File Locations (Demo)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hello, Cybrarians, and welcome back to
00:00
the Linux plus course here at Cybrary.
00:00
I'm your instructor Rob Goelz.
00:00
In today's lesson, we're going to be
00:00
discussing user and group file locations.
00:00
Upon completion of today's lesson,
00:00
you're going to be able to locate files that
00:00
are related to user or group management,
00:00
and we're going to work with the files,
00:00
/etc/password, /etc/shadow, and /etc/group.
00:00
The /etc/password file holds
00:00
the information on each and
00:00
every local user on a Linux system.
00:00
Each line in this file is actually known as a record,
00:00
so it's somewhat of a database.
00:00
Each one of these lines has
00:00
seven fields that are delimited with a colon character.
00:00
We're going to discuss each one of these fields during
00:00
the demo as we go through these files one by one.
00:00
The /etc/shadow file as previously mentioned,
00:00
passwords are actually stored in /etc/shadow,
00:00
and it also stores aging information, a password aging.
00:00
Passwords are not stored in /etc/password.
00:00
They were once upon a time,
00:00
but for security reasons,
00:00
they've been moved over /etc/shadow
00:00
where they get hashed and salted.
00:00
Each line in the /etc/shadow file is
00:00
a record just like we saw in /etc/password.
00:00
Each line here has eight fields
00:00
delimited with a colon character as well.
00:00
Finally, the /etc/group file
00:00
contains information on groups in Linux.
00:00
Each line of /etc/group is a record as well.
00:00
This one has four fields
00:00
delimited with a colon character.
00:00
Let's check out each and every one of
00:00
these files with some demo time.
00:00
Here we are in
00:00
our demo environment and we're going to move over to
00:00
Ubuntu because we mostly
00:00
have things still up and running here.
00:00
We did a lot of removal of
00:00
things during our userdel and groupdel lesson.
00:00
We didn't do that on Ubuntu,
00:00
we did that on CentOS.
00:00
Let's go ahead and first just do a grep for,
00:00
let's do for test2 on /etc/password.
00:00
What we can see here are all of the columns.
00:00
The first column is the username for the user test2.
00:00
The next column is x,
00:00
and that just indicates the case the user has password,
00:00
but it's not stored in here,
00:00
it's now stored in /etc/shadow.
00:00
We're going to see the user ID field
00:00
and then the group ID field.
00:00
You also sometimes have
00:00
a CID field here if you wanted to add a comment.
00:00
It's empty unless you specify a comment for the user.
00:00
This location, this next field here,
00:00
holds the home directory for the user.
00:00
In this case the home directory is home test2.
00:00
Then finally the default shell is the last field,
00:00
is usually going to be set to either /bin/bash
00:00
or /bin/sh in this case.
00:00
Now let's do the same thing,
00:00
but let's take a look at the /etc/shadow files.
00:00
Let's do a grep test2 on /etc/shadow.
00:00
Actually for this we need to be root,
00:00
so let's elevate our privileges with sudo,
00:00
and now we can see the contents of this directory.
00:00
The first thing we're going to see right off the bat
00:00
as before, is test2.
00:00
Then we would see a password here,
00:00
in this case no password reset
00:00
for this user on this system,
00:00
so there's just an exclamation mark.
00:00
It would be encrypted or hashed format.
00:00
Actually let's go ahead and just do that real quickly.
00:00
Sudo password test2,
00:00
we'll get a quick password.
00:00
Let's run this command one more time.
00:00
Now we can see this massive hashed value,
00:00
and that is the password for the user.
00:00
Now this next line over here, there's next field.
00:00
This third field indicates the
00:00
>> days since the epoch time.
00:00
>> The epoch time in a Linux system is
00:00
January 1st, 1970 or 1/1/'70.
00:00
This next field is the minimum days.
00:00
That is the minimum number of
00:00
days before a password change is allowed,
00:00
and this system has been set to zero.
00:00
The next field is the maximum number
00:00
of days that a password is valid for.
00:00
In this case it's just set to almost 100,000 days.
00:00
Then we have the next field is a warning.
00:00
This is the number of days that a user
00:00
will be warned before their password expires on
00:00
this system that's user will almost
00:00
there be one because
00:00
the amount of maximum days here is so large.
00:00
There are two more fields here that
00:00
we don't actually have for this user.
00:00
But this field here is for the disabled section.
00:00
It tells you how many days after
00:00
account expiring before an account is disabled.
00:00
Then the last field here is the expire field,
00:00
and that is the days epoch time
00:00
that the account is active,
00:00
and then after that time becomes disabled.
00:00
This is all stuff we'll see later when we get into
00:00
the password commands and working with shadow,
00:00
and you can change a lot of these values there.
00:00
Then finally, let's take a look at the group file.
00:00
Let's do a grep for best in /etc/group.
00:00
We still just have our setup here.
00:00
We have the group name is best,
00:00
we have a x here for that because we don't
00:00
actually have the passwords for
00:00
groups stored in group here.
00:00
There's actually a file called
00:00
/xeg/shadow work group, passwords are stored.
00:00
Now we've finally, we all
00:00
still have the group ID number and
00:00
in this system we didn't change it so still 1337.
00:00
If we had any the users added to this group,
00:00
we'd see them in the list.
00:00
For instance, let's use our user mod command again,
00:00
and will be sudo to do this just to be safe.
00:00
We're going to append g,
00:00
and we're going to add the user
00:00
>> test2 to the group best.
00:00
>> We can say we want to have
00:00
the best group to the user test2
00:00
>> and then hit ''Enter.''
00:00
>> Now if we do a grep on best,
00:00
we can see that test2 is in that group.
00:00
With that, we've reached the end of the lesson.
00:00
In this lesson, we covered
00:00
the files used for user and group management,
00:00
including /etc/password, /etc/shadow, and /etc/group.
00:00
Thank you so much for being here and I
00:00
look forward to seeing you in our next lesson.
Up Next