Posted: . At: 7:34 AM. This was 10 months ago. Post ID: 18059
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.

Linux stores passwords in a very nice way. This does make sense.

How Linux stores passwords is very interesting, but it does make sense. Below is an example Linux passwd file.

principal:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/principal:/home/hinnovation
admission:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/admission:/home/hinnovation
shikshayatan:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/shikshayatan:/home/hinnovation
accounts:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/accounts:/home/hinnovation
ddo:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/ddo:/home/hinnovation
geography:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/geography:/home/hinnovation
vpanda:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/vpanda:/home/hinnovation
placementcell:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/placementcell:/home/hinnovation
iqac:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/iqac:/home/hinnovation

This stores the username, the password, and an x, in this case, tells us there is an encrypted password in the /etc/shadow file. Then the user ID and the group ID, the comment field, and the home directory. This is very straightforward.

Then we have the /etc/shadow file. This stores the username of each user, the encrypted SHA 512 password, the last modified date of the password, the minimum number of days before the password is required to be changed, the maximum number of days before the password expires, the number of days before the user is warned of impending password expiry, a number of days after password expiry before the user account is disabled and finally the date of expiry of the user account, expressed as the number of days since the UNIX epoch.

principal:$6$mTQAJpbBAYJ33epN$gllkmn33gYPnHjWMFtY/6Pl3ztqDZhIcrDp9SQEnP2hAuhdXOYwvrMyyAxQEp9KmpFtanN16GrGRhdM9EDCpW/:17337::::::
admission:$6$f6/cHX1zb0owvRtA$XCs8G5DQLHBdNL51NTb3jx88RJfS9FzXGjXdmxkHRTKkld6k254Sbo2nDnwBfMx.3wFVe7io4IeNgjyoDmRU4.:17337::::::
shikshayatan:$6$y1iqjN3X5jilCOmG$jVl8p/G/rGw3Ph247csyBkUHoyy86hEY7UKfN8r.QrQGZAqFSjATYzzoDaI1ay9Zi5OcdsnAqXdBQMhADKyKX/:17337::::::
accounts:$6$qEWyBkNXU4ZzrT1n$WXlvOnbJJAYuTYSEYF.S.nugY8MJPg6u3VCTASevzoSI6jpCVMSBnxLLlloS4wE1CXzn3xVKVfg/qBPw/kNcj/:17344::::::
ddo:$6$DaDuX5SebygbIDH6$7ElIum0QQhCA/HCoMR0sYeNiQlsXuKScGKwRwLPcfBdeK.BlUjlJBCleaVpHjifJNDfDMPvOWeeOjsQwuIOUS/:17344::::::
geography:$6$.SjC.k0jmvPWgbv5$g5Mq1F758nU4bTlwyOXuaUBX6YrBONelvlWnrHvGGqnITDnqmoNSTwKKkccbu.MqsCYmdSIHWwsZ42AizanIq0:17344::::::
vpanda:$6$.DiD6y2/XifufXRa$Asg/sLSwhohEX6AWXstqGqd7tNQSD9iADngRuw7oYgrwzsLJBm.a57LPlyQfyJVPxQ4NLnSYzVDCf3/zlv7So0:17344::::::
placementcell:$6$wBGrU2OYUa45HT8B$OM1RAw2enERktzcQUY3lnQQO0i03TI6jtQFhc3khY0lm6HqixnpqzsM1jZtw/4ZdOtfOTqZh4yQG9UXJTKyay1:17372::::::
iqac:$1$wM1dYUfy$tcVgRgPe9OfC53g.f.dqG0:17584::::::

The /etc/group file contains a list of all groups on a Linux system. Adding a user to a certain group can allow access to a CDROM for example.

root:x:0:root
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
mail:x:12:
news:x:13:
uucp:x:14:
man:x:15:
floppy:x:19:
games:x:20:
slocate:x:21:
utmp:x:22:
gopher:x:30:
console:x:31:
dip:x:40:
gdm:x:42:
xfs:x:43:
pppusers:x:44:
popusers:x:45:
slipusers:x:46:
ftp:x:50:
nobody:x:99:
users:x:100:
nobody1:x:60001:
vuser:x:101:

Here is another example from FreeBSD.

# $FreeBSD: src/etc/group,v 1.19 1999/08/27 23:23:41 peter Exp $
#
wheel:*:0:root
daemon:*:1:daemon
kmem:*:2:root
sys:*:3:root
tty:*:4:root
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
staff:*:20:root
guest:*:31:root
bind:*:53:
uucp:*:66:
xten:*:67:xten
dialer:*:68:
network:*:69:

There is a user named xten that has been added to the xten group. Plus the root user has been added to the group wheel.

This is a very easy way to manage access to certain services or hardware on a Linux system. Early in the days of UNIX, it was necessary to have the root user in the wheel group, this would allow a user to use the su command to switch to the root account, but this is no longer the case. Modern Linux systems use PAM. The file below controls the use of su on a Fedora Linux system.

┗━━━━━━━━━━┓ john@localhost ~
           ┗━━━━━━━━━━━━━╾ ╍▷ cat /etc/pam.d/su
#%PAM-1.0
auth		required	pam_env.so
auth		sufficient	pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth		sufficient	pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth		required	pam_wheel.so use_uid
auth		substack	system-auth
auth		include		postlogin
account		sufficient	pam_succeed_if.so uid = 0 use_uid quiet
account		include		system-auth
password	include		system-auth
session		include		system-auth
session		include		postlogin
session		optional	pam_xauth.so

So, using the wheel group is still optional though.

To list all user accounts on the command line that has a user ID # over 1000, use this one-liner.

┗━━━━━━━━━━┓ john@localhost ~
           ┗━━━━━━━━━━━━━╾ ╍▷ awk -F: '$3 >= 1000 && $7 !~ /nologin|false/ {print $1}' /etc/passwd
john
joan
jim

This would be a very useful command.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.