/etc /passWD和 /etc /shadow文件的目的是什麼？

/etc/passwd存儲用戶基本信息，/etc/shadow保存加密密碼及認證信息。 1. /etc/passwd包含用戶名、UID、GID、註釋、主目錄、shell等字段，用於存儲所有用戶可讀的賬戶信息；2. /etc/shadow保存加密密碼、密碼更改時間、有效期等敏感數據，僅root可讀以提高安全性；3. 兩者分離設計是為了避免將密碼暴露給所有用戶，從而增強系統安全；4. 管理員應使用useradd、passwd、chage等命令修改賬戶信息，而非直接編輯文件。

The /etc/passwd and /etc/shadow files are both essential components of user account management in Unix-like operating systems. They store critical information about users, but serve different purposes — mainly separating user metadata from sensitive authentication data.

What's in the /etc/passwd file?

This file contains basic user account information that needs to be readable by all users. Each line represents a user account and includes seven fields separated by colons:

 username:x:UID:GID:comment:home_directory:shell

• username : The name used to log in.
• x : Indicates that the password is stored in /etc/shadow .
• UID : User ID number (0 for root, 1–999 system accounts, 1000 regular users).
• GID : Primary group ID.
• comment : Optional field for full name or contact info.
• home_directory : Path to the user's home directory.
• shell : The program launched on login (usually a shell like /bin/bash ).

You'll often see service accounts here with no login shell (eg, /usr/sbin/nologin ) and system accounts with low UIDs.

Why does /etc/shadow exist?

Storing passwords directly in /etc/passwd would be a security risk since that file must be world-readable. That's why /etc/shadow was introduced — it holds sensitive login information and is only readable by root.

Each line in /etc/shadow looks like this:

 username:$hash:since_last_change:min_age:max_age:warn_period:expire_date:disabled

• $hash : Encrypted password (or * , ! , !! , etc., if locked or expired).
• since_last_change : Days since Jan 1, 1970, that the password was last changed.
• min_age : Minimum days before password can be changed.
• max_age : Maximum days password is valid.
• warn_period : Days before password expiry to warn user.
• expire_date : Days since Jan 1, 1970, when account will expire.
• disabled : Days after password expiry until account is locked.

This setup allows administrators to enforce password policies and manage account expiration securely.

Common tools that interact with these files

Several command-line utilities are designed to safely modify these files without editing them directly:

• useradd , userdel , usermod – for managing user accounts.
• groupadd , groupdel , groupmod – for managing groups.
• passwd – to change a user's password.
• chage – to adjust password expiry information.

These commands ensure proper syntax and permissions are maintained, reducing the chance of breaking user access or system integrity.

If you ever need to look at these files:

• Use cat /etc/passwd (safe to view)
• Use sudo cat /etc/shadow (requires elevated privileges)

Just remember, direct edits should be rare and always backed up.

基本上就這些。

以上是/etc /passWD和 /etc /shadow文件的目的是什麼？的詳細內容。更多資訊請關注PHP中文網其他相關文章！