Back to Top

Security tips

Understanding Linux passwords


Each Linux user account utilizes a password. It's a basic security mechanism which allows people to get access to their computers. And it's quite logical to have all the information that is associated with user accounts stored in some sort of the database.


It is true that the very existence of this database would pose a very serious security risk, once that the information inside it has gotten into the wrong hands. Some people may argue and say that the risk isn't that big, since the information inside the database can be encrypted.


Nothing could be further away from truth, though. An attacker could get access to the encrypted hash, and then try lots of dictionary-based combinations of words until he manages to produce the same hash. Sounds like a long, time-consuming process, and it actually is! Still, since these days computer farms that can be rented for cheap, the entire operation could be finished within a few hours.


Traditionally, the /etc/passwd file stores all the needed information that is required for login. Some of the most important data fields are highlighted below.


1: user name

2: password

3: user id

4: group id

5: user information

6: home directory

7: shell


Most of these fields are self-explanatory, so will go through them quickly.


The user name will often have eight characters, and it is case sensitive. The password field should contain an "x". This means that the actual passwords are stored in the /etc/shadow file, with the goal of increasing the security of your computer.


Every computer user must have a unique user ID. If you are the root user, your user ID (UID) is set to zero. Predefined accounts have UIDs that can range from 1 to 99, while system accounts range from 100 to 999. Often, the group ID will match the UID.


The user information field should contain the actual name of the user. For best results, keep the name below 30 characters or so. The home directory specifies the location of the user's personal data. If you create and save a document, for example, it will be stored in this folder.


Finally, the shell account specifies the path to the shell that can be utilized by the current user. If you are a system admin, you aren't forced to provide shell accounts to all the users, of course. If this is the case, you can set up a script file such as /bin/noshell which will inform the users that they don't have shell access.


As we have already mentioned, if your computer uses an up-to-date version of Linux, the actual passwords for all users are stored in the /etc/shadow file, which is only accessible to the root user. Here are the most important data fields in that file.


1: user name

2: encrypted password

3: days since the last password change

4: days before requiring a password change (zero = the password can be changed anytime)

5: maximum number of days while a password continues to be valid

6: number of days when the user is warned to change his/her password before its expiration

7: number of days to keep the account disabled after its password expires

8: number of days since the account has been disabled


A blank entry in the second field indicates that no password has been associated with that particular user account. If you see something like this "::" in that field and you are a superuser, then be sure to set a password for it right away. On the other hand, if the encrypted password field contains this symbol "*", it means that the account has been disabled a while ago.