etc shadow file

New tutorial added to HowtoMatrix database.
etc shadow file

/etc/shadow file


This files stores passwords in an encrypted mode, in modern Unix-like systems, (later than 1990). Before this date the passwords were stored in the /etc/passwd file.

In the passwd file the passwords were also shadowed, but because any user has access to it, (read permission, only root can write), the access to the shadowed file, make it easy to appy brute force break passwords attempts.

How to avoid such brute force attacks?

According to Wikipedia.
Systems administrators can reduce the likelihood of such brute force attacks by making the list of hashed passwords unreadable by unprivileged users. The obvious way to do this is to make the passwd database itself readable only by the root user. However, this would restrict access to other data in the file such as username-to-userid mappings, which would break many existing utilities and provisions. One solution is a “shadow” password file to hold the password hashes separate from the other data in the world-readable passwd file. For local files, this is usually /etc/shadow on Linux and Unix systems, or /etc/master.passwd on BSD systems; each is readable only by root. (Root access to the data is considered acceptable since on systems with the traditional “all-powerful root” security model, the root user would be able to obtain the information in other ways in any case). Virtually all recent Unix-like operating systems use shadowed passwords.
Link to the original site

Comments are closed.