Birmingham mumbai

Download 15,21 Mb.

Pdf ko'rish

bet	77/482
Sana	13.01.2022
Hajmi	15,21 Mb.
	#355107

1 ... 73 74 75 76 77 78 79 80 ... 482

Bog'liq
Mastering Ubuntu Server Gain expertise in the art of deploying, configuring, managing, and troubleshooting Ubuntu Server by Jay LaCroix (z-lib.org)

Using /etc/shadow
With that out of the way, let's take a look at the
/etc/shadow
file. We can use
cat
to
display the contents like any other text file, but unlike
/etc/passwd
, we need
root

privileges in order to view it. So, go ahead and display the contents of this file, and
I'll walk you through it:
sudo cat /etc/shadow
This will display the following output:
Figure 2.6: Example /etc/shadow file

Managing Users and Permissions
[
50
]
The preceding screenshot,
Figure 2.6
, shows the last three lines of this file on my
server. First, we have the username in the first column—no surprises there. Note
that the output is not showing the UID for each user in this file. The system knows
which username matches to which UID based on the
/etc/passwd
file, so there's no
need to repeat that here. In the second column, we have what appears to be random
gobbledygook. Actually, that's the most important part of this entire file. That's the
actual hash for the user's password.
If you recall, in the
/etc/passwd
file, each user listing had an
x
for the second column,
and I mentioned I would explain that later. What the
x
refers to is the fact that the
user's password is encrypted and simply not stored in
/etc/passwd
. It is instead
stored in
/etc/shadow
. After all, the
/etc/passwd
file is viewable by everyone, so it
would compromise security quite a bit if anyone could just open up the file and see
what everyone's password hashes were.
In the days of old, you could actually store a user's password in
/etc/passwd
, but
it's never done that way anymore. Whenever you create a user account on a modern
Linux system, the user's password is encrypted (an
x
is placed in the second column
of
/etc/passwd
for the user), and the actual password hash is stored in the second
column of
/etc/shadow
to keep it away from prying eyes. Hopefully, now the
relationship between these two files has become apparent.
Remember earlier I mentioned that the
root
user account is locked out by default?
Well, let's actually see that in action. Execute the following command to see the
root

user account entry in
/etc/shadow
:
sudo cat /etc/shadow | grep root
On my system, I get the following output:
Figure 2.7: Example /etc/shadow file
Although the concept is beyond the scope of the book, a password
hash is a conversion of the actual password to a different string that
represents the original password. This is a one-way conversion, so
you cannot find the actual password by reverse-engineering the
hash. In the
/etc/passwd
file, the hash of the password is stored
rather than the actual password, for security purposes.

Chapter 2

Download 15,21 Mb.

Do'stlaringiz bilan baham:

1 ... 73 74 75 76 77 78 79 80 ... 482