Linux password file directory

Where are the passwords of the users located in Linux?

C an you tell me where the passwords of the users located in the Linux operating system?

The /etc/passwd is the password file that stores each user account. The /etc/shadow file stores contain the password hash information for the user account and optional aging information. The /etc/group file is a text file that defines the groups on the system. There is one entry per line.

Tutorial details
Difficulty level	Easy
Root privileges	No
Requirements	Linux
Est. reading time	3 minutes

Where are the passwords of the users located in Linux?

Sample /etc/shadow file on Linux – Click to enlarge

The order is as follows:

1. Username : It is your login name.
2. Password : It is your encrypted password hash. The password should be minimum 8-12 characters long including special characters, digits, lower case alphabetic and more. Usually password format is set to $id$salt$hashed , The $id is the algorithm used On GNU/Linux as follows:
   1. $1$ is MD5
   2. $2a$ is Blowfish
   3. $2y$ is Blowfish
   4. $5$ is SHA-256
   5. $6$ is SHA-512
3. Last password change (lastchanged) : Days since Jan 1, 1970 that password was last changed
4. Minimum : The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
5. Maximum : The maximum number of days the password is valid (after that user is forced to change his/her password)
6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
7. Inactive : The number of days after password expires that account is disabled
8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used.

A password hash is nothing but a string that verifies the integrity of your password during login against the stored hash so that your actual password never has to be held in /etc/shadow file. It is a security feature.

How to view the contents of the /etc/shadow file

The normal user cannot access the /etc/shadow file directly. For example, try out the following cat command:
$ cat /etc/shadow
Sample outputs:

You can only access the /etc/shadow file via few commands such as the passwd command. Login as root user and execute cat command on /etc/shadow file:
$ su —
Provide root user password when prompted:

Try to display the file:
# cat /etc/shadow
Sample outputs:

Here is how my encrypted password hash looks on Linux:

We can use the chage command to get account aging information in easy to understand format:
chage -l vivek
And now I see:

Источник

How To Password Protect A Folder In Linux

Last updated June 27, 2021 By Abhishek Prakash 52 Comments

In the last post, we saw how to create password protected zip file in Linux. In this post, we’ll see how to password protect a folder in Ubuntu Linux.

You might be in a situation when you often share your computer with other people but you have some private files that you don’t want others to see.

You can obviously hide it at places where others cannot find it. But that’s not entire foolproof because the files will be shown in the desktop search results.

I remember that when I was in college, popular ways to hide ‘special files’ were to put it under the C drive or in a deeply nested folder structure. There were also some applications that used to lock the folders with a password. Like gallery lock applications on smartphones, these applications were vastly popular for hiding private files etc.

I haven’t used such folder locking applications in Linux for years. Mostly because my laptop is used only with me and also because I do not have the need to hide any files.

If so, then why are we talking about folder lock for Linux today? It’s because I got a request from an It’s FOSS reader for a tutorial on encrypted folders in Ubuntu. If this is something that interests you, let’s see how to lock a folder in Linux.

Password protect folders in Linux

Before you go on with the instructions let me warn you about something. The tools mentioned here uses EncFs. It is an open source cryptographic file system.

The problem with EncFs is that a security audit in 2014 found some vulnerabilities in EncFs. Though these vulnerabilities are not easily exploitable, it means that EncFs is not ‘military grade’ secure. For an average desktop user, it should work just fine.

I am using Ubuntu in this tutorial but you can any other Linux distribution based on Ubuntu such as Linux Mint, elementary OS etc. In fact, the steps should be applicable to other Linux distributions such as Fedora, Arch Linux etc but the commands to install the tool won’t be the same.

Method 1: Lock folders with Gnome Encfs Manager

Let’s see how to install Gnome Encfs Manager.

If you are using Ubuntu or Linux Mint or other Linux distributions based on Ubuntu, you can use the official PPA using the commands below one by one:

Packages for Debian, Fedora and openSUSE are available here.

If you are using GNOME on Wayland (for example Ubuntu 17.10), you should use this GNOME extension to add the quick access to the top panel. Read this article to learn how to use GNOME extensions.

Once installed, you may have to log out to see the application working. Go to the application menu and start Gnome Encfs Manager. Click on the + sign to add a new folder that you’ll be locking with a password. A password protected folder is called stash in this application’s terminology.

In here, you can create a new directory or browse to an existing one. You can try to password protect an existing folder but the files that are already present in the folder won’t be locked. For this reason, I suggest creating a new folder and move the files after you password protect it.

Don’t forget to use a password that you will remember easily. If you forget the password, you should also forget the files locked with it.

Once you have the folder created, you can start copying the files to it. Your locked folder will be seen a mounted drive when you have unlocked it.

You can get the control on the locked folder from the GNOME extension. I am not sure if other desktop environments have anything similar. I leave that to your exploration.

Once you have copied the files in the secret folder, simply unmount it. You can do that by unchecking the mounted folder from the panel extension as shown above. When you want to access it, use the launcher in top panel or start the program again.

You can also use some advanced settings such as auto-start or auto unmount after certain idle time.

Note that the so-called secret directory will be visible and accessible to anyone in its normal location. However, its content won’t be in the readable format, not even the filenames. When you mount the locked folder, it will become readable.

That’s all you need to know about password protecting folders with Gnome Encfs Manager.

