Thursday, October 28, 2010

/etc/passwd and /etc/shadow

/etc/passwd file maintains the user account in a unix machine. It has 7 fields.
1:2:3:4:5:6:7
  1. Username: The user login name. Length is between 1 and 32 characters.
  2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
  3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
  4. Group ID (GID): The primary group ID (stored in /etc/group file). Group ID must exists before you can use them.
  5. User ID Info: The comment field to specify more information. 
  6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
  7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell.
/etc/shadow file maintains the user password information. The encrypted passwd is stored in this file and is accessible only for the root account. It has 8 fields.
1:2:3:4:5:6:7:8
  1. User name : The user login name.
  2. Password: The encrypted password. The password should be minimum 6-8 characters long including special characters/digits. The length can be altered by changing configuration files.
  3. Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed
  4. Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
  5. Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password)
  6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
  7. Inactive : The number of days after password expires that account is disabled
  8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used 
Editing these files manually is not advised. Adding user should be done by useradd/usermod commands.
pwconv is used to synchronize /etc/passwd and /etc/shadow file.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)