The file /etc/passwd
The file /etc/passwd contains all information regarding the user (login, passwords, etc.). Only the superuser (root) must be able to change it. It is therefore necessary to change the rights of this file so that it can only be ready by the other users.
This file has a special format which makes it possible to mark each user, and each of its lines has the following format:
account_name : password : user_number : group_number : comment : directory : start_program
Seven fields are specified separated by the character ":":
the account name of the user
the password of the user (encoded, of course)
the integer identifying the user for the operating system (UID=User ID, user identification)
the integer identifying the group of the user (GID=Group ID, group identification)
the comment in which the information on the user or simply its real name can be found
the connection directory, which is directory which opens upon connection to the system
the command is the one that is executed after connection to the system (often, this is the command interpreter)
Here is an example of a passwd file:
It is important to know that the passwords located in this file are encrypted. It is therefore useless to edit and replace the field password by directly typing the password, which would only cause the account to be blocked.
Once a user connects, the login program compares the password typed in by the user (after encrypting it) with the password stored in the passwd file. If they do not match, the connection can not be established.
Once a user connects, the login program compares the password typed in by the user (after encrypting it) with the password stored in the passwd file. If they do not match, the connection can not be established.
UID: (unique) identifier of each user account. Numbers beween 0 and 99 are frequently reserved for the machine's own accounts. Numbers higher than 100 are reserved for user accounts.
GID: group identifier. The default group (called group) has the number 50. This identifier is used in connection with access rights to the files. This question will not concern you if your system has more than one user group. (In that case, you must pay attention to the file /etc/group.
GID: group identifier. The default group (called group) has the number 50. This identifier is used in connection with access rights to the files. This question will not concern you if your system has more than one user group. (In that case, you must pay attention to the file /etc/group.
The superuser may not necessarily be called root. To change this, just replace the root account name by the desired name.
A privileged account is an account whose identifier (UID, User ID) is zero.
Your password is stored in /etc/shadow file
Your encrpted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission.
Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.
No comments:
Post a Comment