Understanding /etc/shadow file
last updated in Categories BASH Shell, CentOS, Debian / Ubuntu, FreeBSD, HP-UX Unix, Linux, RedHat and Friends, Solaris-Unix, Suse, Ubuntu Linux, UNIX, User Management
The /etc/shadow file stores actual password in encrypted format (more like the hash of the password) for user’s account with additional properties related to user password. Basically, it stores secure user account information. All fields are separated by a colon (:) symbol. It contains one entry per line for each user listed in /etc/passwd file. Generally, shadow file entry looks as follows (click to enlarge image):
/etc/shadow file fields
(Fig.01: /etc/shadow file fields)
- Username : It is your login name.
- Password
: It is your encrypted password. The password should be minimum 8-12
characters long including special characters, digits, lower case
alphabetic and more. Usually password format is set to $id$salt$hashed, The $id is the algorithm used On GNU/Linux as follows:
- $1$ is MD5
- $2a$ is Blowfish
- $2y$ is Blowfish
- $5$ is SHA-256
- $6$ is SHA-512
- Last password change (lastchanged) : Days since Jan 1, 1970 that password was last changed
- Minimum : The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
- Maximum : The maximum number of days the password is valid (after that user is forced to change his/her password)
- Warn : The number of days before password is to expire that user is warned that his/her password must be changed
- Inactive : The number of days after password expires that account is disabled
- Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used.
How do I change the password?
Use the following syntax to change your own password:$ passwdSee passwd command tutorial page for more information.
How do I change the password for other users?
You must be root to change the password for all other users:# passwd userNameHereOR
$ sudo passwd userNameHereHow do I change or set password ageing information?
To change user password expiry information use the chage command on Linux. The syntax is (again you must be root to set the password again) as follows:chage username chage [options] username chage vivek chage -l tom |
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password
change to MAX_DAYS
-R, --root CHROOT_DIR directory to chroot into
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
How do I verify integrity of password files?
Use the pwck command verifies the integrity of the users and authentication information. It checks that all entries in /etc/passwd and /etc/shadow have the proper format and contain valid data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors. The syntax is:pwck -r /etc/passwd pwck -r /etc/shadow pwck [options] /etc/shadow |
-h, --help display this help message and exit
-q, --quiet report errors only
-r, --read-only display errors and warnings
but do not change files
-R, --root CHROOT_DIR directory to chroot into
-s, --sort sort entries by UID
This entry is 2 of 3 in the Linux / UNIX System's Accounts Files Tutorial series. Keep reading the rest of the series:
- Understanding /etc/passwd File Format
- Understanding /etc/shadow file
- Understanding /etc/group file
Tidak ada komentar:
Posting Komentar