Difference between revisions of "Redhat: Shadow"
(→group) |
(→group) |
||
| Line 59: | Line 59: | ||
<syntaxhighlight> | <syntaxhighlight> | ||
| + | AAAS_TEST:x:30588: | ||
| + | manu_iitk:x:30589: | ||
| + | jump_trading:x:30590: | ||
| + | saha_pec:x:30591: | ||
| + | </syntaxhighlight> | ||
| − | + | {| class="wikitable" | |
| + | | Group Name | ||
| + | | admins | ||
| + | | The name of the group | ||
| + | |- | ||
| + | | Password | ||
| + | | x | ||
| + | | The group password. An 'x' shows the password is in the gshadow file, otherwise its the encrypted password. | ||
| + | |- | ||
| + | | GroupID | ||
| + | | 500 | ||
| + | | The group ID, satrts at 500 and will normally match the User ID of the same name. | ||
| + | |- | ||
| + | | Group Members | ||
| + | | michael,dave | ||
| + | | The members of the group, if there are none the the user with the same name is the only member | ||
| + | |- | ||
| + | |} | ||
== shadow == | == shadow == | ||
Revision as of 13:37, 30 August 2013
The Redhat Shadow Password Suite
Before security became an issue all users and passwords were stored in /etc/passwd and /etc/group files. But having the passwords stored in a reachable file is obviously not an option any more. The shadow password suite is designed to solve this problem. Sensitive data such as passwords have been moved to a file only accessible to the root user.
The Shadow password suite consists of four files. /etc/passwd and /etc/group are the files used origanally. Two files have been added to the suite: /etc/shadow and /etc/gshadow. The default values of the files are defined in /etc/login.defs
passwd
The passwd file contain teh basic information about every user on the system. Each user has seven columns of information.
AAAS_TEST:x:30587:30588::/home/AAAS_TEST:/bin/bash
tom_gds:x:30588:30589::/home/tom_gds:/bin/bash
manu_iitk:x:30589:30589::/home/manu_iitk:/bin/bash
jump_trading:x:30590:30590::/home/jump_trading:/bin/bash
saha_pec:x:30591:30591::/home/saha_pec:/bin/bash| Username | michael | The username used to log into the system |
| Password | x | The password of the user. An 'x' means the password in in the shadow file, an '*' means the account is disabled or the encrypted password. |
| User ID | 500 | numeric user ID - users IDs start at 500 by default |
| Group ID | 500 | numeric gorup ID - group IDs start at 500 by default. Redhat will create a group for every user which will normally have the same id as the user. |
| User Info | Michael H | any extra information |
| Home Directory | /home/michael | The users home direcotory, by default in /home/<username> |
| Login Shell | /bin/bash | The shell used by the user, by default this is bash |
A service account is have the /bin/nologin sheell. This prevents anyone logging into the system as a service. If you see a service logged in it likely means that someone has broken into the system
group
Every user is assinged by default to a group with the same name, their private group. This group will only have that user as a member.
Each group is defined in the group file using four columns of information
AAAS_TEST:x:30588:
manu_iitk:x:30589:
jump_trading:x:30590:
saha_pec:x:30591:| Group Name | admins | The name of the group |
| Password | x | The group password. An 'x' shows the password is in the gshadow file, otherwise its the encrypted password. |
| GroupID | 500 | The group ID, satrts at 500 and will normally match the User ID of the same name. |
| Group Members | michael,dave | The members of the group, if there are none the the user with the same name is the only member |