Page 162 - DCAP602_NETWORK_OPERATING_SYSTEMS

Page 162 - DCAP602_NETWORK_OPERATING_SYSTEMS_I

P. 162

Network Operating Systems-I

notes Although /etc/passwd can, by default, be read by any user, it can be changed only by the root
user. The main, and safest, way that it is changed is through the use of commands such as adduser
and userdel, which are employed by the root account to add users to and remove users from the
system, respectively. It can also be changed by direct editing with a text editor; however, as is
the case with other system configuration files, great care should be exercised, as slight errors can
cause serious problems, and a backup copy should be made in advance.

With shadow passwords, the ‘’/etc/passwd’’ file contains account information, and looks like
this:
smithj:x:561:561:Joe Smith:/home/smithj:/bin/bash
Each field in a passwd entry is separated with “:” colon characters, and are as follows:

1. Username, up to 8 characters. Case-sensitive, usually all lowercase
2. An “x” in the password field. Passwords are stored in the ‘’/etc/shadow’’ file.
3. Numeric user id. This is assigned by the ‘’adduser’’ script. Unix uses this field, plus the
following group field, to identify which files belong to the user.
4. Numeric group id. Red Hat uses group id’s in a fairly unique manner for enhanced file
security. Usually the group id will match the user id.
5. Full name of user. I’m not sure what the maximum length for this field is, but try to keep it
reasonable (under 30 characters).
6. User’s home directory. Usually /home/username (e.g. /home/smithj). All user’s personal
files, web pages, mail forwarding, etc. will be stored here.
7. User’s “shell account”. Often set to ‘’/bin/bash’’ to provide access to the bash shell (my
personal favorite shell).

Perhaps you do not wish to provide shell accounts for your users. You could create a script file
called ‘’/bin/sorrysh’’,

Example: That would display some kind of error message and log the user off, and then
set this script as their default shell.

9.1.2 the /etc/shadow file

etc/shadow file contains encrypted password as well as other information such as account or
password expiration values, etc. The /etc/shadow file is readable only by the root account and
is therefore less of a security risk.
While some other Linux distributions forces you to install the Shadow Password Suite in order
to use the shadow format, Red Hat makes it simple. The ‘’/etc/shadow’’ file contains password
and account expiration information for users, and looks like this:

smithj:Ep6mckrOLChF.:10063:0:99999:7:::
As with the passwd file, each field in the shadow file is also separated with “:” colon characters,
and are as follows:
1. Username, up to 8 characters. Case-sensitive, usually all lowercase. A direct match to the
username in the /etc/passwd file.
2. Password, 13 character encrypted. A blank entry (eg. ::) indicates a password is not
required to log in (usually a bad idea), and a ‘’*’’ entry (eg. :*:) indicates the account has
been disabled.

156 LoveLy professionaL university

157 158 159 160 161 162 163 164 165 166 167