Where are passwords stored in linux

Where and How are Passwords Stored on Linux?

The username and password are a must when logging into the Linux system and without them (by default). However, there’s a way to configure it to use without them, but it compromises the security because everyone can use the system without authentication, which isn’t a good practice.

In Linux, when the user tries to log into the system, the credentials are compared with a database or a file where the system stores the usernames and passwords and is granted authentication if matched. Now, you may wonder where and how passwords are stored on a Linux-based OS.

This post will describe the location/files where the password are saved in a Linux system:

Checking the Stored Password by Accessing the /etc/passwd File

A plain text file that is used by the Linux system to store the user information like username, user id (UID), group id (GID), and home directory, and the shell is the “passwd” file located in “/etc/” directory. Each field is separated by a colon (:).

Let’s view it using this command (any editor can be used).

To explain the above output, let’s take the “root” user displayed right below the command in the first line.

• The term “root” refers to the username; this field has a maximum limit of 32 characters.
• The “x” denotes the encrypted password kept hidden for security purposes.
• The “0” represents the user id or UID unique for every user. For standard/non-root users, it would start from “1000.”
• The following “0” shows the group id or GID that leads the group to which the user belongs. More details on Linux groups can be found.
• The “root” after that shows the complete data about the users, including a full name, contact information, email, and other related information. This helps in user identification.
• The “/root” displays the root user’s home directory, which is different for every user, and it would be “/” if there isn’t any.
• The “/bin/bash” is the default shell for the current user.

This file has permission to be read by all users using the system. Still, only the root user has the power to modify/change the contents of this file for various reasons related to security.

How to Look for a User With a Specific Name in the/etc/passwd File on Linux?

To get information about a specified user from the “/etc/passwd,” the grep command is highly recommended. Let’s search for “itslinux” as done in this command.

As seen in the image above, the user “itslinux” details are filtered from the long list of users in the/etc/passwd file.

Note: You can find more details regarding this file by reading this article.

Checking the Stored Password by Accessing the /etc/shadow File

The shadow file is the most critical file on Linux, where users with sudo/root access can only access the Linux OS and store the user passwords in encrypted form. Passwords are stored in a hashed format, making it highly challenging to get their information.

Hashing is done using the one-way Secure Hash Algorithm (SHA-256), one of the most secure and reliable hashing algorithms.

The latest Linux operating systems are now using the bcrypt hashing function based on Blowfish symmetric-key block cipher. It has a unique feature called “salt,” using which the system adds a random value to the password hash before storing it in the shadow file. This makes it more problematic for a hacker to use precomputed tables of hashed values for the password to be cracked, so you can view the content by typing:

Here is the encrypted/hashed password of the current user (itslinux).

After examining the above output, you’ll see three “$” signs.

• First, $ represents the type of hashing algorithm used in the current system (bcrypt in this case).
• The second $ is for the added salt (it may not be there if another hashing algorithm like SHA-512 is used).
• The third $ is the hashed password that is nearly impossible to crack.

Note: Click here to read all the details about the “/etc/shadow” file.

Conclusion

In Linux, things may look simple from the front side, but there’s much work being done in the background to protect your privacy and data from illegal access. Of course, you know that the passwords are stored inside the system and compared while logging in. This article explains everything related to it.

Источник

Where and How are Passwords Stored on Linux

“A username and password for a single account are the primary requirements for accessing a Linux system. In order to verify a user during a system login attempt, all user accounts passwords are saved in a file or database. Finding this file on a user’s machine is beyond the knowledge and abilities of every user. Linux checks the password given by the user against an entry in one or more files located in the directory named “/etc.” when the user logs in with a username and password.

All the crucial data required for user login is stored in the /etc/passwd files. The user’s account information is kept in the /etc/passwd file, to put it another way. The entire list of users on your Linux system is contained in this plain text file. It contains data about the user name, password, group ID, user id, shell, and home directory. Only superuser or root user accounts should have restricted write access permissions.”

This article will show you where and how to save the passwords for system user accounts on Linux distributions.

Examining the /etc/passwd File

In order to run administrative commands, you must have root access. The details of your system’s user account are in the /etc/passwd file. The colon “:” symbol separates each stored field. The following command will display each entry in the /etc/passwd file:

The command mentioned above will list every user on your Linux system, and hence terminal’s screen will show the following format:

The information about the currently used account is shown in the highlighted portion below.

