Listen to this Post
The `/etc/shadow` file is a critical component of Linux system security, storing hashed user passwords and related information. Unlike /etc/passwd, which contains basic user account details, `/etc/shadow` is accessible only by the root user, ensuring enhanced security. This article delves into the structure of the `/etc/shadow` file and provides practical commands and steps to work with it.
Structure of the /etc/shadow File
Each line in the `/etc/shadow` file represents a user and contains the following fields, separated by colons (:):
1. Username: The name of the user account.
- Password Hash: The hashed password (or `!` or `*` if the account is locked).
- Last Password Change: The number of days since the last password change (since January 1, 1970).
- Minimum Password Age: The minimum number of days required between password changes.
- Maximum Password Age: The maximum number of days the password is valid.
- Password Warning Period: The number of days before password expiration that the user is warned.
- Password Inactivity Period: The number of days after password expiration until the account is disabled.
- Account Expiration Date: The date when the account will be disabled.
9. Reserved Field: Reserved for future use.
You Should Know: Practical Commands and Steps
1. View the /etc/shadow File
To view the contents of the `/etc/shadow` file, use the following command:
sudo cat /etc/shadow
2. Check Password Expiry for a User
Use the `chage` command to check password expiry information for a specific user:
sudo chage -l username
3. Change Password Expiry Policies
To modify password expiry settings, use the `chage` command:
sudo chage -M 90 -W 7 username
This sets the maximum password age to 90 days and the warning period to 7 days.
4. Lock and Unlock User Accounts
To lock a user account:
sudo passwd -l username
To unlock it:
sudo passwd -u username
5. Force Password Change on Next Login
To force a user to change their password on the next login:
sudo chage -d 0 username
- Add a New User with a Shadow Entry
When adding a new user, the `/etc/shadow` entry is automatically created:sudo adduser newuser
7. Manually Edit the /etc/shadow File
Use `vipw` to safely edit the `/etc/shadow` file:
sudo vipw -s
8. Check for Empty Passwords
To find users with empty passwords:
sudo awk -F: '($2 == "") {print $1}' /etc/shadow
9. Generate a Password Hash
Use `openssl` to generate a password hash for manual updates:
openssl passwd -6
10. Verify File Permissions
Ensure the `/etc/shadow` file has the correct permissions:
sudo ls -l /etc/shadow
The output should be: `-rw-r– 1 root shadow`.
What Undercode Say
The `/etc/shadow` file is a cornerstone of Linux security, ensuring that sensitive password data is protected from unauthorized access. By understanding its structure and utilizing the provided commands, system administrators can effectively manage user accounts, enforce password policies, and enhance overall system security. Always handle this file with care, as improper modifications can lead to system vulnerabilities.
Expected Output:
– `/etc/shadow` file contents displayed using sudo cat /etc/shadow.
– Password expiry details for a user using sudo chage -l username.
– Updated password policies applied with sudo chage -M 90 -W 7 username.
– Locked or unlocked user accounts using sudo passwd -l/-u username.
– Forced password change on next login with sudo chage -d 0 username.
– New user added with sudo adduser newuser.
– Safe editing of `/etc/shadow` using sudo vipw -s.
– Identified users with empty passwords using sudo awk -F: '($2 == "") {print $1}' /etc/shadow.
– Generated password hash with openssl passwd -6.
– Verified file permissions with sudo ls -l /etc/shadow.
For further reading, visit: https://study-notes.org
References:
Reported By: Xmodulo On – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
