Pawan Sharma | May 22, 2012 | | Be the first to comment!

Understanding: /etc/shadow (User Account Management)

RHCSA exam focus on basic system administration, and questions asked in RHCSA are similar situations which you will face in real environment.
 /etc/shadow is not commonly used file, but is very important as far as User Administration and RHCSA is concern.
 /etc/shadow contains password related information for user and groups on the system. This file stores actual password in encrypted format for user's account with additional properties related to user password. Only root user can read shadow file, other users can not read this file.

There are 9 fields in /etc/shadow file seperated by ':' i.e. IFS (Internal Field Seperator) ,and they are explaeind as below -:An example entry of /etc/shadow is given below:

Each entry in /etc/shadow contains 9 fields which are separated by ":".
1. Username: It is used when user log-in. It should be between 1 to 32 character.

2. Password: It is a user's encrypted password. The password should be minimum of 6 to 8 characters long including special characters/digits.
3. Days since Unix epoch password was changed (Jan 1 1970). This can also be interpreted as the field , if chaged to 0 , the user password is immdeatly expired . When the user logs in the next time , he is forced to change his pasword ( root enforced ).

4. Minimum: Days left before password may be changed. This can also be interpreted as number of days after which the password is allowed to be changed.This is to stop user from changing his password very frequently . Normally is given 0 , so that user can change his password the number of times he desires.

5. Maximum: days after which password must be changed. This field is used to put the restriction on the maximum no. of days that a password can be used by the user.After the no. specified in the file against this file expires , he/she is forced to change their password.

6. Warn: The days before password is to expire, that user is warned that his/her password must be changed.

7. Inactive(Password Grace Field): The days after password expires, that account is disabled. This field is used as warning period alloted to user after his account's password is expired as specified by the 5th and 6th field. After this period the user's account is disabled and can only be re-enabled by the root user.
8. This field is used as an emergency disable field by the root user. If 0 is given in this field , the user account will be disabled immediately and he cannot login till the time root does not remove this restriction.
9. This field is reserved for future use.
5th , 6th and 7th field combined together can be used by the root to make a policy to make sure that passowrd is changed after a specified no of days , keeping in account grace and warning field. If the user is not able to comply for any perticular reason,his account is blocked.

Using this file you can manage password properties.
Please click on facebook like button if you like the post.

    No comments:

    Post a Comment