Shulou(Shulou.com)06/02 Report--

Pwck

Check the integrity of the user password files "/ etc/passwd" and "/ etc/shadow" and send the verification results to the tile output. Prompt the user to delete entries that are incorrectly formatted or have other uncorrectable errors. Check to verify that each entry has the correct number of fields, a unique valid user name, a valid user and group identifier, a valid primary group, a valid home directory, and a valid login shell.

Shadow checking is enabled when a second file parameter is specified or "/ etc/shadow" exists on the system. It checks the information: each passwd entry has a matching shadow entry, each shadow entry has a matching passwd entry, the password is specified in the shadow file, the shadow entry has the correct number of fields, the shadow entry is unique in the shadow, and the most recent password change will not occur in the future.

It is fatal to check the correct number of fields and unique user names. If the entry has the wrong number of fields, the user is prompted to delete the entire row. If the user does not answer affirmatively, all further checks will be bypassed. Prompts you to delete an entry with a duplicate user name, but the rest of the check will be done. All other errors are warnings and users are encouraged to run the usermod command to correct them.

The scope of this command: RedHat, RHEL, Ubuntu, CentOS, SUSE, openSUSE, Fedora.

1. Grammar

Pwck [options]

2. List of options

Option

Description

-- help

Show help documentation

-- version

Show command version

-Q

Only error messages are displayed

-r

Execute in read-only mode

S

Use UID as the sorting basis for files

3. Configuration

The following configuration variables in "/ etc/login.defs" change the behavior of the tool:

PASS_MAX_DAYS, the maximum number of days that a password can be used. If the password is earlier than this, the password change is forced. If not specified,-1 is assumed (which disables the limit).

PASS_MIN_DAYS, the minimum number of days allowed between password changes. Any attempt to change the password will be rejected earlier than this. If not specified, it is assumed to be-1 (this disables the limit)

PASS_WARN_AGE, the number of days before the password expires. Zero indicates that the warning is issued only on the expiration date, and a negative value indicates that no warning is issued. If not specified, no warning is provided.

4. Files

/ etc/group, group account information.

/ etc/passwd, user account information.

/ etc/shadow, security user account information.

5. Return value

The pwck command returns the following results

Return value

Description

Success

one

Invalid command

two

One or more password errors

three

Unable to open password file

four

Cannot lock password file

five

Cannot update password file

six

Unable to sort password file

6. Examples

1) ordinary users call pwck

[david@localhost ~] $pwck / / View password file

Pwck: cannot lock / etc/passwd; try again later.

[david@localhost ~] $echo $? / / print the return value in the shell variable "#?" Medium

four

2) root calls pwck

[root@localhost david] # pwck

User 'adm': directory' / var/adm' does not exist

User 'uucp': directory' / var/spool/uucp' does not exist

User 'gopher': directory' / var/gopher' does not exist

User 'avahi-autoipd': directory' / var/lib/avahi-autoipd' does not exist

User 'pulse': directory' / var/run/pulse' does not exist

User 'saslauth': directory' / var/empty/saslauth' does not exist

User 'vboxadd': directory' / var/run/vboxadd' does not exist

User 'mailnull': directory' / var/spool/mqueue' does not exist

User 'smmsp': directory' / var/spool/mqueue' does not exist

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.