Linux / Unix question?

Question

In UNIX systems, two critical files located under the etc directory store user account information . Explain the the differences between the /etc/passwd and the /etc/shadow files as they relate to user information confidentiality.

Answer 1

/etc/passwd does not contain the actual password hashes and is world readable (all users can view it) It contains some other information such as a users home directory and shell.

/etc/shadow contains the hashes and is usually only readable by root and suid root programs. It also contains password expiry data.

Prior to the introduction of password shadowing, the password has was stored in /etc/passwd. It was possible for anyone with access to /etc/passwd to attempt to crack passwords of other users (using a tool like crack) by comparing against the stored hash.

The passwords are encrypted via a one way hash.

Answer 2

In a newer version of Unix/Linux (last 5 years or so) the passwd file contain the users name and few other settings related with...but NOT the passwords or passwords hash codes. All the password hash codes are stored in shadow file. Was a time when encrypted password were into that passwd file ...an very easy target ... The hash codes are not even the passwords or the encrypted passwords ... ;-)

Answer 3

Unix is a proprietorial operating equipment to which countless organizations personal the rights. each and every organizations version of unix is really diverse yet all of them adjust to an identical criteria with the intention to make it ordinary to bypass applications between the diverse version. Linux is an open source operating equipment designed to be well suited with the unix criteria. effectively linux merely yet another version of unix. that is no longer technically maximum acceptable yet close adequate for most circumstances.