Shulou(Shulou.com)06/01 Report--

This article introduces you how to analyze Linux / etc/shadow, the content is very detailed, interested friends can refer to, hope to be helpful to you.

/ etc/shadow file, which is used to store the password information of users in Linux system, also known as "shadow file".

The / etc/passwd file was introduced earlier, and because it allows all users to read, it can easily lead to the disclosure of the user's password, so the Linux system separates the user's password information from the / etc/passwd file and puts it in this file separately.

Only root users have read rights to the / etc/shadow file, and other users do not have any permissions, which ensures the security of the user's password.

Note that if the permissions of this file are changed, you need to pay attention to whether it is a malicious attack.

Before introducing this file, let's open it and execute the following command:

[root@localhost ~] # vim / etc/shadowroot: $6 $9w5Td6lg$bgpsy3olsq9WwWvS5Sst2W3ZiJpuCGDY.4w4MRk3ob/i85fl38RH15wzVoom ff9isV1 PzdcXmixzhnMVhMxbvO:15775:0:99999:7:::bin:*:15513:0:99999:7:::daemon:*:15513:0:99999:7:::... Omit part of the output.

Like the / etc/passwd file, each line in the file represents a user, using ":" as the delimiter, except that each line of user information is divided into nine fields. Each field has the following meaning:

User name: encrypted password: last modification time: minimum modification time interval: password validity period: warning days before password needs to be changed: grace time after password expiration: account expiration time: reserved field

Next, I will introduce these nine fields to you.

User name

The user name in the / etc/passwd file has the same meaning.

Encrypted password

What is stored here is the truly encrypted password. At present, the password of Linux uses the SHA512 hash encryption algorithm, and the original encryption algorithm is MD5 or DES. The SHA512 hash encryption algorithm has a higher encryption level and is more secure.

Note that the garbled code generated by this string of passwords cannot be modified manually. If manually modified, the system will not be able to recognize the password, resulting in the password invalidation. Through this function, many software add "!", "*" or "x" to the password string to temporarily invalidate the password.

The passwords of all pseudo users are "!!" Or "*", which means you can't log in without a password. Of course, if the newly created user does not set a password, then its password entry is also "!", which means that the user does not have a password and cannot log in.

Last modified time

This field indicates when the password was last changed, but why does the root user display 15775?

This is because the time Linux calculates the date is based on January 1, 1970 as the cumulative time, and up to January 1, 1971, it is 366 days. The 15775 days, that is, the root password changed by this root account on the 15775 day after January 1, 1970, is shown here.

So, which day does 15775 represent? You can use the following command for conversion:

[root@localhost] # date-d "1970-01-01 15775 days"

Monday, March 11, 2013, 00:00:00 CST

As you can see, through the above command, it can be converted to the system date we are used to.

Minimum modification interval

Minimum modification interval, that is, this field specifies how long the password cannot be changed from field 3 (the date when the password was last changed). If it is 0, the password can be changed at any time; if it is 10, it means that the password cannot be changed again within 10 days after the password change.

This field is designed for some people to change account passwords frequently.

Password validity period

It is a good habit to change the password frequently. In order to force the user to change the password, this field can specify how long it takes to change the password again from Field 3 (the last time to change the password), otherwise the account password will expire.

The default value for this field is 99999, that is, 273 years, which can be considered permanent. If it is changed to 90, it means that the password must be changed again 90 days after it is modified, otherwise the user is about to expire. When managing the server, use this field to force the user to change the password periodically.

The number of warning days before the password needs to be changed

Compared with field 5, when the account password is about to expire, the system will send a warning message to the account to remind the user that "your password will expire in n days. Please reset your password as soon as possible!" .

The default value for this field is 7, that is, each login system issues a "change password" warning to the account starting from the seventh day of the password validity.

Number of days of grace after password expiration

Also known as "password expiration date", the simple understanding is that after the password expires, if the user still does not change the password, the user can still log in to the system within the grace number of days specified in this field; if the grace period has passed, the system will no longer allow this account to log in, nor will it prompt the account to expire, which is completely disabled.

For example, a grace period of 10 days specified in this field means that the password expires 10 days after it expires. If 0, the password expires immediately after it expires. If it is-1, the password will never expire.

Account expiration time

As with the third field, the total number of days since January 1, 1970 is used as the expiration time of the account. This field indicates that your account cannot be used outside the time specified in this field, regardless of whether your password expires or not.

This field is typically used in systems with paid services.

Keep

This field is not currently in use, waiting for new features to be added.

Forget the password.

Readers often forget their account passwords. What should I do?

The loss of the password for an ordinary account can be solved through the root account, which will reconfigure the password for the specified account without knowing your original password (use the passwd command using root's identity).

If the password of the root account is lost, you need to restart to enter the single-user mode. The system will provide the bash interface with root permission, and you can use the passwd command to modify the account password. You can also mount the root directory, modify / etc/shadow, and clear the root password of the account. In this way, you can log in without using the root password. It is recommended to use the passwd command to configure the root password after login.

On how to parse Linux / etc/shadow to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.