User information file in linux

Introduction

Linux is truly fascinating. In this blog, we’ll understand about a special file in linux.

Let’s dive straight into it.

What is /etc/passwd file?

/etc/passwd is a configuration file which stores user account information. It is a plain text-based file containing information like username, user ID and group ID.

This file is owned by root and has rw-r—r— permissions(octal 644). Thus, the file can be read by any user but only root user or user with sudo privileges can write to the file.

How can I view that file?

To view the contents of the file, open the terminal and type in:

The output of this command should be similar to the one shown below.

daniel@DVM:~$ cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-network:x:100:102:systemd Network Management. /run/systemd:/usr/sbin/nologin systemd-resolve:x:101:103:systemd Resolver. /run/systemd:/usr/sbin/nologin systemd-timesync:x:102:104:systemd Time Synchronization. /run/systemd:/usr/sbin/nologin messagebus:x:103:106::/nonexistent:/usr/sbin/nologin syslog:x:104:110::/home/syslog:/usr/sbin/nologin _apt:x:105:65534::/nonexistent:/usr/sbin/nologin tss:x:106:111:TPM software stack. /var/lib/tpm:/bin/false uuidd:x:107:112::/run/uuidd:/usr/sbin/nologin tcpdump:x:108:113::/nonexistent:/usr/sbin/nologin sshd:x:109:65534::/run/sshd:/usr/sbin/nologin landscape:x:110:115::/var/lib/landscape:/usr/sbin/nologin pollinate:x:111:1::/var/cache/pollinate:/bin/false daniel:x:1000:1000:Daniel Tanzer. /home/daniel:/bin/bash 

Can I modify that file?

Yes, you can modify the file contents using any text editor like vim, nano or emacs but it’s considered to be a bad idea unless you know what you are doing.
You must always use dedicated commands to modify the file. Let’s say for an example, you want to add a new user to the system. For doing so, you must use adduser or useradd command instead of manually editing the /etc/passwd file using a text editor.

Understanding /etc/passwd file format

/etc/passwd file contains many lines, one for each user. The first line contains information about root user followed by system user accounts and normal user accounts.

It has 7 fields separated by colon(:).

file format

1) Username :

This is the first field in a line which represents the login name of the user. It has a length ranging from 1 to 32 characters.

2) Password :

This is the second field in a line. In older linux systems, user’s encrypted password was stored here. Now in the modern systems, this field is replaced by a character x and the encrypted password is stored in a file called /etc/shadow .

If the field is blank, we do not need a password to login to the system.

To change the password of any user, use passwd command which stores the password in encrypted form in /etc/shadow .

3) User ID (UID):

This is the third field in a line. It contains a unique identifier of a user which is used by an operating system to refer to a user.

UID 0 is reserved for root user.
UID 1-99 is reserved for other predefined accounts.
UID 100-999 is reserved for system accounts.
UID above 999 are for normal user accounts.

Читайте также:  Change file permissions linux user

4) Group ID(GID):

This is the fourth field in a line. It determines the primary group of the user. Users can belong to more than one group in linux. To get a full list of groups a user belongs to, type in the command:

The first group in the output is the primary group and the rest are secondary groups .

5) GECOS :

This is the fifth field in a line. It contains comma-separated information about the user including:

6) Home directory :

This is the sixth field in a line which contains the path to the user’s home directory. By default, this path is under /home directory and is named after the user. For example, for a user having a username daniel , his home directory would be /home/daniel .

7) Login Shell :

This is the seventh and the last field in the line. It contains path to the user’s default login shell. For most of the distributions, it is bash having the path /bin/bash .

It is not necessary to for it to be a shell. For example, system administrators can use nologin shell having path /sbin/nologin . So, if a user tries to login to an account with nologin shell, the nologin shell closes the connection.

This is it for the blog. I hope you understood the format of the file /etc/passwd .

Источник

How to View and Understand the /etc/passwd file in Linux

This tutorial explains how to view the /etc/passwd file in Linux and how to interact with it.After reading this article you will understand what the /etc/passwd file is, how to understand, and how to read it. The content also includes instructions to edit the file properly. Additionally, you will find an explanation on /etc/shadow and /etc/group files.

Viewing and understanding the /etc/passwd file

The /etc/passwd file stores vital information (described below) about users such as username, home directory, etc.

Since this file contains vital information for all users, it has reading permissions and it is not necessary to have privileges to see it.

You can read the /etc/passwd file by using the less command followed by the path as shown below.

Let’s take the first two lines to explain the structure of the /etc/passwd file in the following table:

root x 0 0 root /root /bin/bas
daemon x 1 1 daemon /usr/sbin /usr/sbin/nologin
USER AUTH UID GID GECOS HOME SHELL

The first two rows contain the same data shown in the first two lines of the /etc/passwd in the image above. It is important to note that each item is separated by two dots; you can consider the two dots as columns.

