Detailed explanation of /etc/passwd file in Linux

Did you know that in the Linux system, each user has corresponding record lines in the /etc/passwd file. These record lines contain some basic attributes of the user. As a system administrator, it is a common job to make frequent changes to this file to manage users.

Its content is similar to the following example:

We can see from the above example that a row of records in /etc/passwd corresponds to a user, and each row of records is separated into 7 fields by a colon (:). Its format and specific meaning are as follows:

Username: Password: User identification number: Group identification number: Commentary description: Home directory: Login Shell

"username"

A string representing the user account. Usually no more than 8 characters in length and composed of uppercase and lowercase letters and/or numbers. There cannot be a colon (:) in the login name because colon is the separator here. For the sake of compatibility, it is best not to include the dot character (.) in the login name, and do not start with a hyphen (-) and a plus sign ().

"Password"

In some systems, encrypted user passwords are stored. Although this field only stores the encrypted string of the user's password, not plain text, since the /etc/passwd file is readable by all users, this is still a security risk. Therefore, many Linux systems (such as SVR4) now use shadow technology to store the real encrypted user password in the /etc/shadow file, and only store a special password in the password field of the /etc/passwd file. Characters, such as "x" or "*".

"User Identification Number"

is an integer, which is used internally by the system to identify users. Generally, it corresponds to the username one-to-one. If the user identification numbers corresponding to several user names are the same, they will be regarded as the same user internally by the system, but they can have different passwords, different home directories, different login shells, etc. Usually the value range of user identification numbers is 0 to 65535. 0 is the identification number of the super user root, 1 to 99 are reserved by the system as management accounts, and the identification numbers of ordinary users start from 100. On Linux systems, this limit is 500.

"Group identification number"

The

field records the user group to which the user belongs. It corresponds to a record in the /etc/group file.

"Annotation Description"

The

field records some personal information of the user, such as the user's real name, phone number, address, etc. This field has no practical use. The format of this field is not uniform in different Linux systems. In many Linux systems, this field stores an arbitrary comment description text, which is used as the output of the finger command.

"Main directory"

is the user's starting working directory, which is the directory where the user is located after logging in to the system. In most systems, each user's home directory is organized in the same specific directory, and the name of the user's home directory is the user's login name.

Each user has read, write, and execute (search) permissions for his or her own home directory. The access permissions of other users to this directory are set according to specific circumstances. After the user logs in, a process is started, which is responsible for transmitting the user's operations to the kernel. This process is the command interpreter or a specific program, that is, the Shell, that is run after the user logs in to the system. The Shell is the interface between the user and the Linux system. There are many types of Linux Shells, each with different characteristics.

Commonly used ones include sh (BourneShell), csh (CShell), ksh (KornShell), tcsh (TENEX/TOPS-20typeCShell), bash (BourneAgainShell), etc.

The system administrator can designate a shell for the user based on the system conditions and user habits. If you do not specify a shell, the system uses sh as the default login shell, that is, the value of this field is /bin/sh. The user's login shell can also be designated as a specific program (this program is not a command interpreter).

Using this feature, we can restrict users to only run specified applications. After the application is finished running, the user will automatically exit the system. Some Linux systems require that only programs registered in the system can appear in this field. There is a type of user in the system called pseudousers. These users also have a record in the Linux /etc/passwd file, but cannot log in because their login shell is empty. Their existence is mainly to facilitate system management and meet the requirements of the corresponding system processes for file owners. Common pseudo-users are shown below.

Pseudo user meaning

include:

bin has executable user command files

sys owns system files

adm owns the account file

uucp UUCP usage

lplp or lpd subsystem usage

nobody NFS usage

Own Account File

There are also some standard pseudo-users, such as audit, cron, mail, usenet, etc., which also have corresponding processes and files in the Linux system. However, since the Linux /etc/passwd file is readable by all users, if the user's password is too simple or has obvious patterns, it can be easily cracked by attackers. Therefore, in Linux systems with high security requirements, the encrypted passwords are stored separately in the /etc/shadow file, and only the super user has read permission to the file, thus protecting the security of the user password. .

The above is the detailed content of Detailed explanation of /etc/passwd file in Linux. For more information, please follow other related articles on the PHP Chinese website!