Q. Can you explain /etc/passwd file format for Linux and UNIX operating systems?
A. /etc/passwd file stores essential information, which is required during login i.e. user account information.
/etc/passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser (root).
Understanding fields in /etc/passwd
The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows.
Generally, passwd file entry looks as follows (click to enlarge image):
- Username: It is used when user logs in. It should be between 1 and 32 characters in length.
- Password: An x character indicates that encrypted password is stored in /etc/shadow file.
- User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
- Group ID (GID): The primary group ID (stored in /etc/group file)
- User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
- Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
- Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.
/etc/passwd is only used for local users only. To see list of all users, enter:
$ cat /etc/passwd
To search for a username called tom, enter:
$ grep tom /etc/passwd
/etc/passwd file permission
The permission on the /etc/passwd file should be read only to users (-rw-r--r--) and the owner must be root:
$ ls -l /etc/passwd
Output:
-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd
Your password is stored in /etc/shadow file
Your encrpted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.
Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- My 10 UNIX Command Line Mistakes
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email FAQ to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: 12/6/08
{ 42 comments… read them below or add one }
What are the differences between system calls and Library functions?
What is the need for /etc/shadow file, when there is /etc/shadow file?
Can the password be maintained in /etc/paswd file itself?
please tell me why Developers implemented two files /etc/passwd and /etc/shadow/
surya – There may be other reasons, but one reason is that the /etc/shadow file is not readable by any user except root. Whereas the /etc/passwd has legitimate reasons to be read by other users. Even though the passwords can be encrypted directly in /etc/passwd, that is still less secure than have even the encrypted passwords hidden.
I have been asked to create a new user on an HP-UX 7.05 machine circa 1990.
Editing the /etc/admin file in Motif to add my user account resulted in that user having denied access. the user name was as added as a user to /etc/groups. I used a new UID fot the user.
Any clues as to what i did wrong?
Thanks
That was /etc/passwd
First let me tell tht i am newbie into the linux arena.
Please educate me how uupdated pwds of the users are been changed in /etc/shadow which has only read perminssions
Praveen Joy.
What does it mean if the password (2nd field) leaves blank or shows as “*”? Thanks.
In the ETC/Passwd file what functionality are the five accounts used for : Shutdown, Sync, Halt, News and Netdump ? Are these logins or are they just command files? And why don’t they have a Nologin at the end of their paths?
Thanks Jerry
nologin is shell which displays a message that an account is not available. It is intended as a replacement shell field for accounts that have been disabled or only use by system internally.
In general the /etc/password and associated shadow files are very *nix dependent. ( AIX, HP-UX, linux… )
Praveen: passwords are updated by the passwd command.
Jenny: the star in the password field means “password is in shadow file”. If the password filed is null ( i.e. :: ) account is not passworded (bad)!
Similar to Jenny’s question… what if the second field (password) in the /etc/passwd file is “*” but the /etc/shadow file is not in use?
how to line for only ftp user?
example
user:x:1000:(www-data id):(?):(?)
is true?
Hi, a am migrating from Solaris 8 to Solaris 10, and i have a lot of users that i want to migrate. Is there a quick way to do this not by hand one by one?
I was thinking that maybe copying the /etc/passwd, /etc/shadow and /etc/group files would do the job?
Please see this faq about migrating user accounts.
how to read the password and compair it with the one that is in the /etc/passwd or /etc/shadow
anybody knows how to expire user’s password whos entry is there in /etc/passwd file
@sparta_tushar,
Use chage command.
Kindly define all 7th points beriefly like Username Password UID GID Comments Home Directory Shell with respect of /etc/passwd File
Any one can aswer …..kindly do ASAP
If any of you have access to root than you wouldn’t be asking how to view/expire/delete, etc the password in the shadow file. There is absolutely no need to if you are root. If you want to expire a password it would be more efficient to su into the user (of course assuming you are root), and passwd yourself your own password. Again, there is no need to see an encrypted password for whatever reason. Just by glancing at the things some of you want to do makes me wonder whether you guys are either trying to hack into someone’s account, or play a prank on them, etc…
pleas tel me in what format passwords are stored in shadow file?means i want ask you that what encryption is used in shadow file to store password?
thanks
nice notes for engg students
Hi,
We are using solaris 10 on jumpstart. We have tried to change the passwrod for root since we have forgotten it. But know the system cannot find user root.
Can you help us to recreate root user? Is there anyway?
Thanks.
I have a question about the /etc/passwd file
I have a number of users accessing a system and while my security is very good by use of firewall and strict permissions on all files I would like to stop users from viewing the /etc/passwd file purely because I don’t want my clients to know who my other clients are.
Is there any way, other than using chroot to do this?
thanks sir
sir tell me predefined accounts
for example
Alex:
There are several reasons that the /etc/password file is read all.
Most expect a cooperative community of users.
There are many other issues you need to address to prevent users from knowing who other users are. like ls /home
It would seem that your users have telnet access. Have you looked into “jail” shell.
or removing shell access to from your users.
PS since this is much more complected that /etc/password please start a new thread.
Vipin:
To see predefined users for the distribution you are using (they are all different)
see /etc/passwd however
note that users like like nobody, daemon, have user numbers below 100
may have the default shell of something like /usr/bin/false which prevents these users from logging in.
hi sir i want file access permission by using simble -c,b,c,i,p and s
Application crashes on solaris if there is an empty line at the end of /etc/passwd, Please let me know why this happens.
Can any one explain below mentioned entry? Is it ok to remove or its kind a wild card?
?:x:60020:1::/home/?:/bin/sh
Although you have not mentioned what system you are seeing this on,
I believe this is an error on the part of someone who tried to mkuser
I have a question about the /etc/passwd file:
Usually a normal user do not have direct permission to write in a passwd/shadow file.
Though when user changes his passsword then ultimately he is altering the /etc/passwd or /etc/shadow file.
What is the mechanism behind this?
Notice that the command to change your password is
-r-sr-xr-x 1 root wheel 70352 Jun 18 22:39 /usr/bin/passwd
Owned by root and the s in the permissions is the SETUID bit.
This means that, when you run this program, your User ID is set to root,
and since root is the owner of the /etc/passwd you can update it!
The same it true of:
at, atq, atrm, batch, chfn, chpass, chsh, crontab, cu, ipcs, login,
lppasswd, newgrp, quota, rlogin, rsh, su, sudo, top, uucp,
uuname, uustat, uux
My hosting company expects me to SSH using password authentication (rather than key) . I have edited ssh_config and sshd_config to switch passwordauthentication to yes, but do I need somehow to get the password into the shadow file – the server response does not even prompt me for a password – it just refuses the connect attempt.
can u explain how the /etc/shadow and /etc/passwd directories are used in the authentication process?why are they two files used instead of one?how can i convert a system to use the /etc//shadow file to the store password?
thanks
an example of absolute pathname is shown as: /home/student/myprogs while a relative pathname can be shown as : ../../documents what are differences between absolute and relative pathname and what is advantages.
ABDUL AWAL: Pease read paragraph “Your password is stored in /etc/shadow file”
ABDUL AWAL: Assuming you are referring to the above:
“#6 Home directory: The absolute path to the directory the user will be in when they log in….”
I seems unwise to use a relative path in the /etc/passwd file.
i say just thanks to every user of linux to every teacher of linux to every lover of linux
please send easy note easy commands of linux to me i will be pray for u are
just send good and easy way to improve my linux knowledge
Excellent work dude…. Thanks..