File permissions of the /etc/shadow password file

Got an issue with the file permissions of your /etc/shadow password file? Look no further and get it fixed.

Summary of File permissions of the /etc/shadow password file

The password files are an important cornerstone of the security of your Linux system. Commonly they are /etc/passwd and /etc/shadow, and installed by default. Sometimes we receive questions what the right permissions of these files should be. Therefore this blog post to have a look at the file permissions (and ownership) of both files. Passwd file The password file stores local accounts of the system. It is a readable text file and uses colons (:) to separate the fields.

Read the full article…

How to test if an account has a password set?

Want to determine if a Linux account has a password set or its related properties? Here are few methods to check this and the steps to perform.

Summary of How to test if an account has a password set?

Sometimes you might want to check if an account on the system has a password set. One of the reasons is to disable those, so you can enforce that only SSH authentication might be used, for example. There are a few ways to see if a password is set. Using the passwd command The first command that comes to mind is using the passwd command. Normally you would use that to change your password, but it can actually also reveal useful details about existing accounts.

Read the full article…

Password Security with Linux /etc/shadow file

Learn the structure of the /etc/shadow file and what the underlying fields mean in this article. After reading, the file should be less cryptic than it was before.

Summary of Password Security with Linux /etc/shadow file

Linux systems use a password file to store accounts, commonly available as /etc/passwd. For additional safety measures, a shadow copy of this file is used which includes the passwords of your users. Or actually hashed password, for maximum security. An example of a password entry in /etc/shadow may look like this: user1:$6$6Y/fI1nx$zQJj6AH9asTNfhxV7NoVgxByJyE.rVKK6tKXiOGNCfWBsrTGY7wtC6Cep6co9eVNkRFrpK6koXs1NU3AZQF8v/:16092:0:99999:7::: For proper display, let’s split this up in several fields: user1 $6$6Y/fI1nx$zQJj6AH9asTNfhxV7NoVgxByJyE.rVKK6tK 16092 0 99999 7 Field explanations Time to have a look what all these strings mean:

Read the full article…

Unused Linux Users: Delete or Keep Them?

Got unused or unknown system accounts on your Linux system? This article explains the different strategies and actions to take and keep the system healthy.

Summary of Unused Linux Users: Delete or Keep Them?

We get often the question what one should do with unused users on Linux. Everyone who looked in the /etc/passwd file will recognize them, strange usernames. A great example is UUCP, or Unix-to-Unix Copy. Once used for communication on direct lines, now another piece of history in our password files. The Options Before we make any decision on dealing with unused Linux accounts, we should look at the most obvious choices we have.

Read the full article…