Shulou(Shulou.com)06/02 Report--

This paper introduces the formats of / etc/passwd and / etc/shadow files under Linux system. These two files, one is the storage of user account information data, and the other is the storage of user password information and password expiration related information. Both files use colons as delimiters to separate fields. For security reasons, both files can only be read and written by a Super Admin.

1. The format of / etc/passwd file, with 7 pieces of user account information separated by colons

Account:password:UID:GID:GECOS:directory:shell (account: password: user ID: group ID: general information: directory: shell)

Example: root:x:0:0:root:/root:/bin/bash

The account name password placeholder, using x instead of user ID basic group ID GECOS, can be understood as the user's full name, user's home directory, user's shell II, / etc/shadow file format, and 9 passwords separated by colons.

Liuqing:$6 $HE1uq5GI$1BUG8ACoUscfpvuW:18192:0:99999:7:::

1.login name login: must be a valid account name and already exist in the system.

Date of last password change encrypted password: encrypted password, this password is a password with the random number salt. Separated by $. In this way, users with the same password will not get the same encrypted value. When verifying the password, the password entered by the user is combined with salt (which exists in the corresponding user line of the shaodw file) to verify the consistency with the encrypted password. Date when date of last password change last changed the password: the date when the password was last changed, which is calculated from January 1, 1970. 0 indicates that the user should change the password the next time he logs in, and the empty field indicates that the password aging feature is disabled. The minimum age of the date of last password change password: the minimum number of days it takes for a user to change the password again after changing the password once. An empty field or 0 indicates that there is no minimum password expiration date. Maximum age of maximum password age password: after the maximum number of days the user's password has been used, it must be changed. After this point in time, the password is still valid, but you need to change the password the next time you log in. If this field is blank, it means that there is no maximum password expiration date, no password line alarm period, no password disable period. If the maximum password age is less than the minimum password age, the user cannot change the password. Password warning period password warning period: the number of days to warn the user before the password expires. An empty field or 0 indicates that there is no password warning period.

7.password inactivity period password prohibition period: the number of days after the password expires (the maximum password life), the number of days that the password is still accepted (during this period, the user should change the password at the next login). After the password expires and this grace period has passed, you will not be able to log in with the current password. An empty field indicates that no password is forced to expire. Expiration date of the account expiration date account: the date on which the account expires, indicating the number of days beginning on January 1, 1970. Note that account expiration is different from password expiration, when the account expires, the user will not be allowed to log in; when the password expires, the user will not be allowed to log in with their password. An empty field indicates that the account never expires. Reserved field: this field is reserved for future use.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.