table of contents
shadow(5) | File Formats and Configuration | shadow(5) |
НАЗВАНИЕ¶
shadow - файл теневых паролей
ОПИСАНИЕ¶
shadow is a file which contains the password information for the system's accounts and optional aging information.
Этот файл должен быть недоступен обычному пользователю, если нужно обеспечить безопасность паролей.
Each line of this file contains 9 fields, separated by colons («:»), in the following order:
login name
encrypted password
If the password field begins with an exclamation mark !, the password is locked. The remaining characters on the line represent the password field before the password was locked.
Refer to crypt(3) for details on how this string is interpreted.
If the password field contains a string that is not a valid result of crypt(3), for instance ! or *, the user cannot use a UNIX password to log in. However, the user may log in the system by other means.
date of last password change
The value 0 indicates that the user must change their password the next time they log in to the system.
Пустое значение обозначает, что проверка устаревания пароля выключена.
minimum password age
An empty field and value 0 mean that there is no minimum password age.
maximum password age
After this number of days has elapsed, the password may still be valid. The user is prompted to change their password at the next login.
Пустое значение поля означает, что нет максимального срока действия пароля, нет периода предупреждения о пароле и нет периода неактивности пароля (смотрите далее).
Если максимальный срок действия пароля меньше чем минимальный срок действия пароля, то пользователь не сможет изменить свой пароль.
password warning period
An empty field and value 0 mean that there is no password warning period.
password inactivity period
After the password expires and the password inactivity period elapses, the user cannot log in and must contact their administrator.
An empty string means that no inactivity period is enforced.
account expiration date
Note that account expiration differs from password expiration. Account expiration prevents the user from logging in, whereas password expiration only prevents users from logging in with their password.
An empty field means that the account never expires.
The value 0 should not be used, as it is interpreted either as an account with no expiration or as an expiration date of 1970-01-01.
reserved field
ФАЙЛЫ¶
/etc/passwd
/etc/shadow
/etc/shadow-
Заметим, что этот файл используется программами из комплекта утилит shadow, но не всеми инструментами управления пользователями и паролями.
СМОТРИТЕ ТАКЖЕ¶
chage(1), login(1), passwd(1), passwd(5), pwck(8), pwconv(8), pwunconv(8), su(1), sulogin(8).
08/26/2025 | shadow-utils 4.18.0 |