Can you explain the / etc / shadow file format used on Linux or UNIX-like systems?
The / etc / shadow file stores the actual password in an encrypted format (more like a password hash) for the user account with additional properties associated with the user’s password.
Basically, it stores secure user account information.
All fields are separated by colons (:).
It contains one entry per line for each user specified in the / etc / passwd file.
Typically, the entry for this file looks like this:
1.Username: This is your login name.
2. Password: This is your encrypted password. The password must be at least 8-12 characters long, including special characters, numbers, lowercase letters, etc.
Usually the password format is $ id $ salt $ hashed. $ Id is the algorithm used in GNU / Linux as follows:
- $ 1 $ this is MD5
- $ 2a $ this is Blowfish
- $ 2y $ this is Blowfish
- $ 5 $ it’s SHA-256
- $ 6 $ this is SHA-512
3. Last change of password (last change): days since January 1, 1970, when the password was last changed.
4. Minimum: The minimum number of days required to change the password, that is, the number of days remaining before the user is allowed to change their password. 5. Maximum: The maximum number of days the password is valid (after this user is forced to change their password) 6. Warning: The number of days before the password expires that the user is warned to change the password. 7. Inactivity: the number of days after the password expires during which the account has been disabled. 8. Expiration Date: Days from January 1, 1970, when this account is disabled, that is, an absolute date indicating when the login can no longer be used.
How do I change my password?
Use the following syntax to change your own password:
See the passwd command man page for more information.
How can I change the password for another user?
You must be root to change the password for other users:
# passwd userNameHere
$ sudo passwd userNameHere
How do I change or set password expiration information?
To change the password expiration information for a user, use the chage command on Linux. The syntax is as follows (again, you must be root to set the password again):
chage username chage [options] username chage itsecforu chage -l tom
The following options are possible:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY -E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -h, --help display this help message and exit -I, --inactive INACTIVE set password inactive after expiration to INACTIVE -l, --list show account aging information -m, --mindays MIN_DAYS set minimum number of days before password change to MIN_DAYS -M, --maxdays MAX_DAYS set maximim number of days before password change to MAX_DAYS -R, --root CHROOT_DIR directory to chroot into -W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
How do I check the integrity of my password files?
Use the pwck command to check the integrity of users and authentication information.
It verifies that all entries in / etc / passwd and / etc / shadow are in the correct format and contain valid data.
The user is prompted to delete entries that are in the wrong format or other fatal errors. Syntax:
pwck -r /etc/passwd pwck -r /etc/shadow pwck [options] /etc/shadow
The following options are possible:
-h, --help display this help message and exit -q, --quiet report errors only -r, --read-only display errors and warnings but do not change files -R, --root CHROOT_DIR directory to chroot into -s, --sort sort entries by UID
🔑 Configuring user password expiration policy in Linux
🏳️🌈 Three Ways to Lock and Unlock User Account in Linux