UNIX password file
The / etc / passwd file is one of UNIX security critical files. This file is used to check the user's password when the user logs in. Of course, it should only be written to the root. The general format of each row in the file is: logname: Password: Uid: GID: UserInfo: Home: The first two of the shell is the login name and encrypted password. The two numbers behind are UID and GID, then one of the following is any information about the user who wants to write, The last two are two pathnames: one is assigned to the user directory, the second is the shell who will execute after the user is logged in (default is / bin / sh). (1) Password time / ETC The format of the / passwd file allows the system administrator to require users to regularly change their password. You can see in the password file, some encrypted passwords have commas, there are several characters and a colon after comma. Such as: Steve: XYDFCCCTRT180X , M.Y8: 0: 0: admin: /: / bin / sh rest: pomjk109jky41, .1: 0: 0: admin: /: 0: 0: admin: /: / bin / sh pattern: xmottvoyumjls: 0: 0: admin: /: / bin / SH can be seen, there are 4 characters after the password comma, and there is 2 characters, and the PAT has no comma. The first character is the maximum number of words valid for the password. The second character determines the user before modifying the hand. The minimum number of weeks should be used (this prevents the user from changing the new password again). The rest of the character indicates the latest modification time of the password. To read the information after the comma, you must first Know how to use the passwd_esc count, the number of counts is:. = 0 / = 1 0-9 = 2-11 AZ = 12-37 az = 38-63 System administrator must put the first two characters in / etc / passwd File to require user regular modification password, and two characters When the user modifies the password, fill in the passwd command. Note: If you want the user to modify the password, you can modify the last password, put two "." If the next user logs in, it will be required to modify his password. There are two special circumstances: The maximum number of weeks (first character) is less than the minimum number of weeks (second characters), the user is not allowed to modify the password, only Super users can modify the user's password. The first character and the second character are ".", When the user is required to modify the password, modify the password, and the passwd command will "." The user will not be required to modify the password. (2) UID information in UID and GID / ETC / PassWD is very important, the system uses the UID instead of the login name Household. In general, the user's UID should be unique, other users should not have the same UID value. According to the consequences, the UID from 0 to 99 reserves the UID (root, bin, uucp, etc.) used as the system user. If there are two different entry items in the / etc / passwd file have the same UID, the two user has the same access rights to each other. / Etc / group file contains information about the group, / ETC Each GID in PassWD should have a corresponding entry item in this document. In the entrance item, the group name and the group in the group are listed. This makes it easy to solve the user of each group, otherwise you must be based on GID / ETC The / passwd file is looking for the same group user from the end to the end. / etc / group file control is not necessary to control the license permission of the group, because the system uses UID, GID (taken from / etc / passwd) to determine file access rights, Even if the / etc / group file does not exist in the system, there is the same GID user can also share files in groups. The team can have a password like logging in to the user. If the / etc / group file entry item The domain is non-empty, and it will be considered to be an encryption password, and the newgrp command will require the user to give the password, then add the password, and then compare the encryption password of the domain. Together to establish a password is generally not a good practice. First If you share a file in the group, if someone guess the group password, the file of all users of the group may leak;