There are several fields of data divided by colons (:).

Linux: Username is shown in field one. The username field can only have between 1 and 32 characters. Linux is the username in the sample above.

Password (x): The “x” character denotes the encrypted password, as can be seen in the aforementioned example.

UID (1000): Each user must have their own unique user ID. The user ID in the aforementioned screenshot is 1000.

GID (1000): The group ID is represented by the following field. The GID is kept in the file /etc/group. The example indicates that the user is a member of group 1000.

Details (linux): Comments should go in the field below. You can enter further details about the identified person in this box, such as the individual’s complete name, contact information, etc. The user does not offer a phone number in the case above, though.

Home directory (/home/linux): The location of the user’s current home directory is displayed in this field. It will show “/” if the requested directory does not exist.

/bin/bash shell: /bin/bash is the default absolute path for a shell or command.

Searching User in the /etc/passwd File

A specific user can be found easily by using the grep command. For instance, if we wish to search for the username “linux” in the /etc/passwd file, we may quickly do it by using the following command, which will save us time:

In this regard, we can also use the following command:

View the /etc/passwd File’s Permissions

As we stated above, the /etc/passwd file must have the owner be superuser or root, and all users other than root should have read rights.

To check the read rights on the file, type the following:

Examine the File /etc/shadow

Your whole encrypted password collection is stored in the root-only /etc/shadow file. Every password is viewable in encrypted form. Let’s execute the next command to show the content:

Conclusion

The aforementioned article demonstrates that the Linux operating system keeps all user account details and passwords in the /etc/passwd file. Additionally, we have seen every encrypted password kept in the /etc/shadow file. To learn more about the user’s group, you can also look through the /etc/group file.

About the author

Karim Buzdar

Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. He blogs at LinuxWays.

Источник

Where my linux password is stored on my system and how i can retrieve it? [duplicate]

I am currently logged in on my Linux system and i want to output my Linux password and username on my terminal, what commands i need to write and in which file it is stored and how i can retrieve it ?

3 Answers 3

In short: you can’t find out what your password is.

Although it’s stored in the file /etc/shadow , it’s stored in a «protected» format called a hash. It’s like a baked cake is to a set of ingredients, there’s no way to get the flour back out of the cake.

The passwords are not stored anywhere on the system at all. What is stored in /etc/shadow are so called hashes of the passwords.

A hash of some text is created by performing a so called one way function on the text (password), thus creating a string to check against. By design it is «impossible» (computationally infeasible) to reverse that process.

What can be done is to try a «brute force» attack — by hashing a lot of possible passwords until the outcome equals the found hash. There is no other way, you cannot compute a text (=password) that matches the hash you have.

There are several algorithms to create hashes, they differ in complexity, length of the hash, probability/possibility of so called collisions (two different texts have the same hash, which eventually must happen if the hash is shorter than the original text).

Typical current algorithms are

both should not be used for cryptographic/security purposes any more!!

• SHA-256
• SHA-512
• SHA-3 (KECCAK was announced the winner in the competition for a new federal approved hash algorithm in October 2012) — not used in Ubuntu yet.

As you know from other answers you can’t see your password. Let me explain why. Design where passwords are stored in their normal form (it’s called plain) isn’t very secure (not only for operating systems) because if list of such passwords falls into hands of malicious person, he can log in instantly, since list of user names is usually easy to retrieve (in Linux from /etc/passwd file). That’s why hash functions are used instead. These are one-way functions — you can create hash based on value but you can’t create value based on hash. If malicious person gets a list of hash values he can’t retrieve actual passwords from them (or at least it’s more difficult) and user still can login — when he passes his password, it’s translated to hash and compared with stored value.

Once in a while you can heard that someone hacked some website and get passwords or that some list of passwords leaked somewhere. If those were stored in plain text, attacker got instant access to some accounts. If those were hashed he had to break them first. It means more trouble for him and more time for reaction like changing a password to a new one. Linux (and any Unix based system) follows this design and that’s why you can’t print your password in any other way that hashed — only if you have root user privileges and can read /etc/shadow file.

To print your username, type whoami .

Linked

Related

Hot Network Questions

Site design / logo © 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA . rev 2023.7.13.43530

Ubuntu and the circle of friends logo are trade marks of Canonical Limited and are used under licence.

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.

Источник