Skip to main content

Understanding the /etc/shadow File : information about the system’s users’ passwords : [Beginners Guide]




There are several different authentication schemes that can be used on Linux systems. The most commonly used and standard scheme is to perform authentication against the /etc/passwd and /etc/shadow files.

/etc/shadow is a text file that contains information about the system’s users’ passwords. It is owned by user root and group shadow, and has 640 permissions.

/etc/shadow Format
 
The /etc/shadow file contains one entry per line, each representing a user account. You can view the contents of the file, with a text editor or a command such as cat:
sudo cat /etc/shadow
Typically, the first line describes the root user, followed by the system and normal user accounts. New entries are appended at the end of the file.

Each line of the /etc/shadow file contains nine comma-separated fields:







01. Username. The string you type when you log into the system. The user account that exist on the system.

02. Encrypted Password. The password is using the $type$salt$hashed format. $type is the method cryptographic hash algorithm and can have the following values:

$1$ – MD5
$2a$ – Blowfish
$2y$ – Eksblowfish
$5$ – SHA-256
$6$ – SHA-512

If the password field contains an asterisk (*) or exclamation point (!), the user will not be able to login to the system using password authentication. Other login methods like key-based authentication or switching to the user are still allowed.

In older Linux systems, the user’s encrypted password was stored in the /etc/passwd file.

03. Last password change. This is the date when the password was last changed. The umber of days is counted since January 1, 1970 (epoch date).

04. Minimum password age. The number of days that must pass before the user password can be changed. Typically it is set to zero, which means that there is no minimum password age.

05. Maximum password age. The number of days after the user password must be changed. By default, this number is set to 99999.

06. Warning period. The number of days before the password expires during which the user is warned that the password must be changed.

07. Inactivity period. The number of days after the user password expires before the user account is disabled. Typically this field is empty.

08. Expiration date. The date when the account was disabled. It is represented as an epoch date.

09. Unused. This field is ignored. It is reserved for future use.

The /etc/shadow file should not be edited by hand unless you know what you are doing. Always use a command that is designed for the purpose. For example, to change a user password, use the passwd command, and to change the password aging information, use the chage command.

Example Entry
 
Let’s take a look at the following example:
linuxize:$6$zHvrJMa5Y690smbQ$z5zdL...:18009:0:120:7:14::

  • The entry above contains information about the user “linuxize” password:
  • The password is encrypted with SHA-512 (the password is truncated for better readability).
  • The password was last changed on April 23, 2019 - 18009.
  • There is no minimum password age.
  • The password must be changed at least every 120 days.
  • The user will receive a warning message seven days before the password expiration date.

  • If the user doesn’t attempt to login to the system 14 days after the password is expired, the account will be disabled.
  • There is no account expiration date.
  • Conclusion
  • The /etc/shadow file keeps records about encrypted users’ passwords, as well as other passwords related information.

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Speedup your WordPress site with Amazon CloudFront.

Introduction A WordPress performance is quite excellent . The number of WordPress plugins to handle performance is such evidence. But the easiest way to improve your user experience is to accelerate the entire WordPress website using CloudFront. This will help you not only improve site response time reduces the necessary infrastructure, reducing the load on the Web server, so you can reduce the total cost of the infrastructure works WordPress. CloudFront is actually a site can greatly help your site to respond to unexpected load when gained popularity. Today this post is to clarify the method of providing a reasonable standard configuration on the WordPress website or blog. How does CloudFront help? Amazon CloudFront is to improve the user's experience accessing the Web site in several ways: 1.  Anycast DNS is to ensure that customers are routed to the nearest edge location. 2.  The cached content is available to users at the edge position (i
100 comments
Read more

Linux System : Free Employee Monitoring with Automatic Screenshots

Introduction :   A utomatic screen-shots  of Linux system directly import  on your web server with Linux samba server service and scrot command. 1)  Setup web panel UI on your web server :   Get web panel PHP/HTML code from Github URL: https://github.com/raj412/Employee-Monitoring-for-Linux-System It’s work in Linux server LAMP environment(no need database for this configuration ) Defult login username password is admin/1234. You can change username/passwrod from login.php file in line number #6 Login Page : Dashboard : Screenshot Page : 2)  Samba server configuration on web server : I.  Install Samba on your server where you setup Linux screenshot log system web panel. sudo apt-get update sudo apt-get install samba II.  Set a password for your user in Samba sudo smbpasswd -a <user_name> III.  Share gallery-images folder from you web panel. This is my web panel gallery-images p
Post a Comment
Read more

How to control high traffic load on Apache servers : optimization performance of APACHE2 & PHP-FPM

Everyone handle high traffic loads  on Apache server. During down-time they forget to check server memory . Apache not used lot of memory  still server not responding. All time we restart Apache service and all things will start working good. I also faced same issue numerous time and all-time  used same solution : Restart Apache. After lots of research and reading found one solution. In this blog you see step-by-step guide to apache2 performance settings. System environment: Intel(R) Xeon(R) CPU 3.10GHz, 4 cores | 8GB RAM Ubuntu 16.04 Apache2 version using mpm_event PHP FPM (5.6,7.1) First,  Calculate process size : Download : python script file “ps_mem.py” from Github Open this and ps_mem.py file upload on you server :  https://github.com/raj412/ps_mem chmod a+x ps_mem.py sudo python ps_mem.py Output like this:  See here : 12 Apache processes, consuming a total of  35.7MiB, so each Apache process is using roughly 3MiB of RAM. The 42 php-fpm process u
8 comments
Read more