Information about passwd , group , shadow and gshadow file.

Ever wondered where is the information of user is saved when we create a user in Linux.
Today we will take a look at 4 files which contains user information when a user is created.

All this files are located in etc folder.

1. /etc/passwd

As the name suggest it is located in the etc folder it contains different info about the user such as username,uid etc.

$ cat /etc/passwd

root:x:0:0:root:/root:/usr/bin/zsh
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin

root : x : 0 : 0 : root : /root : /usr/bin/zsh
(1): (2): (3): (4): (5): (6): (7)

(1) →Username or login name of user.
(2) →Password of user. x tells that the passwd is managed by the shadow file.
(3) →Userid [uid] of user.
(4) →Groupid [gid] of user.
(5) →Comment about the user or information about the user.
(6) →Home directory of the user.
(7) →Shell of the user.

2. /etc/group

This file contains information of group,gid,passwd,members of group.

$ cat /etc/group

root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:

root : x : 0 :
(1) :(2): (3): (4)

(1) →Group name.
(2) →Password of group.
(3) →Groupid [gid] of group.
(4) →Members of group.

3. /etc/shadow

This is the main file in aspects of user security because it contains information like password,expire time of account etc.

$ cat /etc/shadow

daemon:*:18616:0:99999:7:::
bin:*:18616:0:99999:7:::
sys:*:18616:0:99999:7:::
sync:*:18616:0:99999:7:::
games:*:18616:0:99999:7:::

daemon : * : 18616 : 0 : 99999 : 7 : : :
(1): (2): (3): (4): (5): (6): (7): (8): (9)

(1) →Username or login name of user.
(2) →Password of user.[* means passwd is not set and if there is !! then the account is disabled]
(3) →Last passwd changed date [calculated from 1 jan 1970]
(4) →Minimum age of passwd.
(5) →Maximum age of passwd.[calculated from 1 jan 1970]
(6) →Warning period of expiration of passwd [as mentioned it will notify us 7 days before the passwd change ]
(7) →Inactivity period of passwd.[calculated from 1 jan 1970]
(8) →Expiry of account.
(9) →unused field.

TYPES OF ENCRYPTION USED IN SHADOW FILE

$1$ = MD5
$2A$ = BLOWFISH
$5$ = SHA 256
$6$ = SHA 512

ETC

4. /etc/gshadow

This file contains the passwd of groups.

$ cat /etc/gshadow

fax:*::
voice:*::
cdrom:*::xyz
floppy:*::xyz
tape:*::

floppy : * : :xyz
(1): (2): (3): (4)

(1) →Name of group.
(2) →Password of group.[* means passwd is not set and if there is !! then the account is disabled]
(3) →List of group admin name.
(4) →Member list of group.

Encryption is similar to that in shadow file.

Default permissions to all this files are -rw-r — r —
We can change the values of the uid gid and other things which we will see further.

So, we learnt about the files that contains the main information about the user.By modifying this files we can change every field of them.

PENETRATION TESTING ENTHUSIAST ETHICAL HACKER BTECH (CSE) STUDENT