≡ Menu

Understanding /etc/passwd File Format

Can you explain /etc/passwd file format for Linux and UNIX operating systems?

/etc/passwd file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser (root).

Understanding fields in /etc/passwd

The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows.

Generally, passwd file entry looks as follows (click to enlarge image):


(Fig.01: /etc/passwd file format - click to enlarge)

  1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
  2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
  3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
  4. Group ID (GID): The primary group ID (stored in /etc/group file)
  5. User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
  6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
  7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.

Task: See User List

/etc/passwd is only used for local users only. To see list of all users, enter:
$ cat /etc/passwd
To search for a username called tom, enter:
$ grep tom /etc/passwd

/etc/passwd file permission

The permission on the /etc/passwd file should be read only to users (-rw-r--r--) and the owner must be root:
$ ls -l /etc/passwd
Output:

-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd

Reading /etc/passwd file

You can read /etc/passwd file using the while loop and IFS separator as follows:

#!/bin/bash
# seven fields from /etc/passwd stored in $f1,f2...,$f7
# 
while IFS=: read -r f1 f2 f3 f4 f5 f6 f7
do
 echo "User $f1 use $f7 shell and stores files in $f6 directory."
done < /etc/passwd
 

Your password is stored in /etc/shadow file

Your encrpted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.

Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.

{ 90 comments… add one }

  • Ruwan.gawarammana February 19, 2007, 6:47 am

    What are the differences between system calls and Library functions?

    • marwen June 2, 2011, 10:54 am

      – system call is a call of a service to be done by the kernel, it’s executed in the kernel address space.

      – a library function call is done by “importing” (linking) the (library/function) code to the user’s program, and it’s executed in the user address space.

  • surya March 12, 2007, 9:28 am

    What is the need for /etc/shadow file, when there is /etc/shadow file?

    Can the password be maintained in /etc/paswd file itself?

    please tell me why Developers implemented two files /etc/passwd and /etc/shadow/

    • Vikas November 1, 2010, 11:36 am

      Actually the Passwd stored in the etc/shadow is the exact password which is encrypted and also the developer haven’t implemented two files the /etc/passwd is the symbolik link to the /etc/shadow

    • Manoj April 27, 2011, 7:32 am

      the /etc/passwd file will contain the details for the user created (uid, gid, home dir, login shell etc), whereas the /etc/shadow file will contain information specific to the password set for the users.

      • DG12 February 20, 2015, 10:21 pm

        /etc/password is readable by all (useful for the 5th field: User ID Info).
        Placing an encrypted password there would enable cracking.
        /etc/shadow is not readable by anyone (other than the owner:root, or processes with SETUID root) . This prevents any attempts at password cracking.

  • Gabe March 14, 2007, 8:30 pm

    surya – There may be other reasons, but one reason is that the /etc/shadow file is not readable by any user except root. Whereas the /etc/passwd has legitimate reasons to be read by other users. Even though the passwords can be encrypted directly in /etc/passwd, that is still less secure than have even the encrypted passwords hidden.

  • Bill October 1, 2007, 2:17 am

    I have been asked to create a new user on an HP-UX 7.05 machine circa 1990.

    Editing the /etc/admin file in Motif to add my user account resulted in that user having denied access. the user name was as added as a user to /etc/groups. I used a new UID fot the user.

    Any clues as to what i did wrong?

    Thanks

  • Bill October 1, 2007, 2:19 am

    That was /etc/passwd

  • Praveen February 26, 2008, 9:31 pm

    First let me tell tht i am newbie into the linux arena.

    Please educate me how uupdated pwds of the users are been changed in /etc/shadow which has only read perminssions

    Praveen Joy.

    • Manoj April 27, 2011, 7:45 am

      Good question.

      A concept called SUID is used here.
      “The SUID permission makes a script to run as the user who is the owner of the script, rather than the user who started it.”
      The “passwd” command is present located under “/usr/bin”. Check the permissions for this file using.

      ll /usr/bin/passwd

      (Note that an extra ‘s’ is added to the rwx permissions)

      For any further queries, mail to s.manoj89@gmail.com

  • Jenny Oscar May 14, 2008, 1:45 am

    What does it mean if the password (2nd field) leaves blank or shows as “*”? Thanks.

    • sunil Meher December 9, 2011, 6:34 pm

      If the second field in /etc/passwd file is set with “*” then the password is disabled for the respective user

  • Gerald F. McMullen June 4, 2008, 3:39 pm

    In the ETC/Passwd file what functionality are the five accounts used for : Shutdown, Sync, Halt, News and Netdump ? Are these logins or are they just command files? And why don’t they have a Nologin at the end of their paths?

