🐧 Parsing the / etc / shadow file

Can you explain the / etc / shadow file format used on Linux or UNIX-like systems?

The / etc / shadow file stores the actual password in an encrypted format (more like a password hash) for the user account with additional properties associated with the user’s password.

Basically, it stores secure user account information.

All fields are separated by colons (:).

It contains one entry per line for each user specified in the / etc / passwd file.

🐧 Parsing the / etc / shadow file

Typically, the entry for this file looks like this:

🐧 Parsing the / etc / shadow file

1.Username: This is your login name.

2. Password: This is your encrypted password. The password must be at least 8-12 characters long, including special characters, numbers, lowercase letters, etc.

Usually the password format is $ id $ salt $ hashed. $ Id is the algorithm used in GNU / Linux as follows:

  1. $ 1 $ this is MD5
  2. $ 2a $ this is Blowfish
  3. $ 2y $ this is Blowfish
  4. $ 5 $ it’s SHA-256
  5. $ 6 $ this is SHA-512

3. Last change of password (last change): days since January 1, 1970, when the password was last changed.

4. Minimum: The minimum number of days required to change the password, that is, the number of days remaining before the user is allowed to change their password. 5. Maximum: The maximum number of days the password is valid (after this user is forced to change their password) 6. Warning: The number of days before the password expires that the user is warned to change the password. 7. Inactivity: the number of days after the password expires during which the account has been disabled. 8. Expiration Date: Days from January 1, 1970, when this account is disabled, that is, an absolute date indicating when the login can no longer be used.

How do I change my password?

Use the following syntax to change your own password:

$ passwd

See the passwd command man page for more information.

How can I change the password for another user?

You must be root to change the password for other users:

# passwd userNameHere


$ sudo passwd userNameHere

How do I change or set password expiration information?

To change the password expiration information for a user, use the chage command on Linux. The syntax is as follows (again, you must be root to set the password again):

chage username
chage [options] username 
chage itsecforu
chage -l tom

The following options are possible:

 -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -h, --help                    display this help message and exit
  -I, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --list                    show account aging information
  -m, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -M, --maxdays MAX_DAYS        set maximim number of days before password
                                change to MAX_DAYS
  -R, --root CHROOT_DIR         directory to chroot into
  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS

How do I check the integrity of my password files?

Use the pwck command to check the integrity of users and authentication information.

It verifies that all entries in / etc / passwd and / etc / shadow are in the correct format and contain valid data.

The user is prompted to delete entries that are in the wrong format or other fatal errors. Syntax:

pwck -r /etc/passwd
pwck -r /etc/shadow
pwck [options] /etc/shadow

The following options are possible:

 -h, --help                    display this help message and exit
  -q, --quiet                   report errors only
  -r, --read-only               display errors and warnings
                                but do not change files
  -R, --root CHROOT_DIR         directory to chroot into
  -s, --sort                    sort entries by UID

See also:

How to Apply Strong User Password Policy in Ubuntu / Debian

🔑 Configuring user password expiration policy in Linux

🏳️🌈 Three Ways to Lock and Unlock User Account in Linux