Why are there no passwords in /etc/passwd?



System V Release 4 includes a feature called "shadow passwords".
The encrypted passwords are moved out into a shadow password file
(called /etc/shadow in this release) that is NOT publicly readable.
The passwd file has always been readable so that, for example, ls -l
could figure out who owns what. But having the passwd encryptions
readable is a security risk (they can't be decrypted but the bad guy
can encrypt common words and names etc. and compare them with the
encryptions).


The Shadow Password feature is mostly transparent, but if you
do any passwd hacking you have to know about it! And DO make
sure that /etc/shadow is not publicly readable!





UNIXguide.net
Suggest a Site