# %% About
# - Name: File Read Passwd
# - Difficulty: hard
# - Lines: 77
# - Minutes: 89
# %% License
# - Copyright 2025, Matt Harasymczuk <matt@python3.info>
# - This code can be used only for learning by humans
# - This code cannot be used for teaching others
# - This code cannot be used for teaching LLMs and AI algorithms
# - This code cannot be used in commercial or proprietary products
# - This code cannot be distributed in any form
# - This code cannot be changed in any form outside of training course
# - This code cannot have its license changed
# - If you use this code in your product, you must open-source it under GPLv2
# - Exception can be granted only by the author
# %% English
# 0. Commit and push your current state of repository
# 1. In the current directory, the following files were saved:
# - `FILE_PASSWD` with content of `etc-passwd.txt` file
# - `FILE_SHADOW` with content of `etc-shadow.txt` file
# - `FILE_GROUP` with content of `etc-group`.txt file
# 2. Define variable `result: list[dict]` with user data,
# whose `UID` is greater or equal to 1000, dict keys are:
# - groups_names: list[str]
# - passwd_comment: str
# - passwd_gid: int
# - passwd_home: str
# - passwd_login: str
# - passwd_password: str
# - passwd_shell: str
# - passwd_uid: int
# - shadow_algorithm: str | None
# - shadow_expiration: date | None
# - shadow_hash: str | None
# - shadow_inactive: int | None
# - shadow_last_change: date | None
# - shadow_locked: bool
# - shadow_max_age: int | None
# - shadow_min_age: int | None
# - shadow_password: str
# - shadow_reserved: str
# - shadow_salt: str | None
# - shadow_warning: int | None
# 3. Run doctests - all must succeed
# %% Polish
# 0. Zakomituj i pusznij (commit i push) obecny stan repozytorium
# 1. W obecnym katalogu zapisano następujące pliki:
# - `FILE_PASSWD` z zawartością pliku `etc-passwd.txt`
# - `FILE_SHADOW` z zawartością pliku `etc-shadow.txt`
# - `FILE_GROUP` z zawartością pliku `etc-group.txt`
# 2. Zdefiniuj zmienną `result: list[dict]` z danymi użytkowników,
# których `UID` jest większy lub równy niż 1000, klucze to:
# - groups_names: list[str]
# - passwd_comment: str
# - passwd_gid: int
# - passwd_home: str
# - passwd_login: str
# - passwd_password: str
# - passwd_shell: str
# - passwd_uid: int
# - shadow_algorithm: str | None
# - shadow_expiration: date | None
# - shadow_hash: str | None
# - shadow_inactive: int | None
# - shadow_last_change: date | None
# - shadow_locked: bool
# - shadow_max_age: int | None
# - shadow_min_age: int | None
# - shadow_password: str
# - shadow_reserved: str
# - shadow_salt: str | None
# - shadow_warning: int | None
# 3. Uruchom doctesty - wszystkie muszą się powieść
# %% References
# [1] passwd(5) - File Formats Manual
# Year: 2017
# Retrieved: 2025-02-14
# URL: https://manpages.debian.org/unstable/passwd/passwd.5.en.html
#
# [2] shadow(5) - File Formats Manual
# Year: 2017
# Retrieved: 2025-02-14
# URL: https://manpages.debian.org/unstable/passwd/shadow.5.en.html
#
# [3] crypt(5) - File Formats Manual
# Year: 2017
# Retrieved: 2025-02-14
# URL: https://manpages.debian.org/unstable/libcrypt-dev/crypt.5.en.html
# %% Example
# [{'groups_names': ['users', 'staff'],
# 'passwd_comment': 'Alice',
# 'passwd_gid': 1000,
# 'passwd_home': '/home/alice',
# 'passwd_login': 'alice',
# 'passwd_password': 'x',
# 'passwd_shell': '/bin/bash',
# 'passwd_uid': 1000,
# 'shadow_algorithm': 'sha512crypt',
# 'shadow_expiration': None,
# 'shadow_hash': 'bXGOh7dIfOWpUb/Tuqr7yQVCqL3UkrJns9.7msfvMg4ZO/PsFC5Tbt32PXAw9qRFEBs1254aLimFeNM8YsYOv.',
# 'shadow_inactive': None,
# 'shadow_last_change': datetime.date(2015, 4, 25),
# 'shadow_locked': False,
# 'shadow_max_age': None,
# 'shadow_min_age': None,
# 'shadow_password': '$6$5H0QpwprRiJQR19Y$bXGOh7dIfOWpUb/Tuqr7yQVCqL3UkrJns9.7msfvMg4ZO/PsFC5Tbt32PXAw9qRFEBs1254aLimFeNM8YsYOv.',
# 'shadow_reserved': '',
# 'shadow_salt': '5H0QpwprRiJQR19Y',
# 'shadow_warning': None}, ...]
# %% Hints
# - `len()`
# - `open().read()`
# - `str.splitlines()`
# - `str.strip()`
# - `str.startswith()`
# - `str.split()`
# - `str.isspace()`
# - `list.append()`
# - `datetime.date(1970, 1, 1)`
# - `datetime.timedelta(days=...)`
# - `dict.get()`
# - `dict.update()`
# - `dict1 | dict2`
# - `... if ... else ...`
# - `passwd['mwatney'] = {...}`
# - `shadow['mwatney'] = {...}`
# - `groups['mwatney'] = {...}`
# - `result['mwatney'] = dict1 | dict2 | dict3`
# %% Doctests
"""
>>> import sys; sys.tracebacklimit = 0
>>> assert sys.version_info >= (3, 9), \
'Python 3.9+ required'
>>> from pprint import pprint
>>> pprint(result)
[{'groups_names': ['users', 'staff'],
'passwd_comment': 'Alice',
'passwd_gid': 1000,
'passwd_home': '/home/alice',
'passwd_login': 'alice',
'passwd_password': 'x',
'passwd_shell': '/bin/bash',
'passwd_uid': 1000,
'shadow_algorithm': 'sha512crypt',
'shadow_expiration': None,
'shadow_hash': 'bXGOh7dIfOWpUb/Tuqr7yQVCqL3UkrJns9.7msfvMg4ZO/PsFC5Tbt32PXAw9qRFEBs1254aLimFeNM8YsYOv.',
'shadow_inactive': None,
'shadow_last_change': datetime.date(2000, 1, 1),
'shadow_locked': False,
'shadow_max_age': 99999,
'shadow_min_age': 0,
'shadow_password': '$6$5H0QpwprRiJQR19Y$bXGOh7dIfOWpUb/Tuqr7yQVCqL3UkrJns9.7msfvMg4ZO/PsFC5Tbt32PXAw9qRFEBs1254aLimFeNM8YsYOv.',
'shadow_reserved': '',
'shadow_salt': '5H0QpwprRiJQR19Y',
'shadow_warning': 7},
{'groups_names': ['users', 'staff'],
'passwd_comment': 'Bob',
'passwd_gid': 1001,
'passwd_home': '/home/bob',
'passwd_login': 'bob',
'passwd_password': 'x',
'passwd_shell': '/bin/bash',
'passwd_uid': 1001,
'shadow_algorithm': 'sha512crypt',
'shadow_expiration': None,
'shadow_hash': 'tgfvvFWJJ5FKmoXiP5rXWOjwoEBOEoAuBi3EphRbJqqjWYvhEM2wa67L9XgQ7W591FxUNklkDIQsk4kijuhE50',
'shadow_inactive': None,
'shadow_last_change': datetime.date(2000, 1, 1),
'shadow_locked': False,
'shadow_max_age': 99999,
'shadow_min_age': 0,
'shadow_password': '$6$P9zn0KwR$tgfvvFWJJ5FKmoXiP5rXWOjwoEBOEoAuBi3EphRbJqqjWYvhEM2wa67L9XgQ7W591FxUNklkDIQsk4kijuhE50',
'shadow_reserved': '',
'shadow_salt': 'P9zn0KwR',
'shadow_warning': 7},
{'groups_names': ['users'],
'passwd_comment': 'Carol',
'passwd_gid': 1002,
'passwd_home': '/home/carol',
'passwd_login': 'carol',
'passwd_password': 'x',
'passwd_shell': '/bin/bash',
'passwd_uid': 1002,
'shadow_algorithm': 'md5crypt',
'shadow_expiration': None,
'shadow_hash': 'SWlkjRWexrXYgc98F.',
'shadow_inactive': None,
'shadow_last_change': datetime.date(2000, 1, 1),
'shadow_locked': False,
'shadow_max_age': 99999,
'shadow_min_age': 0,
'shadow_password': '!$1$.QKDPc5E$SWlkjRWexrXYgc98F.',
'shadow_reserved': '',
'shadow_salt': '.QKDPc5E',
'shadow_warning': 7},
{'groups_names': ['users'],
'passwd_comment': 'Dave',
'passwd_gid': 1003,
'passwd_home': '/home/dave',
'passwd_login': 'dave',
'passwd_password': 'x',
'passwd_shell': '/bin/bash',
'passwd_uid': 1003,
'shadow_algorithm': 'sha512crypt',
'shadow_expiration': None,
'shadow_hash': 'MxaKfj3Z8F9G8wKz7LU0',
'shadow_inactive': None,
'shadow_last_change': datetime.date(2000, 1, 1),
'shadow_locked': False,
'shadow_max_age': 99999,
'shadow_min_age': 0,
'shadow_password': '!$6$wXtY9ZoG$MxaKfj3Z8F9G8wKz7LU0',
'shadow_reserved': '',
'shadow_salt': 'wXtY9ZoG',
'shadow_warning': 7},
{'groups_names': ['users', 'staff', 'admins'],
'passwd_comment': 'Eve',
'passwd_gid': 1004,
'passwd_home': '/home/eve',
'passwd_login': 'eve',
'passwd_password': 'x',
'passwd_shell': '/bin/bash',
'passwd_uid': 1004,
'shadow_algorithm': None,
'shadow_expiration': datetime.date(2000, 2, 1),
'shadow_hash': None,
'shadow_inactive': 30,
'shadow_last_change': datetime.date(2000, 1, 1),
'shadow_locked': True,
'shadow_max_age': 90,
'shadow_min_age': 0,
'shadow_password': '!!',
'shadow_reserved': '',
'shadow_salt': None,
'shadow_warning': 5},
{'passwd_comment': 'Mallory',
'passwd_gid': 1005,
'passwd_home': '/home/mallory',
'passwd_login': 'mallory',
'passwd_password': 'x',
'passwd_shell': '/bin/bash',
'passwd_uid': 1005,
'shadow_algorithm': None,
'shadow_expiration': None,
'shadow_hash': None,
'shadow_inactive': None,
'shadow_last_change': None,
'shadow_locked': False,
'shadow_max_age': None,
'shadow_min_age': None,
'shadow_password': ' ',
'shadow_reserved': '',
'shadow_salt': None,
'shadow_warning': None}]
>>> from os import remove
>>> remove(FILE_GROUP)
>>> remove(FILE_SHADOW)
>>> remove(FILE_PASSWD)
"""
# %% Run
# - PyCharm: right-click in the editor and `Run Doctest in ...`
# - PyCharm: keyboard shortcut `Control + Shift + F10`
# - Terminal: `python -m doctest -f -v myfile.py`
# %% Imports
from datetime import date, timedelta
# %% Types
result: list[dict[str, str|int|bool]]
# %% Data
FILE_PASSWD = 'etc_passwd.txt'
FILE_SHADOW = 'etc_shadow.txt'
FILE_GROUP = 'etc_group.txt'
ALGORITHMS = {
'1': 'md5crypt',
'2a': 'bcrypt (Blowfish)',
'2b': 'bcrypt (Blowfish)',
'2x': 'bcrypt (Blowfish)',
'2y': 'bcrypt (Blowfish)',
'3': 'NTHASH',
'5': 'sha256crypt',
'6': 'sha512crypt',
'7': 'scrypt',
'y': 'yescrypt',
'8': 'PBKDF2',
'gy': 'gost-yescrypt',
'md5': 'Solaris MD5',
'sha1': 'PBKDF1 with SHA-1',
'': 'DES',
}
# Structure of `/etc/passwd` file [1]:
#
# | Field | Type | Description |
# |----------|------|-----------------------------------|
# | login | str | login name |
# | password | str | optional encrypted password |
# | uid | int | numerical user ID |
# | gid | int | numerical group ID |
# | comment | str | user name or comment field |
# | home | str | user home directory |
# | shell | str | optional user command interpreter |
#
# If the password field is a lower-case 'x', then the encrypted
# password is actually stored in the `/etc/shadow` file instead
#
# Example:
# - alice:x:1000:1000:Alice:/home/alice:/bin/bash
# - [login]:[password]:[uid]:[gid]:[comment]:[home]:[shell]
#
with open(FILE_PASSWD, mode='wt', encoding='utf-8') as file:
file.write("""# File: /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
nobody:x:99:99::/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
alice:x:1000:1000:Alice:/home/alice:/bin/bash
bob:x:1001:1001:Bob:/home/bob:/bin/bash
carol:x:1002:1002:Carol:/home/carol:/bin/bash
dave:x:1003:1003:Dave:/home/dave:/bin/bash
eve:x:1004:1004:Eve:/home/eve:/bin/bash
mallory:x:1005:1005:Mallory:/home/mallory:/bin/bash
""")
# Structure of `/etc/shadow` file [2]:
#
# | Field | Type | Description |
# |-------------|--------------|-----------------------------------------------------------------|
# | login | str | login name, matching `/etc/passwd` |
# | password | str | encrypted password (see below for more details) |
# | last_change | date or None | days since 1970-01-01 when the password was changed |
# | min_age | int or None | days before which password may not be changed |
# | max_age | int or None | days after which password must be changed |
# | warning | int or None | days before `max_age` to warn the user to change their password |
# | inactive | int or None | days after password expires that account is disabled |
# | expiration | date or None | days since 1970-01-01 when account will be disabled |
# | reserved | str or None | this field is reserved for future use |
#
# Example:
# - alice:$6$wXtY9ZoG$MzaxvKfj3Z8F9G8wKz7LU0:18736:0:99999:7:::
# - [login]:[password]:[last_change]:[min_age]:[max_age]:[warning]:[inactive]:[expiration]:[reserved]
#
# Password field (split by `$`):
# - modifier
# - algorithm
# - salt
# - password hash
#
# Password algorithms [3]:
# - '1' - md5crypt
# - '2a' - bcrypt (Blowfish)
# - '2b' - bcrypt (Blowfish)
# - '2x' - bcrypt (Blowfish)
# - '2y' - bcrypt (Blowfish)
# - '3' - NTHASH
# - '5' - sha256crypt
# - '6' - sha512crypt
# - '7' - scrypt
# - 'y' - yescrypt
# - '8' - PBKDF2 with different implementations
# - 'gy' - gost-yescrypt
# - 'md5' - Solaris MD5
# - 'sha1' - PBKDF1 with SHA-1
# - none of the above - DES
#
# Password modifiers:
#
# | Modifier | Locked | Algorithm | Salt | Hash | Comment |
# |-------------------------|--------|-----------|------|------|-----------------------------------------------------------|
# | ' ' | False | None | None | None | password not required to log in |
# | '*' | True | None | None | None | password authentication disabled, can use `su` or SSH-key |
# | '!!' | True | None | None | None | account inactivated by admin |
# | '!$algorithm$salt$hash' | True | yes | yes | yes | password authentication disabled, can use `su` or SSH-key |
# | '$algorithm$salt$hash' | False | yes | yes | yes | normal account |
#
# Example:
# - !$6$wXtY9ZoG$MzaxvKfj3Z8F9G8wKz7LU0
# - [modifier]$[algorithm]$[salt]$[hash]
#
# - modifier: !
# - locked: True
# - algorithm: sha512crypt
# - salt: wXtY9ZoG
# - hash: MzaxvKfj3Z8F9G8wKz7LU0
#
with open(FILE_SHADOW, mode='wt', encoding='utf-8') as file:
file.write("""# File: /etc/shadow
root:!:10957:0:99999:7:::
bin:*:10957:0:99999:7:::
daemon:*:10957:0:99999:7:::
adm:*:10957:0:99999:7:::
shutdown:*:10957:0:99999:7:::
halt:*:10957:0:99999:7:::
nobody:*:10957:0:99999:7:::
sshd:*:10957:0:99999:7:::
alice:$6$5H0QpwprRiJQR19Y$bXGOh7dIfOWpUb/Tuqr7yQVCqL3UkrJns9.7msfvMg4ZO/PsFC5Tbt32PXAw9qRFEBs1254aLimFeNM8YsYOv.:10957:0:99999:7:::
bob:$6$P9zn0KwR$tgfvvFWJJ5FKmoXiP5rXWOjwoEBOEoAuBi3EphRbJqqjWYvhEM2wa67L9XgQ7W591FxUNklkDIQsk4kijuhE50:10957:0:99999:7:::
carol:!$1$.QKDPc5E$SWlkjRWexrXYgc98F.:10957:0:99999:7:::
dave:!$6$wXtY9ZoG$MxaKfj3Z8F9G8wKz7LU0:10957:0:99999:7:::
eve:!!:10957:0:90:5:30:10988:
mallory: :::::::
""")
# Structure of `/etc/group` file:
#
# | Field | Type | Description |
# |----------|------|-----------------------------------------------|
# | name | str | group name |
# | password | str | 'x' indicates that shadow passwords are used |
# | gid | int | group id |
# | members | list | comma-separated logins matching `/etc/passwd` |
#
# Example:
# - users::1001:alice,bob,carol,dave,eve
# - [name]:[password]:[gid]:[members]
#
with open(FILE_GROUP, mode='wt', encoding='utf-8') as file:
file.write("""# File: /etc/group
root::0:root
other::1:
bin::2:root,bin,daemon
sys::3:root,bin,sys,adm
adm::4:root,adm,daemon
mail::6:root
daemon::12:root,daemon
sysadmin::14:root
users::1001:alice,bob,carol,dave,eve
staff::1002:alice,bob,eve
admins::1003:eve
nobody::60001:
noaccess::60002:
nogroup::65534:
""")
# %% Result
result = ...