identification number from 7 1000 begins. If we build a custom
set up a regular user, you will see the ID number of the account is greater than or equal to 1000.

The first four fields are numbers indicating the group identification number, also referred to as GID . This field corresponds to a recording / et / group is,
in fact, / etc / group and / etc / passwd substantially similar.

The first five fields of notes has no real meaning. Usually record some of the properties of the user, such as name, phone number, the
address and so on. We can change this information using the chfn command.

The sixth field for the user's home directory when the user logs in, they are in this directory. root's home directory is / root, the ordinary
user's home directory was / home / username, the user's home directory is customizable. For example, the establishment of a common user
testl, to get test1's home directory in the / data directory, as long as the / etc / passwd file for that user should line of the word
changed to / data to segment.

The final field for the user's shell . After the user logs in, to start a process for the user issued commands to pass within the
nucleus, which is the shell. There are a variety of sh, csh, ksh. Tcsh, bash , etc. Linux's shell, while the Red HatCentOS the shell is
bash. Check / etc / passwd file, the field in addition to / bin / bash, there are a lot of / sbin / nologin, which represents not allow the account
to log on. If you want to set up an account does not allow a logged in, you can put the field into / sbin / nologin, the default is / bin / bash.

/ Etc / shadow file:

/ etc / shadow file and / etc / passwwd Similarly, a total of nine parts consisting of:

[root@mling ~]# cat /etc/shadow | head -n 3
root:$6$/xwi7fpYcJnJtq9G$VKu3p6i4NM7Bcc6MrRZZPWw0gM9DxbSQD7yIreTPMTSvB5U56nQBIwRi0xaf6JCaYJOOIbSIPstuyfOHWKAbq.::0:99999:7:::
bin:*:17834:0:99999:7:::
daemon:*:17834:0:99999:7:::

1 user name, user password 2, 3 the last time to change the password, change the password cooldown 4, 5 how many days a password expiration,
warning password expiration period of 6, 7 account the failure period, the life cycle 8, 9 reserved meaningless

The first field is the user name , the / etc / passwd correspond.

The second field is the user's password , the password for that account is true. The password is encrypted, but some hacker was able to decrypt. Therefore, the file attribute is set to 000, but the root account can access or change. Use the command ls -1 permission to view this file, the following example command:

[root@mling ~]# ls -l /etc/shadow
----------. 1 root root 585 Mar  8 15:51 /etc/shadow

The third field is the last password change date of this number to change the password and the last date of January 1, 1970 as the base to calculate from. For example, the password was last changed date January 1, 2012, the value is a 365 * (2012-1970) + (2012-1970) / 4 + 1 = 15341. If it is a leap year has 366 days.

The fourth field is much too talented to change the password , the default is 0, that is not restricted.

The fifth field is the number of days after the password expires , you must change the password that is the number of days. For example, here is set to 30, you have 30 days to change your password; otherwise, you can not log into the system. The default is 99999 can be understood as never need to be changed.

The sixth field as a warning period before the password expires . If this value is set to 7, then 7 days later when the password expires, the system will issue a warning, reminding the user that his password will expire in 7 days.

The first seven field is invalid account deadline . If this value is set to 3, then the password has expired, but the user does not modify the password before it expires, then another three days, this account will fail, that is locked.

The first eight field is an account of the life cycle . With the first three fields, this one is based on how many days period January 1, 1970 from the count. It represents the meaning, the account can be used before the 8, after the expiration of the account will be forfeited.

The last field is used as a reserved , it does not make sense.

XYong- @
Released three original articles · won praise 1 · views 142
Private letter concerns

Guess you like

Origin blog.csdn.net/weixin_45642360/article/details/104734827
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com