Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: shadow file
Top Forums UNIX for Dummies Questions & Answers shadow file Post 59686 by S.Vishwanath on Wednesday 29th of December 2004 05:12:42 AM
Old 12-29-2004
HI,

Unix Stores passwords in a text file. Usually passwords were
stored in /etc/passwd file. So any body can see the contents of
the passwd file. Also can look into the password string (ofcourse
they are encrypted (cypher text). Which could only be
understood by the passed program.

This gave some space for the world community to start guessing
and re-coining the passwords for some definite kind of password
text.

Hence in order to avoid / give no chance to the password visibility,
a file called /etc/shadow was being provided which has one and only one permission, and passwords are now being stored in this file instead.
i.e. Read permission on the file only for
root/superuser. Hence no body will be able to see the contents
of this /etc/shadow file other than the root user.

Well, now you may feel that, why shouldn't we apply the only root user
read permission for the /etc/passwd file?

Actually the /etc/passwd file will have -r--r--r type of permission (i.e., read only for all).
This read only for all is required because,
when a valid user loggs on successfully to the unix box, he will be
put into some specific directory (home directory), and his required
shell is loaded for him to interect with the Unix World.
So, all the infromation regarding the users Home Dirctory, his/her preferrd shell etc.,
are stored in this file. So, when the user logs
in, login program should be able to read and load all this information from this file,
before user is allowed to work in his way.

For more details type man passwd and go through it.
 

10 More Discussions You Might Find Interesting

1. Programming

Doubt on shadow file

Hi guys, I have a doubt on shadow file ... In the Unix servers in which I am working, I cud see that the shadow file has only one permission set .. tht is read permission for only root user ... (-r--------) .... So my basic doubt here is that how this file is being written then ... only... (4 Replies)
Discussion started by: Sabari Nath S
4 Replies

2. UNIX for Advanced & Expert Users

shadow file

what does 'x' in the encrypted password field in /etc/shaodw file represent? (3 Replies)
Discussion started by: jbashir
3 Replies

3. Solaris

*LK* in /etc/shadow file

my etc/shadow file showing *LK* for a particular user.. can u tell me under which circumstances a user is locked (5 Replies)
Discussion started by: vikashtulsiyan
5 Replies

4. UNIX for Advanced & Expert Users

/etc/shadow file....

Does anyone know what "!!" represents in the password field of the /etc/shadow file? :confused: (6 Replies)
Discussion started by: avcert1998
6 Replies

5. UNIX for Dummies Questions & Answers

Shadow File

I see conflicting definitions for the shadow file. For Solaris, what are the fields please? Thanks. (3 Replies)
Discussion started by: DavidS
3 Replies

6. Shell Programming and Scripting

appending LK to the shadow file

Hey guys.. i need to be able to append 'LK' to a password field in the shadow file I cannot use commands such as usermod chsh i need to directly be able to manupilate the files through a menu driven interface. So in other words write to the shadow file How could i do this? so far... (1 Reply)
Discussion started by: musicmancanora
1 Replies

7. UNIX for Dummies Questions & Answers

How Do I Regenerate the Shadow file

I guess the earlier problem I had with changing user passwords and creating new users is related to the shadow file. Anytime I change something to /etc/passwd or shadow I get locked out. HOW DO I REGENERATE THIS FILE. (1 Reply)
Discussion started by: Waitstejo
1 Replies

8. Shell Programming and Scripting

Shadow file

Hi, In shadow file smithj:Ep6mckrOLChF.:10063:0:99999:7::: 3rd Field 10063 indicates the number of days (since January 1, 1970) since the password was last changed. I want to get the result with script the date on which the password was last changed in YYYY-MM-DD format. can... (8 Replies)
Discussion started by: pinnacle
8 Replies

9. Solaris

Solaris :regarding /etc/shadow file

what does the last column in /etc/shadow file indicate?? i read man page,it tells its FLAG..but i am not able to understand exactly why its there :confused: thanks in advance, shekhar (4 Replies)
Discussion started by: shekhar_4_u
4 Replies

