Know about Linux system security
One of the most important Linux system security feature are passwords today. Most of server administrator and users use password to secure their system to get access by others. In Linux (RHEL/DEBIAN) these passwords are saved in passwd and shadow files in /etc directory. In deep description about passwd and shadow both file’s data encrypted.
Most distro uses one way encryption called DES (Data Encryption Standard) to encrypt passwords saved into /etc/passwd and /etc/shadow files. When you attempt the login the username and password, the password encrypted again and compare with saved password, if match found then you are allowed to access otherwise decline by the system.
Understanding /etc/passwd File:
This file contain the required information which used at time of user login. This is text file contains a list of user accounts for System. This contain the following entry in each line each field is separated by : so you can understand easily.
- Username : it is used when user logs in.
- Password: An x character indicates that password is encrypted and stored in /etc/shadow file.
- User ID (UID): Each user must be assigned a unique user ID (UID). UID 0 (zero) is reserved for root.
- Group ID (GID): The primary group ID (stored in /etc/group file)
- User ID Info: This field allow you to add extra information about the users such as user’s full name, phone number etc.
- Home directory: This is path of user’s home directory
- Command/shell: this is path of a command or shell (/bin/bash)
Understanding etc/shadow File:
This file stores passwords in encrypted format for user’s account. And also contain additional properties related passwords. It contains the following field and every field is sperated with a colon (:) character.
- User name : It is users login name
- Password: It is users encrypted password.
- Last password change: This contained the information when last password changed.
- Minimum: The minimum number of days required between password changes.
- Maximum: The password validity for maximum numbers of Days.
- Warn : The number of days before password is to expire that user is warned that his/her password must be changed
- Inactive : The number of days after password expires that account is disabled
- Expire : days since, that account is disabled