Shulou(Shulou.com)06/01 Report--

In this issue, the editor will bring you about how to understand the Linux / etc/passwd file. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

Guide each user has a corresponding record line in the Linux / etc/passwd file, which records some basic attributes of that user. System administrators often come into contact with changes to this file to complete the management of users.

Its content is similar to the following example:

From the above example, we can see that a row of records in / etc/passwd corresponds to a user, and each row of records is divided into seven fields by a colon (:). The format and specific meaning are as follows:

User name: password: user identification number: group identification number: annotative description: home directory: login Shell

"user name"

A string that represents the user's account. It is usually no more than 8 characters long and consists of uppercase and lowercase letters and / or numbers. There cannot be a colon (:) in the login, because the colon is the delimiter here. For compatibility, it is best not to include a dot character (.) in the login name and not to start with a hyphen (-) and a plus sign (+).

"password"

In some systems, encrypted user passwords are stored. Although this field holds only an encrypted string of user passwords, not clear text, this is still a security concern because the / etc/passwd file is readable to all users. Therefore, many Linux systems (such as SVR4) now use shadow technology to store the real encrypted user password in the / etc/shadow file, while only one special character, such as "x" or "*", is stored in the password field of the / etc/passwd file.

"user identification number"

Is an integer that is used within the system to identify the user. In general, it corresponds to the user name one by one. If several user names have the same user identification number, they will be treated as the same user internally, but they can have different passwords, different home directories, different login Shell, and so on. Usually, the value range of the user identification number is 0room65535. 0 is the identification number of the super user root, and 1x 99 is reserved by the system. As an administrative account, the identification number of the ordinary user starts from 100. In Linux systems, the limit is 500.

Group identification number

The field records the user group to which the user belongs. It corresponds to a record in the / etc/group file.

"annotative description"

The field records some personal information of the user, such as the user's real name, phone number, address, etc., and this field has no practical use. The format of this field is not uniform in different Linux systems. In many Linux systems, this field holds an arbitrary annotative description text that is used as the output of the finger command.

Home directory

This is the user's starting working directory, which is the directory where the user is located after logging in to the system. In most systems, each user's home directory is organized under the same specific directory, and the name of the user's home directory is the user's login name.

Each user has read, write, and execute (search) rights to his home directory, and other users' access to this directory is set on a case-by-case basis. After the user logs in, it starts a process, which is responsible for passing the user's operation to the kernel. This process is the command interpreter or a specific program, namely Shell, that the user runs after logging in to the system. Shell is the interface between the user and the Linux system. There are many kinds of Shell for Linux, each of which has its own characteristics.

The commonly used ones are sh (BourneShell), csh (CShell), ksh (KornShell), tcsh (TENEX/TOPS-20typeCShell), bash (BourneAgainShell) and so on.

The system administrator can specify a Shell for the user according to the system condition and the user's habit. If Shell is not specified, the system uses sh as the default login Shell, that is, the value of this field is / bin/sh. The user's login Shell can also be specified as a specific program (this program is not a command interpreter).

Taking advantage of this feature, we can restrict the user to run only the specified application, and when the application is finished, the user automatically exits the system. Some Linux systems require that only those programs that are registered in the system appear in this field. There is a class of users in the system called pseudo users (psuedousers) who also have a record in the Linux / etc/passwd file but cannot log in because their login Shell is empty. Their existence is mainly to facilitate system management and meet the requirements of the corresponding system processes for file owners. Common pseudo-users are shown below.

Pseudo-user meaning

These include:

Bin has executable user command files

Sys owns system files

Adm owns the account file

Uucp UUCP usage

The lplp or lpd subsystem uses

Nobody NFS usage

Have account files

In addition to the pseudo-users listed above, there are many standard pseudo-users, such as audit,cron,mail,usenet, etc., which are also required by related processes and files.

Because the Linux / etc/passwd file is readable to all users, if the user's password is too simple or the rules are obvious, an ordinary computer can easily crack it, so it requires high security.

All Linux systems separate the encrypted passwords and store them in a separate file, which is the / etc/shadow file. Only the superuser has read access to the file, which ensures the security of the user's password.

The above is the editor for you to share how to understand the Linux / etc/passwd file, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.