Method 2: Lock files with Cryptkeeper

Another warning here. Cryptkeeper has a vulnerability with the newer versions of EncFs (1.9 and above). The vulnerability has not been fixed and it is less likely that it will ever be fixed because the project has been abandoned. There is no new change in the code for past several years and the developer’s website doesn’t exits anymore.

That’s the reason why I won’t recommend using this method anymore.

Cryptkeeper is a GUI tool that uses EncFS in the background. It is a popular application and is available in most of the software repositories by default.

For Ubuntu and other Ubuntu based Linux distributions, use the command below to install Cryptkeeper.

For Fedora based Linux distributions, use the command below:

Once installed, I suggest a restart to avoid surprises. You can start the program straight away as well.

Once you start Cryptkeeper, you won’t see the interface immediately. You’ll have to look into the top panel (or the bottom panel, depending upon the desktop environment). Cryptkeeper is an indicator applet rather than a full-fledged desktop application.

Click on New encrypted folder to create a new secret folder.

Name the folder and select its location. And then click on Forward.

You’ll have to provide a password for the encrypted folder. After that, click on Forward.

Voila! Your password protected folder is read to use.

To access the locked folder, you’ll have to select it from Cryptkeeper indicator applet:

Of course, it will ask for the password:

Once you do that, your secret folder will be accessible to you. You can see it mounted as a separate partition. It’s because EncFS creates a separate filesystem inside user-space.

You can create new files in the encrypted folder or copy paste items from other directories to it. Once you have unlocked it, you can use it as a normal folder.

To lock the folder again, you’ll have to use the indicator applet again. Go to it and de-select the required folder i.e. simply click on it again.

If you want to permanently delete the secret folder, you can choose the Edit option from the Cryptkeeper menu. Same Edit menu also gives you the option to change password.

Note that, Cryptkeeper won’t be started automatically at each boot. If you want that, read this guide to manage start up applications in Ubuntu and see how can you start Cryptkeeper at each boot.

Enjoy your private locked folder in Linux 🙂 Any questions or suggestions are always welcomed.

Like what you read? Please share it with others.

Источник

Where are passwords stored in a unix file system?

Where are passwords stored in unix file systems?

Are they directly stored in etc directory or in further directory — and who can view the unencrypted passwords?

4 Answers 4

If the UNIX box is managing its own passwords locally, it will be in /etc/shadow (though in ye olden days we used /etc/passwd . root is the only user that can access the file, and its only stored in hashed form.

If using centralized passwords, you may find a few shops doing NIS/NIS+ but most will be using LDAP, and in that case the password is stored in a centralized LDAP directory (OpenLDAP, Active Directory, etc.), again, in hashed form.

Plaintext passwords are a relic of the past and if exists, indicates some hackery, or some local poorly written app.

Passwords in unix were originally stored in /etc/passwd (which is world-readable), but then moved to /etc/shadow (and backed up in /etc/shadow-) which can only be read by root (or members of the shadow group).

The password are salted and hashed. The default formats are MD5-crypt, bcrypt, sha256-crypt, sha512-crypt , and for historical reasons DES (note DES only allows 8-byte passwords). Note, sha512-crypt is typically involves 5000 rounds of SHA512-ing the password and the number of rounds is configurable.

For more info consult man crypt, man shadow, man passwd .

Older UNIX variants stored the encrypted passwords in /etc/passwd along with other information about each account.

Newer ones simply have a * in the relevant field in /etc/passwd and use /etc/shadow to store the password, in part to ensure nobody gets read access to the passwords when they only need the other stuff ( shadow is usually protected more strongly than passwd ).

Anyone with enough power on the box can see unencrypted passwords, by examining memory directly, or replacing the login program or any one of a dozen other methods. But, to be honest, if they’re that powerful, they already have all your files so the password is irrelevant (unless you use the same password on multiple systems).

You may also find passwords stored in a central repository such as LDAP, which removes the passwords from the individual boxes entirely.

Источник

Simplest way to password protect a directory and its contents without having to create new files?

I would like to password protect or encrypt a directory and all the files within it (for the whole directory tree below it). I do not want to bother the whole home directory, I want a specific directory with some files and folders in it. I would like to be able to encrypt the directory or decrypt it using a password. Command line would be nicest to use. I don’t want to have to create a new file as an encrypted version and then, delete the previous ones which are the non-encrypted version.

2 Answers 2

Use encfs (available as a package on most distributions). To set up:

The initial call to encfs sets up an encrypted filesystem. After that point, every file that you write under

/encrypted is not stored directly on the disk, it is encrypted and the encrypted data is stored under

/.encrypted . The encfs command leaves a daemon running, and this daemon handles the encryption (and decryption when you read a file from under

In other words, for files under

/encrypted , actions such as reads and writes do not translate directly to reading or writing from the disk. They are performed by the encfs process, which encrypts and decrypts the data and uses the

/.encrypted directory to store the ciphertext.

When you’ve finished working with your files for the time being, unmount the filesystem so that the data can’t be accessed until you type your passphrase again:

After that point,

/encrypted will be an empty directory again.

When you later want to work on these files again, mount the encrypted filesystem:

This, again, makes the encrypted files in

/.encrypted accessible under the directory

You can change the mount point

/encrypted as you like: encfs

/.encrypted /somewhere/else (but mount the encrypted directory only once at a time). You can copy or move the ciphertext (but not while it’s mounted) to a different location or even to a different machine; all you need to do to work on the files is pass the location of the ciphertext as the first argument to encfs and the location of an empty directory as the second argument.

Источник