Understanding Linux system security for Users Guide for beginners

of bob218

One of the most important security features of the Linux system today are passwords. Most administrators and server users use passwords to protect their system and gain access from others. In Linux (RHEL/DEBIAN) these passwords are stored in the passwd and shadow files in the /etc directory.

Most distributions use one-way encryption called DES (Data Encryption Standard) to encrypt passwords saved in the /etc/passwd and /etc/shadow files. When you try to log in the password is compared with the saved password, if a match is found, you are allowed to log in otherwise rejected by the system.

Understand the /etc/passwd file: This file contains the required information used at the time of user login. This text file contains a list of user accounts for the system. This contains the following entry in each line and each field is separated by “:” so that it can be easily understood.

$ cat /etc/passwd

Image of bob218

Username > It is used when user logs in.
Password > An x character indicates that password is encrypted and stored in /etc/shadow file.
User ID (UID) > Each user must be assigned a unique user ID (UID). UID 0 (zero) is reserved for root.
Group ID (GID) > The primary group ID (stored in /etc/group file).
User ID Info > This field allow you to add extra information about the users such as user’s full name, phone number etc.
Home directory > This is path of user’s home directory.
Command/shell > This is path of a command or shell (/bin/bash).

Image of bob218

Understanding etc/shadow File: This file stores passwords in encrypted format for the user’s account. It also contains additional password-related properties. Again, each field is separated by a colon “:”.

# more /etc/shadow

Image of bob218

User name : It is users login name.

Password > It is users encrypted password.

Last password change > This contained the information when last password changed.

Minimum > The minimum number of days required between password changes.

Maximum > The password validity for maximum numbers of Days.

Warn >The number of days before password is to expire that user is warned that his/her password must be changed

Inactive >The number of days after password expires that account is disabled

Expire >days since, that account is disabled.

PS: I hope this content was useful and thank you for reading:)

💻 Follow me
👏 Give the article 50 claps
📚 Read more articles on Medium
🔗 Connect on social media Github | Kaggle