Understanding file /etc/passwd
User management in Linux OS is obviusly simple, all of user in Linux system saved in a file named “/etc/passwd”. This file format is like this
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin
Each field is separated by “:” (colon), where:
- field 1: login name
- field 2: password value (encrypted) or shadowed
- field 3: user id
- field 4: group id
- field 5: real name
- field 6: home directory
- field 7: shell command for this user
Please note that:
1. To convert from shadowed mode to unshadowed password you can use “pwunconv”
so on /etc/passwd you can see something like this:
root:$1$WZL4Ar01$eqxo7DFNztslTojbhABlV1:0:0:root:/root:/bin/bash
bin:*:1:1:bin:/bin:/sbin/nologin
To rollback again to shadowed mode you can use “pwconv”. This mode off course is more
secure, because user system will not able read the encrypted password. The encrypted password will be put in /etc/shadow which only readable by root
# ls -l /etc/shadow -r-------- 1 root root 2202 Nov 7 03:24 /etc/shadow
And the content of shadow password file is like this
root:$1$WZL4Ar01$eqxo7DFNztslToaKMOlV1:13823:0:99999:7::: bin:*:13823:0:99999:7:::
Format of /etc/shadow is define like this
struct spwd {
char *sp_namp; /* user login name */
char *sp_pwdp; /* encrypted password */
long int sp_lstchg; /* last password change */
long int sp_min; /* days until change allowed. */
long int sp_max; /* days before change required */
long int sp_warn; /* days warning for expiration */
long int sp_inact; /* days before account inactive */
long int sp_expire; /* date when account expires */
unsigned long int sp_flag; /* reserved for future use */
}
