The Linux /etc/shadow file
What's in the box?
Under LinuxThere are several different authentication schemes that can be used, and the most frequently used is to perform authentication based on /etc/passwd and /etc/shadow files. This is the standard default configuration for Linux distributions.
The " /etc/shadow "is a text file containing information on system user passwords. The root superuser is the file owner, and the shadow group is associated with it. The following permissions are applied to this file: 640.
1. The format of the /etc/shadow file
The /etc/shadow file contains one entry per line, and each line represents a user account. You can view the contents of the file using a text editor (nano, vi, etc.) or the cat command:
sudo cat /etc/shadowIn general, the first line describes the "root" user of your machine, followed by a few system accounts and then lambda user accounts. New entries are added at the end of the file. This is what happens when a new user is created on the machine.
When it comes to the format of this file, you need to know that each line of the /etc/shadow file contains nine fields separated by the symbol ":".. The result is :
::::::::These fields correspond to :
– User name User ID: the user ID specified during creation and when logging on to the system. This indicates that the account exists on the system.
– Encrypted password Password: the password obtained using the cryptographic hash algorithm (several possibilities). Please note that if the password field contains an asterisk ("*") or an exclamation mark ("!"), the user will not be able to log on to the system using password authentication. In this case, they must use key authentication, etc.
– Last password change This is the date on which the password was last modified, which is particularly interesting. However, there's a calculation to be made, since it's the number of days since January 1, 1970.
– Minimum password age The number of days that must elapse before the user is allowed to change his/her password. When "0" is indicated, this means that there is no minimum age for the password: the user can change it whenever he or she wishes.
– Maximum password age The number of days that must elapse before the user's password is changed. By default, this number is set to 99999.
- Warning period The number of days before the password expires during which the user is warned that the password must be changed (to start a new cycle).
- Period of inactivity The number of days after the user's password expires before the user's account is deactivated. This is often empty.
– Expiry date the date on which the account was deactivated.
- Unused This ninth and last field is not currently used.
Unless you know what you're doing, it is best to avoid modifying the /etc/shadow file by hand. To change a user's password, we won't directly modify the password in this file, we'll use the "passwd" commandand this command will update the file.
The list above shows the fields, in order.
2. Example of an /etc/shadow entry
To finish this article, here is an example of an entry in /etc/shadow corresponding to the "tutobox" user. When there is no value between two ":", this means that the field is empty.
tutobox:$y$j9T$MxhuLR9v1rXyStI8ch......:19000:0:365:7:::For example, this line can be interpreted to mean that the password must be changed every 365 days.
Now it's up to you to take a trip to the /etc/shadow file on your Linux machine and to analyze it!
Resources
