A
shadow file in linux is very important. It stores actual password in
encrypted format for user's account with additional properties
related to user password. All fields are separated by a colon (:)
symbol. It contains one entry per line for each user listed in
/etc/passwd file.
So
if you check the /etc/passwd file for consider bob user , we can see
'x' in the place of password which was now exists in the /etc/shadow
file like
[root@vx111a
Desktop]# grep bob /etc/passwd
bob:x:500:500::/home/bob:/bin/bash
[root@vx111a
Desktop]# grep bob /etc/shadow
bob:$6$OQGTcyU0$w9zS4Dw2Q/Xjo/XVlSxxAhAZSYuEE4aAZIvdr0:15959:0:99999:7:::
The
basic syntax will be of the shadow file,
User
name : It is your login name
Password:
It your encrypted password.
Last
password change (last changed): Days since Jan 1, 1970 that password
was last changed
Minimum:
The minimum number of days required between password changes i.e. the
number of days left before the user is allowed to change his/her
password
Maximum:
The maximum number of days the password is valid (after that user is
forced to change his/her password)
Warn
: The number of days before password is to expire that user is warned
that his/her password must be changed
Inactive
: The number of days after password expires that account is disabled
Expire
: days since Jan 1, 1970 that account is disabled i.e. an absolute
date specifying when the login may no longer be used
The
encrypted password consists of 13 to 24 characters from the 64
character alphabet a through z, A through Z, 0 through 9, \. and /.
it can even start with a "$" character. It means that
encrypted password was generated using another like if it starts with
"$1$" it means the MD5-based algorithm was used
In
Most cases the shadow file is accessible to the root account only.
Some times the shadow file may not be available ( Install time
Options ).
So
How can we create the shadow file now,
Create
shadow file and move all password entries from /etc/passwd to
/etc/shadow
pwconv
Procedure
to Remove shadow File (Not Recommended)
Execute
the following command if you no longer want to use the /etc/shadow
file to keep the passwords. (Not recommended !).
#
pwunconv
#
ls -l /etc/shadow
ls:
/etc/shadow: No such file or directory
Happy
learning :-)
