pwconv & pwunconv ???

[lewkh]

Hi Folk, Could you mind to tell me how do I use the pwconv & pwunconv? What is the purpose of both command? Can I use it to change the password directly? Please advise...

[Bruno]

Hi LewHere is a quote from "man pwconv":

NAME pwconv, pwunconv, grpconv, grpunconv - convert to and from shadow passwords and groups. SYNOPSIS pwconv pwunconv grpconv grpunconv DESCRIPTION These four programs all operate on the normal and shadow password and group files: /etc/passwd, /etc/group, /etc/shadow, and /etc/gshadow. pwconv creates shadow from passwd and an optionally existing shadow. pwunconv creates passwd from passwd and shadow and then removes shadow. grpconv creates gshadow from group and an optionally existing gshadow. grpunconv creates group from group and gshadow and then removes gshadow. Each program acquires the necessary locks before conversion. pwconv and grpconv are similiar. First, entries in the shadowed file which don't exist in the main file are removed. Then, shadowed entries which don't have `x' as the password in the main file are updated. Any missing shadowed entries are added. Finally, passwords in the main file are replaced with `x'. These programs can be used for initial conversion as well to update the shadowed file if the main file is edited by hand. pwconv will use the values of PASS_MIN_DAYS, PASS_MAX_DAYS, and PASS_WARN_AGE from /etc/login.defs when adding new entries to /etc/shadow. Likewise, pwunconv and grpunconv are similiar. Passwords in the main file are updated from the shadowed file. Entries which exist in the main file but not in the shadowed file are left alone. Finally, the shadowed file is removed. Some password aging information is lost by pwunconv. It will convert what it can. BUGS Errors in the password or group files (such as invalid or duplicate entries) may cause these programs to loop forever or fail in other strange ways. Please run pwck and grpck to correct any such errors before converting to or from shadow passwords or groups. SEE ALSO login.defs(5), grpck(8), pwck(8)

I have to say that I never have used the command myself . . . . ;) Bruno

[linuxdude32]

Old versions of Linux (and I do mean, OLD, back like 6 years or more) used to store passwords in a hash. The problem was that the same algorithm was used to create the hash and the /etc/passwd file could be read by anybody. In other words, it wasn't very secure. Shadow passwords were developed so that now the /etc/passwd file only has x for the password because the real password is now in /etc/shadow which can only be read by root. In other words, it resulted in a much more secure system.The commands are probably there so that any systems not using shadow passwords can start using them and any systems that are already can talk to systems that aren't.In other words, this was a complicated way of saying you can ignore them. Unless you work with old and new Linux systems or Linux and other Unix systems (that don't use shadow passwords) you won't need to worry about what they do.

[lewkh]

Hi Thanks for your advice... I wonder know that I use the pwunconv the get password from /etc/shadow to /etc/passwd. Then I change the passwd in /etc/passwd file. After that I use the pwconv to create /etc/shadow file. Can I do it like this? Is it workable?

[linuxdude32]

I wonder know that I use the pwunconv the get password from /etc/shadow to /etc/passwd. Then I change the passwd in /etc/passwd file. After that I use the pwconv to create /etc/shadow file. Can I do it like this? Is it workable?

I would think so but I can't say for sure. But why would you want to do it this way? You need root access to read/view the /etc/shadow file and if you have that, you can reset anybody's password just like this:

passwd username

Have I misunderstood what you're trying to do?