2013-09-08

/etc/shadow file structure


Pranaam to all Bhai ji _/\_
Today we will discuss about /etc/shadow file in Linux OS . Its an important file , which contain linux user password hash as well as some other info related to user account of a user

here is screenshot of shadow file



shadow file has total 9 fields for every user on machine

1. username
2. Password hash
3. Last password changed date
4. Minimum Days
5. Maximum Days
6. Warn Days
7. Inactive Days
8. Expire date
9. Reserved



username :-
this is the field field of a line in shadow file and represent user on system and it is same as username stored in /etc/passwd file. in actual meaning , /etc/passwd file tells username,user id , group id , user shell access and home directory but for authentication , PAM module check shadow file for password and other info regarding account whether it has expired/locked account , user is allowed to access account using password or not.

Password hash :-
This is password of user in hashed form .
if we want to lock down account of user, then just put ! before password hash in second field and user wont be able to login
like this one


generating hash password of a string aka your password
use command   openssl passwd -1 and press enter , system will ask for string for which has to be generated



Last Password changed:-
This field represent the day when last time password were changed for the user  i.e the day that the password was last set (in days since January 1, 1970)
for user indishell , last password change value is 15939 means January 1,1970 + 15939 and it will be the date of last password change
we have another way to calculate last password change date for user in human readable for
command is   chage -l username 
here username is the username for which you want to check last password change
like this


Minimum Days:-
This is the minimum number of days that a password must be active before a password can be changed again. A user’s password cannot be changed by them until this number of days has elapsed.
if its value is 0 , it means number of minimum days are not set .


Maximum Days:-
This is the maximum number of days for a password to be valid. Once the maximum number of days has elapsed, the user is forced to change their password.
for example, if value is set 40 in the field of maximum days, user need to change account password before every 40 days.
if value in this field is 99999, value of password expire is not set and user wont be prompt for password change .

Warn Days :-
This field indicates the number of days of generating warning to user before password need to change(maximum days number) . If its value is 3 , and maximum number of days value is 40 , then user will be prompted at day 37 of password changed i.e 3 day before password change .
if maximum days is set 99999 , means password change warning wont be prompt to  user . because warning days depends on maximum days and if maximum day value is infinite , it means warning day wont come .

 Inactive Days:-
This field shows the number of days after which account will get disable i.e number of days after password expiration. user account will be disabled after passing inactive days once user account password has been expired .
if value of maximum days is infinite(99999) , inactive days value wont make any sens .

Expire date:-
This field indicate the days Number of days since January 1, 1970 that an account has been disabled.

Thank you
Greetz to :- Zero Cool , Team IndiShell Leads and Hardeep bhai <3
Share this post

0 comments

© 2009 Start With Linux | Mannu Linux
Designed by cyb3r.gladiat0r
Posts RSSComments RSS
Back to top