passwd檔案能列出系統所有的使用者及許可權以及

AIX路徑 /etc/passwd 許可權是 -rw-r--r--

/etc/passwd 檔案以冒號分隔，它包含以下資訊：
•使用者名稱 •已加密密碼 •使用者標識號（UID） •使用者的組標識號（GID）
•使用者全名（GECOS） •使用者主目錄 •登入 shell

例：root:!:0:0::/:/usr/bin/ksh

sshd:*:203:203::/var/empty:/usr/bin/ksh

其中!表示密碼加密儲存在/etc/security/passwd中,

* 表示lock使用者，無法登陸

the account has been defined to the system but is not an account that can be logged into yet. There will not be an entry placed into the /etc/security/passwd file until a passwd has been assigned to this account.

Redhat路徑/etc/passwd 許可權是 -rw-r--r--

使用者名稱/密碼/UID/GID/使用者描述/家目錄/shell執行目錄

root:x:0:0:root:/root:/bin/bash

test:x:502:500::/home/test:/bin/bash

X表示密碼儲存在/etc/shadow中, uid基本上是1-99是系統預設帳號，100-499是服務帳號，500-以上是建立的使用者, 家目錄是該使用者登入後直接到該目錄下，可以修改

shadow檔案記錄加密密碼及最後一次密碼更改時間對於ID審計是重點考察檔案

AIX路徑 /etc/security/passwd 許可權是 -rw------- root security

password = eacVScDKri4s6 (加密的密碼)
lastupdate = 1026394230
flags = ADMCHG （表示下次登入要求更改密碼)

在這個檔案中如果password=* 表示該使用者沒有密碼，無法登陸系統，只有當管理員給這個使用者設定了密碼後才能夠登入系統

lastupdate

To force users to change their password, perform the following procedures.

Edit /etc/security/login.cfg and change maxage=1. This will force users, who haven't changed their password in the past week, to do so the next time they login.
If some people have changed their password in the past week, review the lastupdate field for that user. Subtract 604800 (number of seconds in one week) from the value specified in the lastupdate field . The next time that user logs into the system, they will be forced to change their password. The lastupdate field represents the number of seconds passed since Jan 1, 1970.
A simpler way to force a user to change their password the next time they log into the system is to change that user's flag field to ADMCHG. Use the command pwdadm -f ADMCHG to change the flag.
- The next time a login or su command is executed for that user, they will be forced to change their password, based on the password guidelines specified in the /etc/security/login.cfg file.
- If the user has a password, they will be asked for their original password before being prompted to change to a new password.
- Make sure the mindiff attribute in the pw_restrictions stanza of /etc/security/login.cfg is nonzero to force the new password to be different from the old one.

flag

If flag field for a user is set to llags = NOCHECK, then the /etc/security/login.cfg restrictions won't apply to that user for new passwords that follow

redhat檔案 /etc/shadow

root:$1$uHVI0B$t/rEHObjn6ZLSklNYu2oj0:14711:0:99999:7:::

使用者名稱

密碼（如果在密碼位前加上*或者!,表示禁止登入)

更改密碼的一天（這個時間以1970年1月1日為1，累計）

密碼不可更改的天數（幾天可以改密碼）

密碼有效天數/密碼更改警告天數

密碼過期寬恕期

密碼失效期

保留欄

注: 如果root密碼失效或者忘記，可以用維護方式進入系統，更改這個檔案，將root密碼位置設定空，就可以用root空密碼進入系統了.

以上相關技術資料有來源於網路，有來源於實際操作。

[@more@]

AIX和Redhat的passwd檔案和shadow檔案

相關文章