Linux & Unix Password File Structure

Hello Today I will teach you about Linux & Unix Password file structure. In that file user login id and password will be stored and about that structure.

Traditional Unix systems keep user account information, including one-way encrypted passwords, in a text file called ``/etc/passwd''. As this file is used by many tools (such as ``ls'') to display file ownerships, etc. by matching user id #'s with the user's names, the file needs to be world-readable. Consequentally, this can be somewhat of a security risk.

Another method of storing account information, one that I always use, is with the shadow password format. As with the traditional method, this method stores account information in the /etc/passwd file in a compatible format. However, the password is stored as a single "x" character (ie. not actually stored in this file). A second file, called ``/etc/shadow'', contains encrypted password as well as other information such as account or password expiration values, etc. The /etc/shadow file is readable only by the root account and is therefore less of a security risk.

While some other Linux distributions forces you to install the Shadow Password Suite in order to use the shadow format, Red Hat makes it simple. To switch between the two formats, type (as root):

/usr/sbin/pwconv    To convert to the shadow format
/usr/sbin/pwunconv    To convert back to the traditional format

With shadow passwords, the ``/etc/passwd'' file contains account information, and looks like this:

Each field in a passwd entry is separated with ":" colon characters, and are as follows:


Username, up to 8 characters. Case-sensitive, usually all lowercase

2. The encrypted password:

An "x" in the password field. Passwords are stored in the ``/etc/shadow'' file. (Else, a user’s password is encoded using a modified version of DES and a two-character Salt value, ranging values from 0-4096. The modified version of DES (used in the crypt function), was a one-way hashing algorithm.)

3. User ID:

Numeric user id. This is assigned by the ``adduser'' script. Unix uses this field, plus the following group field, to identify which files belong to the user. ( Value 0 is reserved for root, values 1-99 are for predefined accounts. 100-999 are also reserved for system administrator and system users/groups.)

4. Group ID:

Numeric group id. Red Hat uses group id's in a fairly unique manner for enhanced file security. Usually the group id will match the user id.

 5. GECOS/User Info:

Full name of user. I'm not sure what the maximum length for this field is, but try to keep it reasonable (under 30 characters).

  • User’s full name
  • Building and room number or contact person
  • Office telephone number
  • Any other information (page number, fax, etc.)

6. Home Directory:

User's home directory. Usually /home/username (eg. /home/zer0w0rm). All user's personal files, web pages, mail forwarding, etc. will be stored here.

7. Command/shell:

User's "shell account". Often set to ``/bin/bash'' to provide access to the bash shell (my personal favourite shell).

The ``/etc/shadow'' file contains password and account expiration information for users, and looks like this:

As with the passwd file, each field in the shadow file is also separated with ":" colon characters, and are as follows:

1. Username, up to 8 characters. Case-sensitive, usually all lowercase. A direct match to the username in the /etc/passwd file.

2. Password, 13 character encrypted. A blank entry (eg. ::) indicates a password is not required to log in (usually a bad idea), and a ``*'' entry (eg. :*:) indicates the account has been disabled.

  • The $1$ denotes that the MD5 algorithm was used. $2a$ for blowfish, $5$ for SHA-256 and $6$ for SHA-512. NB: rounds can be varied for Blowfish and SHA-256/512 by using $6$rounds=n%.

  • The first string between the subsequent $’s represents the salt

  • The subsequent string (without a trailing $, instead with a tailing :) is the encrypted password

3. The number of days (since January 1, 1970) since the password was last changed.

4. The number of days before password may be changed (0 indicates it may be changed at any time)

5. The number of days after which password must be changed (99999 indicates user can keep his or her password unchanged for many, many years)

6. The number of days to warn user of an expiring password (7 for a full week)

7. The number of days after password expires that account is disabled

8. The number of days since January 1, 1970 that an account has been disabled

9. A reserved field for possible future use

Thank you (zer0w0rm)

Published By : Zer0w0rm ~ Zer0w0rm



Post a Comment