What are passwd group and shadow

What are /etc/passwd /etc/shadow /etc/group

/etc/passwd:
When we login to a Linux system, we need a passowrd and then we get into our home directory. These informations regarding the username, password, home directory and much more are stored in /etc/passwd.

Sample content of the file is given below.

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

The above 7 fields are:
·   login name                   Name with which you enter the system

·   optional encrypted password  This is usually “x”, since the encrypted password is in /etc/shadow

·   numerical user ID            This is the user ID of your name

·   numerical group ID           This is the ID of the group to which you belong

·   user name or comment field   This can be edited to provide information about the user

·   user home directory          This is the directory in which you get into after login

·   optional user command interpreter This is the shell provided to you for running commands.

/sbin/nologin means that those users cannot login to the system but are needed for other purpose.

The permission of the file is as follows.

-rw-r--r--    1 root     root         3456 Oct 25 01:05 /etc/passwd

So anyone can read the file but only root can change it.

/etc/shadow:
This file contains the encrypted password for all users and password aging information.

Sample content of the file is given below.

newuser:$1$0niur88t5ut5ut74rju489dhh784hr57h45r:14165:0:99999:7:::

It contains the following information.

·   login name

·   encrypted password

·   days since Jan 1, 1970 that password was last changed

·   days before password may be changed

·   days after which password must be changed

·   days before password is to expire that user is warned

·   days after password expires that account is disabled

·   days since Jan 1, 1970 that account is disabled

·   a reserved field

This file can be used to disable a user, just comment out the user in this file.

The permission of the file is as follows.

-rw-------    1 root     root         1111 Apr  9 03:07 /etc/shadow

So only root can read this file and write in it.

/etc/group:

This file defines to which group a user belongs.

Sample content of the file is given below.

nagios:x:222:apache

It contains the following information.
group_name
the name of the group.

password
the (encrypted) group password.  If this field is empty, no password is needed.

GID    the numerical group ID.

user_list
all the group member’s usernames, separated by commas.

So in the above content, nagios user has an encrypted password “x, his Group ID is 222 and he belongs to the group apache.

The permission of the file is as follows.

-rw-r--r--    1 root     root          998 Oct 25 05:05 /etc/group

Thus everybody can read this file but only root can modify it.

Please be careful, when you try to change the permission of these files since these are the files the hackers target first.

No related posts.

Tags: Linux tools, Most common Linux commands

Category: Linux, Software, Technology