10. UNIX for Dummies Questions & Answers

Shadow file help

As a part of linux hardening In shadow file all Application accounts which are not locked must contain only an asterisk “*” in the Passwd field. But how would i do it by using command? Is there any way other than modifying shadow file to accomplish this task? (3 Replies)
Discussion started by: pinga123
3 Replies

LEARN ABOUT PHP

d_passwd

d_passwd(4)							   File Formats 						       d_passwd(4)

NAME

       d_passwd - dial-up password file

SYNOPSIS

       /etc/d_passwd

DESCRIPTION

       A  dial-up  password is an additional password required of users who access the computer through a modem or dial-up port. The correct pass-
       word must be entered before the user is granted access to the computer.

       d_passwd is an ASCII file which contains a list of executable programs (typically shells) that require a dial-up password and  the  associ-
       ated encrypted passwords. When a user attempts to log in on any of the ports listed in the dialups file (see dialups(4)), the login program
       looks at the user's login entry stored in the passwd file (see passwd(4)), and compares the login shell field to the entries  in  d_passwd.
       These entries determine whether the user will be required to supply a dial-up password.

       Each entry in d_passwd is a single line of the form:

       login-shell:password:

       where

       login-shell     The name of the login program that will require an additional dial-up password.

       password        An  encrypted  password. Users accessing the computer through a dial-up port or modem using login-shell will be required to
		       enter this password before gaining access to the computer.

       d_passwd should be owned by the root user and the root group. The file should have read and write permissions for the owner (root) only.

       If the user's login program in the passwd file is not found in d_passwd or if the login shell field in passwd is empty, the user must  sup-
       ply  the  default  password.  The default password is the entry for /usr/bin/sh. If d_passwd has no entry for /usr/bin/sh, then those users
       whose login shell field in passwd is empty or does not match any entry in d_passwd will not be prompted for a dial-up password.

       Dial-up logins are disabled if d_passwd has only the following entry:

       /usr/bin/sh:*:

EXAMPLES

       Example 1: Sample d_passwd file.

       Here is a sample d_passwd file:

       /usr/lib/uucp/uucico:q.mJzTnu8icF0:
       /usr/bin/csh:6k/7KCFRPNVXg:
       /usr/bin/ksh:9df/FDf.4jkRt:
       /usr/bin/sh:41FuGVzGcDJlw:

   Generating An Encrypted Password
       The passwd (see passwd(1)) utility can be used to generate the encrypted password for each login program. passwd generates encrypted  pass-
       words  for  users  and places the password in the shadow (see shadow(4)) file. Passwords for the d_passwd file will need to be generated by
       first adding a temporary user id using useradd (see useradd(1M)), and then using passwd(1) to generate the desired password in  the  shadow
       file. Once the encrypted version of the password has been created, it can be copied to the d_passwd file.

       For example:

       1.
	   Type useradd tempuser and press Return. This creates a user named tempuser.

       2.  Type passwd tempuser and press Return. This creates an encrypted password for tempuser and places it in the shadow file.

       3.  Find the entry for tempuser in the shadow file and copy the encrypted password to the desired entry in the d_passwd file.

       4.  Type userdel tempuser and press Return to delete tempuser.

       These steps must be executed as the root user.

FILES

       /etc/d_passwd	       dial-up password file

       /etc/dialups	       list of dial-up ports requiring dial-up passwords

       /etc/passwd	       password file

       /etc/shadow	       shadow password file

SEE ALSO

       passwd(1), useradd(1M), dialups(4), passwd(4), shadow(4)

WARNINGS

       When  creating  a  new  dial-up password, be sure to remain logged in on at least one terminal while testing the new password. This ensures
       that there is an available terminal from which you can correct any mistakes that were made when the new password was added.

SunOS 5.10							    2 Sep 2004							       d_passwd(4)
All times are GMT -4. The time now is 06:45 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy