Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "what is the directory where linux stores passwords". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Linux's "/ etc" directory stores passwords. "/ etc" directory is used to store the main configuration files of the system, such as the user's account password and other files, there are two files that store passwords: 1, shadow file, used to store the password information of users in the system; 2, gshadow file, used to store the password information of group users in the system.

The operating environment of this tutorial: linux5.9.8 system, Dell G3 computer.

The "/ etc" directory of linux stores passwords.

Linux etc is used to store the main configuration files of the system, such as the user's account password files, the start files of various services, etc. Generally speaking, the attributes of the files in this directory can be checked by ordinary users, but only root has the right to modify them.

There are two files that store passwords in the "/ etc" directory

1. Shadow file

/ etc/shadow file, which is used to store the password information of users in Linux system, also known as "shadow file".

There is a passwd file in etc, which stores the basic information of all users in the system, but because the file allows all users to read, it is easy to lead to the disclosure of the user's password, so the Linux system separates the user's password information from the / etc/passwd file and puts it into this file separately.

Only root users have read rights to the / etc/shadow file, and other users do not have any permissions, which ensures the security of the user's password.

Note that if the permissions of this file are changed, you need to pay attention to whether it is a malicious attack.

Each line in the / etc/shadow file represents a user, also using ":" as the delimiter, except that each line of user information is divided into nine fields. Each field has the following meaning:

User name: encrypted password: last modification time: minimum modification time interval: password validity period: warning days before password needs to be changed: grace time after password expiration: account expiration time: reserved field

Next, I will introduce these nine fields to you.

1) user name

The user name in the / etc/passwd file has the same meaning.

2) encrypted password

What is stored here is the truly encrypted password. At present, the password of Linux uses the SHA512 hash encryption algorithm, and the original encryption algorithm is MD5 or DES. The SHA512 hash encryption algorithm has a higher encryption level and is more secure.

Note that the garbled code generated by this string of passwords cannot be modified manually. If manually modified, the system will not be able to recognize the password, resulting in the password invalidation. Through this function, many software add "!", "*" or "x" to the password string to temporarily invalidate the password.

The passwords of all pseudo users are "!!" Or "*", which means you can't log in without a password. Of course, if the newly created user does not set a password, then its password entry is also "!", which means that the user does not have a password and cannot log in.

3) Last modification time

This field indicates when the password was last changed, but why does the root user display 15775?

This is because the time Linux calculates the date is based on January 1, 1970 as the cumulative time, and up to January 1, 1971, it is 366 days. The 15775 days, that is, the root password changed by this root account on the 15775 day after January 1, 1970, is shown here.

So, which day does 15775 represent? You can use the following command for conversion:

[root@localhost] # date-d "1970-01-01 15775 days" Monday 11 March 2013 00:00:00 CST

As you can see, through the above command, it can be converted to the system date we are used to.

4) minimum modification interval

Minimum modification interval, that is, this field specifies how long the password cannot be changed from field 3 (the date when the password was last changed). If it is 0, the password can be changed at any time; if it is 10, it means that the password cannot be changed again within 10 days after the password change.

This field is designed for some people to change account passwords frequently.

5) password validity period

It is a good habit to change the password frequently. In order to force the user to change the password, this field can specify how long it takes to change the password again from Field 3 (the last time to change the password), otherwise the account password will expire.

The default value for this field is 99999, that is, 273 years, which can be considered permanent. If it is changed to 90, it means that the password must be changed again 90 days after it is modified, otherwise the user is about to expire. When managing the server, use this field to force the user to change the password periodically.

6) the number of warning days before the password needs to be changed

Compared with field 5, when the account password is about to expire, the system will send a warning message to the account to remind the user that "your password will expire in n days. Please reset your password as soon as possible!" .

The default value for this field is 7, that is, each login system issues a "change password" warning to the account starting from the seventh day of the password validity.

7) the number of days after the password expires

Also known as "password expiration date", the simple understanding is that after the password expires, if the user still does not change the password, the user can still log in to the system within the grace number of days specified in this field; if the grace period has passed, the system will no longer allow this account to log in, nor will it prompt the account to expire, which is completely disabled.

For example, a grace period of 10 days specified in this field means that the password expires 10 days after it expires. If 0, the password expires immediately after it expires. If it is-1, the password will never expire.

8) account expiration time

As with the third field, the total number of days since January 1, 1970 is used as the expiration time of the account. This field indicates that your account cannot be used outside the time specified in this field, regardless of whether your password expires or not.

This field is typically used in systems with paid services.

9) retention

This field is not currently in use, waiting for new features to be added.

What if I forget my password?

Readers often forget their account passwords. What should I do?

The loss of the password for an ordinary account can be solved through the root account, which will reconfigure the password for the specified account without knowing your original password (use the passwd command using root's identity).

If the password of the root account is lost, you need to restart to enter the single-user mode. The system will provide the bash interface with root permission, and you can use the passwd command to modify the account password. You can also mount the root directory, modify / etc/shadow, and clear the root password of the account. In this way, you can log in without using the root password. It is recommended to use the passwd command to configure the root password after login.

2. Gshadow file

The group user information is stored in the / etc/group file, while the password information for the group user is stored in the / etc/gshadow file.

In the gshadow file, each line represents the password information of a group of users, and each line of information is divided into four fields with ":" as a separator. The meaning of each field is as follows:

Group name: encrypted password: group administrator: group additional user list

1) Group name

Corresponds to the group name in the / etc/group file.

2) Group password

For most users, the group password is usually not set, so this field is often empty, but sometimes "!", which means that the group does not have a group password and does not have a group administrator.

3) Group administrator

From the system administrator's point of view, the greatest function of this file is to create a group administrator. So, what is a group administrator?

Considering that there are too many accounts in the Linux system, and the Super Admin root may be busy, when a user wants to join a group, root may not be able to respond in time. In this case, if there is a group administrator, he can add users to the group he manages, eliminating the trouble of root.

However, due to the availability of tools such as sudo, this feature of group administrators is rarely used.

4) additional users in the group

This field shows which additional users are in this user group, the same as the additional group display in the / etc/group file.

This is the end of the content of "what is the directory where the password is stored in linux". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.