The meaning of each column is:

  • USER: The first field shows the username.
  • AUTHENTICATION: The second field shows the password status, if an x, the password is stored in the /etc/shadow file, if an
  • UID: The third field shows the user ID.
  • GID: The fourth field shows the group ID.
  • GECOS: This field stores user information such as full name, phone number, and email.
  • HOME: This field contains the path to the home directory.
  • SHELL: Finally, the last field shows the shell for the user.
Читайте также:  Раздавать wifi через linux

The x in the second field indicates the password is encrypted and stored in the /etc/shadow file. This file is protected by permissions and can only be read by privileged users. If instead of an X you see an asterix (*) or exclamation mark (!), it means that the password is blank and the user does not need a password to login.

The user ID 0 is reserved for the root user. IDs bigger than 500 can be assigned to users. Below 500 IDs are reserved for the system.

In the following figure you can see the linuxhintuser line including some GECOS information such as full name (Linux Hint) and phone numbers:

Years ago, passwords were stored in the /etc/passwd file. this was changed. Passwords are now stored in the /etc/shadow file which needs privileges.

The /etc/passwd file is accessible to every user because it holds information users need to interact with the system, for example, to login.

How to edit the /etc/passwd file

The /etc/passwd can be edited using the vipw command. This command is also useful to edit /etc/shadow (When used with the -s flag) and /etc/group files.

To edit the /etc/passwd file, run the vipw command and when asked, select the text editor of your preference. In my case I’m selecting nano as shown below.

As you can see in the following figure, after running the vipw command, the /etc/passwd file will be opened with a text editor. You can then edit all fields.

In the example below I will edit the linuxhintuser information (Last line). As you can see, the full name is Linux Hint, phone numbers are 342342 and 234234.

As shown in the example below, I edited the full name, replacing the full name (linuxhintuser) with “New Full Name” and editing phone numbers.

Once you are done editing the file, close and save changes.

After closing and saving the file, you will be warned about possible changes you may need to reproduce in the /etc/shadow file. This is not necessary if you don’t edit the password.

You can check the /etc/passwd file using the less or cat commands and you will see changes were properly applied.

Additional functions for the vipw command can be implemented using flags:

  • -g: The -g flag is used to edit the /etc/group file containing information about user groups.
  • -s: This flag is used to edit both the /etc/shadow and /etc/gshadow files.
  • -p: The -p flag is used to edit the passwd database.
  • -h: This flag is used to display the help menu.

As you can see in the content above, the /etc/passwd is linked to other files like /etc/shadow and /etc/group, both of which are described below.

The /etc/shadow file

As said previously, formerly Linux/Unix passwords were stored in the /etc/passwd file, which was dangerous since every user has access to it. A user with access to the encrypted password can easily break it by using one of the online databases or through brute force.

Читайте также:  Автозапуск в альт линукс

To solve this exposure, the /etc/shadow file was implemented to store user encrypted passwords without reading permissions or without super user privileges.

You can see the /etc/shadow file by using cat or less commands as root or with sudo as shown previously.

As you can see in the screenshot below, there are 9 columns (Defined by two dots each). Each field contains the first information:

  • 1: Username.
  • 2: Encrypted password.
  • 3: Last password change in days, counting from Jan, 1970.
  • 4: Minimum days a user can keep a password before changing it.
  • 5: Maximum days a user can keep a password before changing it (If 99999, then no limit)
  • 6: In this field the root can define when a user will be requested to change the password.
  • 7: This field shows when an account will be inactive after password expiration.
  • 8: Password expiration date (Counting from 1 Jan, 1970).
  • 9: The last field is reserved without containing useful information.

As you can see, the /etc/shadow file only contains password related information.

To change a password within this file, you need to execute the passwd command followed by the username whose password you want to replace, as shown in the figure below where the linuxhintuser password is updated.

As you can see above, the password was successfully changed.

The /etc/group file

The /etc/group file stores information on groups. This file, like both /etc/passwd and /etc/shadow, also can be edited with the vipw command.

You can read the /etc/group file using the less command as done before.

The file looks like the following screenshot, containing 4 columns with group related information, where the first field is group name, the second field is password related, the third is the GID (Group ID) and the fourth shows the group users.

I also would recommend studying the usermode command, some examples are available at https://linuxhint.com/sudo_linux/, also related to user administration. This command is also recommended by the passwd command man page.

Conclusion

As you can see, any user can view the passwd file easily. The /etc/passwd file is the first defense against unauthorized accesses. All files are imperative to get information on users and administer them properly. The way to edit those files vipw is explained in this document. All steps are valid for all Linux distributions, since these files are universal for Linux systems, and even for some Unix. Always remember you can read the main page for additional information.

Thank you for reading this tutorial explaining how to view and how to understand the /etc/passwd file. Keep following us for additional Linux tutorials.

About the author

David Adams

David Adams is a System Admin and writer that is focused on open source technologies, security software, and computer systems.

Источник

Оцените статью
Adblock
detector