Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: shadow file
Top Forums UNIX for Dummies Questions & Answers shadow file Post 59686 by S.Vishwanath on Wednesday 29th of December 2004 05:12:42 AM
Old 12-29-2004
HI,

Unix Stores passwords in a text file. Usually passwords were
stored in /etc/passwd file. So any body can see the contents of
the passwd file. Also can look into the password string (ofcourse
they are encrypted (cypher text). Which could only be
understood by the passed program.

This gave some space for the world community to start guessing
and re-coining the passwords for some definite kind of password
text.

Hence in order to avoid / give no chance to the password visibility,
a file called /etc/shadow was being provided which has one and only one permission, and passwords are now being stored in this file instead.
i.e. Read permission on the file only for
root/superuser. Hence no body will be able to see the contents
of this /etc/shadow file other than the root user.

Well, now you may feel that, why shouldn't we apply the only root user
read permission for the /etc/passwd file?

Actually the /etc/passwd file will have -r--r--r type of permission (i.e., read only for all).
This read only for all is required because,
when a valid user loggs on successfully to the unix box, he will be
put into some specific directory (home directory), and his required
shell is loaded for him to interect with the Unix World.
So, all the infromation regarding the users Home Dirctory, his/her preferrd shell etc.,
are stored in this file. So, when the user logs
in, login program should be able to read and load all this information from this file,
before user is allowed to work in his way.

For more details type man passwd and go through it.
 

10 More Discussions You Might Find Interesting

1. Programming

Doubt on shadow file

Hi guys, I have a doubt on shadow file ... In the Unix servers in which I am working, I cud see that the shadow file has only one permission set .. tht is read permission for only root user ... (-r--------) .... So my basic doubt here is that how this file is being written then ... only... (4 Replies)
Discussion started by: Sabari Nath S
4 Replies

2. UNIX for Advanced & Expert Users

shadow file

what does 'x' in the encrypted password field in /etc/shaodw file represent? (3 Replies)
Discussion started by: jbashir
3 Replies

3. Solaris

*LK* in /etc/shadow file

my etc/shadow file showing *LK* for a particular user.. can u tell me under which circumstances a user is locked (5 Replies)
Discussion started by: vikashtulsiyan
5 Replies

4. UNIX for Advanced & Expert Users

/etc/shadow file....

Does anyone know what "!!" represents in the password field of the /etc/shadow file? :confused: (6 Replies)
Discussion started by: avcert1998
6 Replies

5. UNIX for Dummies Questions & Answers

Shadow File

I see conflicting definitions for the shadow file. For Solaris, what are the fields please? Thanks. (3 Replies)
Discussion started by: DavidS
3 Replies

6. Shell Programming and Scripting

appending LK to the shadow file

Hey guys.. i need to be able to append 'LK' to a password field in the shadow file I cannot use commands such as usermod chsh i need to directly be able to manupilate the files through a menu driven interface. So in other words write to the shadow file How could i do this? so far... (1 Reply)
Discussion started by: musicmancanora
1 Replies

7. UNIX for Dummies Questions & Answers

How Do I Regenerate the Shadow file

I guess the earlier problem I had with changing user passwords and creating new users is related to the shadow file. Anytime I change something to /etc/passwd or shadow I get locked out. HOW DO I REGENERATE THIS FILE. (1 Reply)
Discussion started by: Waitstejo
1 Replies

8. Shell Programming and Scripting

Shadow file

Hi, In shadow file smithj:Ep6mckrOLChF.:10063:0:99999:7::: 3rd Field 10063 indicates the number of days (since January 1, 1970) since the password was last changed. I want to get the result with script the date on which the password was last changed in YYYY-MM-DD format. can... (8 Replies)
Discussion started by: pinnacle
8 Replies

9. Solaris

Solaris :regarding /etc/shadow file

what does the last column in /etc/shadow file indicate?? i read man page,it tells its FLAG..but i am not able to understand exactly why its there :confused: thanks in advance, shekhar (4 Replies)
Discussion started by: shekhar_4_u
4 Replies

10. UNIX for Dummies Questions & Answers

Shadow file help

As a part of linux hardening In shadow file all Application accounts which are not locked must contain only an asterisk “*” in the Passwd field. But how would i do it by using command? Is there any way other than modifying shadow file to accomplish this task? (3 Replies)
Discussion started by: pinga123
3 Replies

LEARN ABOUT SUSE

passwd

PASSWD(5)						     Linux Programmer's Manual							 PASSWD(5)

NAME

       passwd - password file

DESCRIPTION

       Passwd  is  a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group
       ID, home directory, shell, etc.	Often, it also contains the encrypted passwords for each account.  It should have general read	permission
       (many utilities, like ls(1) use it to map user IDs to usernames), but write access only for the superuser.

       In  the	good old days there was no great problem with this general read permission.  Everybody could read the encrypted passwords, but the
       hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that  of  a  friendly  user-community.
       These  days  many people run some version of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords,
       and the encrypted passwords are in /etc/shadow which is readable by the superuser only.

       Regardless of whether shadow passwords are used, many sysadmins use an asterisk in the encrypted password field to make sure that this user
       can not authenticate him- or herself using a password.  (But see the Notes below.)

       If you create a new login, first put an asterisk in the password field, then use passwd(1) to set it.

       There is one entry per line, and each line has the format:

	      account:password:UID:GID:GECOS:directory:shell

       The field descriptions are:

	      account	the name of the user on the system.  It should not contain capital letters.

	      password	the encrypted user password, an asterisk (*), or the letter 'x'.  (See pwconv(8) for an explanation of 'x'.)

	      UID	the numerical user ID.

	      GID	the numerical primary group ID for this user.

	      GECOS	This  field  is  optional  and only used for informational purposes.  Usually, it contains the full username.  GECOS means
			General Electric Comprehensive Operating System, which has been renamed to GCOS when GE's large systems division was  sold
			to Honeywell.  Dennis Ritchie has reported: "Sometimes we sent printer output or batch jobs to the GCOS machine.  The gcos
			field in the password file was a place to stash the information for the $IDENTcard.  Not elegant."

	      directory the user's $HOME directory.

	      shell	the program to run at login (if empty, use /bin/sh).  If set to a nonexistent executable, the user will be unable to login
			through login(1).

FILES

       /etc/passwd

NOTES

       If you want to create user groups, their GIDs must be equal and there must be an entry in /etc/group, or no group will exist.

       If  the encrypted password is set to an asterisk, the user will be unable to login using login(1), but may still login using rlogin(1), run
       existing processes and initiate new ones through rsh(1), cron(8), at(1), or mail filters, etc.  Trying to lock an account by simply  chang-
       ing the shell field yields the same result and additionally allows the use of su(1).

SEE ALSO

       login(1), passwd(1), su(1), getpwent(3), getpwnam(3), group(5), shadow(5)

COLOPHON

       This  page is part of release 3.25 of the Linux man-pages project.  A description of the project, and information about reporting bugs, can
       be found at http://www.kernel.org/doc/man-pages/.

Linux								    1998-01-05								 PASSWD(5)
All times are GMT -4. The time now is 03:25 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy