The /etc/passwd
and /etc/shadow
files are the backbone of Linux user management. Together, they store user account information and handle authentication securely. This article provides a hands-on guide to understanding these files, their structure, and their role in Linux user management.
/etc/passwd/
explained
The /etc/passwd
file stores basic information about user and system accounts. It is a text file that resides in the /etc
directory. /etc/passwd
has general read permission on all systems because it does not include hashed passwords and many command utilities use it to map user IDs to user names.
Each line within this file corresponds to the user account and each entry is split into columns, separated by a colon (:).
Image credits: Cyberciti.biz
Type the following command to look at the content of the
passwd
file:cat /etc/passwd | tail -5
Explanation of Fields
username
: The user’s login name.x
: A placeholder indicating that the password is stored in/etc/shadow
.UID
: The user's unique numerical ID. To the Linux system, each time when we reference userjdoe
, we are actually referencing UID 1002. When a user is created, the system by default automatically assigns the next available UID.GID
: The unique numerical ID of the primary group that the user belongs to. Creating groups works in a similar way to creating users, in the sense that the group is assigned the next available GID.gecos-field
: The comment field. It allows you to add extra information about the users such as full name, phone number etc.home_directory
: Path to the user’s home directory.shell
: Default shell for the user (e.g.,/bin/bash
).
/sbin/nologin
) to prevent the user from logging in at all./etc/shadow/
explained
The /etc/shadow
file stores password-related information securely. Unlike the /etc/passwd
file, /etc/shadow
does not have general read permission.
Since the /etc/shadow
file contains sensitive hashed password information only the root user has full control over the file. Members of the shadow group (e.g., system processes or utilities that require access) can read it but not modify it while others (regular users) cannot access the file at all.
Type the following command to look at the content of the shadow
file:
sudo cat /etc/shadow | tail -4
Each line within this file corresponds to the user and contains password hashes and other security information.
Explanation of Fields
username
: The login name.password
: The hashed password. In practice placing!
/*
signs is one way to lock out an account. The restriction is that we cannot directly log in asroot
account from the shell or over the network. We have to log in to the system as a normal user account first. Usually, the password format is set to $id$salt$hashed, The $id is the algorithm prefix used On GNU/Linux as follows:$1$ is MD5
$2a$ is Blowfish
$2y$ is Blowfish
$5$ is SHA-256
$6$ is SHA-512
$y$ is yescrypt
lastchanged
: Days since Unix Epoch (January 1, 1970) when the password was last changed. 0 means the password must be changed immediately upon the user's next login. Empty field means the system treats it as no password change tracking, potentially indicating a misconfigured or unused account.min
: Minimum days between password changes. 0 means the password can be changed anytime.max
: Maximum days a password is valid. After that, the user is forced to change her password again.warn
: Days before expiration to warn the user.inactive
: Days after expiration before the account is disabled.expire
: Days since Unix Epoch when the account will be disabled.
chage
command to setup password aging.Unfortunately, this file is neither readable nor writable to regular Linux users. However, a small set of commands allows modifying /etc/shadow
files for a standard user account. For example, the passwd
command enables users to change their passwords.