Where are the passwords of the users located in Linux?

last updated in Categories , ,

The encrypted passwords and other information such as password expiry information (the password aging information) are stored in /etc/shadow file. However, normal user cannot access the /etc/shadow file directly. For example, try out following cat command:

$ cat /etc/shadow

Output:

cat: /etc/shadow: Permission denied

You can only access this file via few commands such as passwd. Login as root user and execute cat command on /etc/shadow file:

$ su –

Password:

# cat /etc/shadow

Output:

root: $1$s83Ugoff$EDT83WAAFpCQHWDp07E9Ux:0:99999:7:::
daemon:*:13031:0:99999:7:::
bin:*:13031:0:99999:7:::

Each entry in /etc/shadow is divided into following fields:

  • Login name
  • Encrypted password
  • Days since Jan 1, 1970 that password was last changed
  • Days before password may be changed
  • Days after which password must be changed
  • Days before password is to expire that user is warned
  • Days after password expires that account is disabled
  • Days since Jan 1, 1970 that account is disabled

Please note that FreeBSD uses /etc/master.shadow file.

Linux script to prompt for password

last updated in Categories ,

Linux do not provide any special or specific command to read password. However, bash shell comes with builtin command called read. It read date from the standard input (keyboard), or from file descriptor FD if the -u option is supplied. General syntax is as follows:
read -s -p “Password: ” VARIABLE

Where,

  • -s: Do not display password on screen. It causes input coming from a terminal/keyboard to not be echoed
  • -p: “Password: “: Display text message
  • VARIABLE: Bash variable in which your password stored

For example, try out following example at shell prompt:
$ read -s -p "Enter Password: " mypasswordOutput:

Enter Password:  

Now display password:
$ echo $mypassword See complete script to accept password using read command.

How Linux file permissions work

last updated in Categories , , , , , , , , ,

Linux (and almost all other Unixish systems) have three user classes as follows:

  • User (u): The owner of file
  • Group (g): Other user who are in group (to access files)
  • Other (o): Everyone else

You can setup following mode on each files. In a Linux and UNIX set of permissions is called as mode:

  • Read (r)
  • Write (w)
  • Execute (x)

However, above three modes or permission have different meaning for file and directory:

Linux Read mode permissions

  • Read access on a file allows you to view file
  • Read access on a directory allows you to view directory contents with ls command

Write mode permissions

  • Write access on a file allows you to write to file
  • Write access on a directory allows you to remove or add new files

Execute mode permissions

  • Execute access on a file allows to run program or script
  • Execute access on a directory allows you access file in the directory

Octal numbers and permissions

You can use octal number to represent mode/permission:

  • r: 4
  • w: 2
  • x: 1

For example, for file owner you can use octal mode as follows. Read, write and execute (full) permission on a file in octal is
0+r+w+x = 0+4+2+1 = 7

Only Read and write permission on a file in octal is
0+r+w+x = 0+4+2+0 = 6

Only read and execute permission on a file in octal is
0+r+w+x = 0+4+0+1 = 5

Use above method to calculate permission for group and others. Let us say you wish to give full permission to owner, read & execute permission to group, and read only permission to others, then you need to calculate permission as follows:
User = r+w+x = 0+4+2+1 = 7
Group= r+w+x = 0+4+2+0 = 6
Others = r+w+x = 0+0+0+1 = 1

Effective permission is 761.

chmod command

To setup file permission you need to use chmod command:
chmod {mode} {file-name}

To setup file permission 761 you need to use chmod command as follows:
# chmod 0761 file
To setup a file readable by anyone and writable by the owner only:
# chmod 644 file
To setup a file readable/executable by everyone and writable by the owner only:
# chmod 755 file
You can change permissions for all files and directories within a directory by using the -R option on the chmod command. For example, to setup others read and execute access to all files and directories (and files and directories within directories), you need to type command as follows (i.e. change the modes of the file hierarchies rooted in the files instead of just the files themselves):
# chmod -R 755 directory-name/

Further readings

  1. Access rights: Linux’s first line of defense
  2. Read chmod command man page for more information.