How Linux stores passwords is very interesting, but it does make sense. Below is an example Linux passwd file.
principal:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/principal:/home/hinnovation admission:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/admission:/home/hinnovation shikshayatan:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/shikshayatan:/home/hinnovation accounts:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/accounts:/home/hinnovation ddo:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/ddo:/home/hinnovation geography:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/geography:/home/hinnovation vpanda:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/vpanda:/home/hinnovation placementcell:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/placementcell:/home/hinnovation iqac:x:2510284:2510284::/home/hinnovation/mail/shrishikshayatancollege.org/iqac:/home/hinnovation |
This stores the username, the password, and an x, in this case, tells us there is an encrypted password in the /etc/shadow file. Then the user ID and the group ID, the comment field, and the home directory. This is very straightforward.
Then we have the /etc/shadow file. This stores the username of each user, the encrypted SHA 512 password, the last modified date of the password, the minimum number of days before the password is required to be changed, the maximum number of days before the password expires, the number of days before the user is warned of impending password expiry, a number of days after password expiry before the user account is disabled and finally the date of expiry of the user account, expressed as the number of days since the UNIX epoch.
principal:$6$mTQAJpbBAYJ33epN$gllkmn33gYPnHjWMFtY/6Pl3ztqDZhIcrDp9SQEnP2hAuhdXOYwvrMyyAxQEp9KmpFtanN16GrGRhdM9EDCpW/:17337:::::: admission:$6$f6/cHX1zb0owvRtA$XCs8G5DQLHBdNL51NTb3jx88RJfS9FzXGjXdmxkHRTKkld6k254Sbo2nDnwBfMx.3wFVe7io4IeNgjyoDmRU4.:17337:::::: shikshayatan:$6$y1iqjN3X5jilCOmG$jVl8p/G/rGw3Ph247csyBkUHoyy86hEY7UKfN8r.QrQGZAqFSjATYzzoDaI1ay9Zi5OcdsnAqXdBQMhADKyKX/:17337:::::: accounts:$6$qEWyBkNXU4ZzrT1n$WXlvOnbJJAYuTYSEYF.S.nugY8MJPg6u3VCTASevzoSI6jpCVMSBnxLLlloS4wE1CXzn3xVKVfg/qBPw/kNcj/:17344:::::: ddo:$6$DaDuX5SebygbIDH6$7ElIum0QQhCA/HCoMR0sYeNiQlsXuKScGKwRwLPcfBdeK.BlUjlJBCleaVpHjifJNDfDMPvOWeeOjsQwuIOUS/:17344:::::: geography:$6$.SjC.k0jmvPWgbv5$g5Mq1F758nU4bTlwyOXuaUBX6YrBONelvlWnrHvGGqnITDnqmoNSTwKKkccbu.MqsCYmdSIHWwsZ42AizanIq0:17344:::::: vpanda:$6$.DiD6y2/XifufXRa$Asg/sLSwhohEX6AWXstqGqd7tNQSD9iADngRuw7oYgrwzsLJBm.a57LPlyQfyJVPxQ4NLnSYzVDCf3/zlv7So0:17344:::::: placementcell:$6$wBGrU2OYUa45HT8B$OM1RAw2enERktzcQUY3lnQQO0i03TI6jtQFhc3khY0lm6HqixnpqzsM1jZtw/4ZdOtfOTqZh4yQG9UXJTKyay1:17372:::::: iqac:$1$wM1dYUfy$tcVgRgPe9OfC53g.f.dqG0:17584:::::: |
The /etc/group file contains a list of all groups on a Linux system. Adding a user to a certain group can allow access to a CDROM for example.
root:x:0:root bin:x:1: daemon:x:2: sys:x:3: adm:x:4: tty:x:5: disk:x:6: lp:x:7: mem:x:8: kmem:x:9: wheel:x:10: mail:x:12: news:x:13: uucp:x:14: man:x:15: floppy:x:19: games:x:20: slocate:x:21: utmp:x:22: gopher:x:30: console:x:31: dip:x:40: gdm:x:42: xfs:x:43: pppusers:x:44: popusers:x:45: slipusers:x:46: ftp:x:50: nobody:x:99: users:x:100: nobody1:x:60001: vuser:x:101: |
Here is another example from FreeBSD.
# $FreeBSD: src/etc/group,v 1.19 1999/08/27 23:23:41 peter Exp $ # wheel:*:0:root daemon:*:1:daemon kmem:*:2:root sys:*:3:root tty:*:4:root operator:*:5:root mail:*:6: bin:*:7: news:*:8: man:*:9: games:*:13: staff:*:20:root guest:*:31:root bind:*:53: uucp:*:66: xten:*:67:xten dialer:*:68: network:*:69: |
There is a user named xten that has been added to the xten group. Plus the root user has been added to the group wheel.
This is a very easy way to manage access to certain services or hardware on a Linux system. Early in the days of UNIX, it was necessary to have the root user in the wheel group, this would allow a user to use the su command to switch to the root account, but this is no longer the case. Modern Linux systems use PAM. The file below controls the use of su on a Fedora Linux system.
┗━━━━━━━━━━┓ john@localhost ~ ┗━━━━━━━━━━━━━╾ ╍▷ cat /etc/pam.d/su #%PAM-1.0 auth required pam_env.so auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required pam_wheel.so use_uid auth substack system-auth auth include postlogin account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session include postlogin session optional pam_xauth.so |
So, using the wheel group is still optional though.
To list all user accounts on the command line that has a user ID # over 1000, use this one-liner.
┗━━━━━━━━━━┓ john@localhost ~ ┗━━━━━━━━━━━━━╾ ╍▷ awk -F: '$3 >= 1000 && $7 !~ /nologin|false/ {print $1}' /etc/passwd john joan jim |
This would be a very useful command.