File Locations (Demo)
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Course
Difficulty
Intermediate
Video Transcription
00:00
>> Hello, Cybrarians, and welcome back to
00:00
the Linux plus course here at Cybrary.
00:00
I'm your instructor Rob Goelz.
00:00
In today's lesson, we're going to be
00:00
discussing user and group file locations.
00:00
Upon completion of today's lesson,
00:00
you're going to be able to locate files that
00:00
are related to user or group management,
00:00
and we're going to work with the files,
00:00
/etc/password, /etc/shadow, and /etc/group.
00:00
The /etc/password file holds
00:00
the information on each and
00:00
every local user on a Linux system.
00:00
Each line in this file is actually known as a record,
00:00
so it's somewhat of a database.
00:00
Each one of these lines has
00:00
seven fields that are delimited with a colon character.
00:00
We're going to discuss each one of these fields during
00:00
the demo as we go through these files one by one.
00:00
The /etc/shadow file as previously mentioned,
00:00
passwords are actually stored in /etc/shadow,
00:00
and it also stores aging information, a password aging.
00:00
Passwords are not stored in /etc/password.
00:00
They were once upon a time,
00:00
but for security reasons,
00:00
they've been moved over /etc/shadow
00:00
where they get hashed and salted.
00:00
Each line in the /etc/shadow file is
00:00
a record just like we saw in /etc/password.
00:00
Each line here has eight fields
00:00
delimited with a colon character as well.
00:00
Finally, the /etc/group file
00:00
contains information on groups in Linux.
00:00
Each line of /etc/group is a record as well.
00:00
This one has four fields
00:00
delimited with a colon character.
00:00
Let's check out each and every one of
00:00
these files with some demo time.
00:00
Here we are in
00:00
our demo environment and we're going to move over to
00:00
Ubuntu because we mostly
00:00
have things still up and running here.
00:00
We did a lot of removal of
00:00
things during our userdel and groupdel lesson.
00:00
We didn't do that on Ubuntu,
00:00
we did that on CentOS.
00:00
Let's go ahead and first just do a grep for,
00:00
let's do for test2 on /etc/password.
00:00
What we can see here are all of the columns.
00:00
The first column is the username for the user test2.
00:00
The next column is x,
00:00
and that just indicates the case the user has password,
00:00
but it's not stored in here,
00:00
it's now stored in /etc/shadow.
00:00
We're going to see the user ID field
00:00
and then the group ID field.
00:00
You also sometimes have
00:00
a CID field here if you wanted to add a comment.
00:00
It's empty unless you specify a comment for the user.
00:00
This location, this next field here,
00:00
holds the home directory for the user.
00:00
In this case the home directory is home test2.
00:00
Then finally the default shell is the last field,
00:00
is usually going to be set to either /bin/bash
00:00
or /bin/sh in this case.
00:00
Now let's do the same thing,
00:00
but let's take a look at the /etc/shadow files.
00:00
Let's do a grep test2 on /etc/shadow.
00:00
Actually for this we need to be root,
00:00
so let's elevate our privileges with sudo,
00:00
and now we can see the contents of this directory.
00:00
The first thing we're going to see right off the bat
00:00
as before, is test2.
00:00
Then we would see a password here,
00:00
in this case no password reset
00:00
for this user on this system,
00:00
so there's just an exclamation mark.
00:00
It would be encrypted or hashed format.
00:00
Actually let's go ahead and just do that real quickly.
00:00
Sudo password test2,
00:00
we'll get a quick password.
00:00
Let's run this command one more time.
00:00
Now we can see this massive hashed value,
00:00
and that is the password for the user.
00:00
Now this next line over here, there's next field.
00:00
This third field indicates the
00:00
>> days since the epoch time.
00:00
>> The epoch time in a Linux system is
00:00
January 1st, 1970 or 1/1/'70.
00:00
This next field is the minimum days.
00:00
That is the minimum number of
00:00
days before a password change is allowed,
00:00
and this system has been set to zero.
00:00
The next field is the maximum number
00:00
of days that a password is valid for.
00:00
In this case it's just set to almost 100,000 days.
00:00
Then we have the next field is a warning.
00:00
This is the number of days that a user
00:00
will be warned before their password expires on
00:00
this system that's user will almost
00:00
there be one because
00:00
the amount of maximum days here is so large.
00:00
There are two more fields here that
00:00
we don't actually have for this user.
00:00
But this field here is for the disabled section.
00:00
It tells you how many days after
00:00
account expiring before an account is disabled.
00:00
Then the last field here is the expire field,
00:00
and that is the days epoch time
00:00
that the account is active,
00:00
and then after that time becomes disabled.
00:00
This is all stuff we'll see later when we get into
00:00
the password commands and working with shadow,
00:00
and you can change a lot of these values there.
00:00
Then finally, let's take a look at the group file.
00:00
Let's do a grep for best in /etc/group.
00:00
We still just have our setup here.
00:00
We have the group name is best,
00:00
we have a x here for that because we don't
00:00
actually have the passwords for
00:00
groups stored in group here.
00:00
There's actually a file called
00:00
/xeg/shadow work group, passwords are stored.
00:00
Now we've finally, we all
00:00
still have the group ID number and
00:00
in this system we didn't change it so still 1337.
00:00
If we had any the users added to this group,
00:00
we'd see them in the list.
00:00
For instance, let's use our user mod command again,
00:00
and will be sudo to do this just to be safe.
00:00
We're going to append g,
00:00
and we're going to add the user
00:00
>> test2 to the group best.
00:00
>> We can say we want to have
00:00
the best group to the user test2
00:00
>> and then hit ''Enter.''
00:00
>> Now if we do a grep on best,
00:00
we can see that test2 is in that group.
00:00
With that, we've reached the end of the lesson.
00:00
In this lesson, we covered
00:00
the files used for user and group management,
00:00
including /etc/password, /etc/shadow, and /etc/group.
00:00
Thank you so much for being here and I
00:00
look forward to seeing you in our next lesson.
Up Next
Find System Files and Place Files in the Correct Location
Virtual Lab
Password Management (Discussion and Demo)
Query Commands (Demo)
Run User Level Queries
Virtual Lab
Enabling Quotas (Demo)
Instructed By
Similar Content