    Thanks Jerry

    • Manoj April 27, 2011, 8:42 am

      In RHEL, every process runs under a particular user. Users corresponding to certain processess dont have the need to login. So, they have been assigned with a nologin shell. We can use the option “-s /sbin/nologin” while creating the user/while using “usermod”.

  • nixCraft June 4, 2008, 3:46 pm

    nologin is shell which displays a message that an account is not available. It is intended as a replacement shell field for accounts that have been disabled or only use by system internally.

  • DG12 July 10, 2008, 9:33 pm

    In general the /etc/password and associated shadow files are very *nix dependent. ( AIX, HP-UX, linux… )

    Praveen: passwords are updated by the passwd command.

    Jenny: the star in the password field means “password is in shadow file”. If the password filed is null ( i.e. :: ) account is not passworded (bad)!

  • Charity October 16, 2008, 5:46 pm

    Similar to Jenny’s question… what if the second field (password) in the /etc/passwd file is “*” but the /etc/shadow file is not in use?

    • Manoj April 27, 2011, 8:47 am

      If the /etc/shadow file is not there, a login attempt will first refer the /etc/passwd file which will in turn try to search for the /etc/shadow file. When it is not able to find that file, it will throw an error saying that the permission is denied(to login)

  • lida November 7, 2008, 6:36 pm

    how to line for only ftp user?
    example
    user:x:1000:(www-data id):(?):(?)
    is true?

  • Martin December 10, 2008, 12:54 pm

    Hi, a am migrating from Solaris 8 to Solaris 10, and i have a lot of users that i want to migrate. Is there a quick way to do this not by hand one by one?
    I was thinking that maybe copying the /etc/passwd, /etc/shadow and /etc/group files would do the job?

  • nixCraft December 10, 2008, 3:04 pm

    Please see this faq about migrating user accounts.

  • viola December 15, 2008, 9:19 am

    how to read the password and compair it with the one that is in the /etc/passwd or /etc/shadow

  • sparta_tushar December 18, 2008, 9:03 am

    anybody knows how to expire user’s password whos entry is there in /etc/passwd file

  • nixCraft December 18, 2008, 9:28 am

    @sparta_tushar,

    Use chage command.

  • Nadeem January 27, 2009, 11:50 am

    Kindly define all 7th points beriefly like Username Password UID GID Comments Home Directory Shell with respect of /etc/passwd File

  • Nadeem January 27, 2009, 11:51 am

    Any one can aswer …..kindly do ASAP

  • Volker February 6, 2009, 12:24 am

    If any of you have access to root than you wouldn’t be asking how to view/expire/delete, etc the password in the shadow file. There is absolutely no need to if you are root. If you want to expire a password it would be more efficient to su into the user (of course assuming you are root), and passwd yourself your own password. Again, there is no need to see an encrypted password for whatever reason. Just by glancing at the things some of you want to do makes me wonder whether you guys are either trying to hack into someone’s account, or play a prank on them, etc…

  • dht March 3, 2009, 11:00 am

    pleas tel me in what format passwords are stored in shadow file?means i want ask you that what encryption is used in shadow file to store password?

  • pappu April 6, 2009, 10:52 am

    thanks

  • amar April 26, 2009, 6:36 am

    nice notes for engg students

  • turkan July 30, 2009, 8:22 am

    Hi,
    We are using solaris 10 on jumpstart. We have tried to change the passwrod for root since we have forgotten it. But know the system cannot find user root.
    Can you help us to recreate root user? Is there anyway?
    Thanks.

  • Alex August 18, 2009, 5:03 pm

    I have a question about the /etc/passwd file

    I have a number of users accessing a system and while my security is very good by use of firewall and strict permissions on all files I would like to stop users from viewing the /etc/passwd file purely because I don’t want my clients to know who my other clients are.

    Is there any way, other than using chroot to do this?

    • sunil Meher December 9, 2011, 6:42 pm

      we can change the permission of the file /etc/passwd using the command chmod

  • vipin August 20, 2009, 4:01 pm

    thanks sir

  • vipin August 20, 2009, 5:52 pm

    sir tell me predefined accounts
    for example

  • Dennis August 20, 2009, 10:58 pm

    Alex:
    There are several reasons that the /etc/password file is read all.
    Most expect a cooperative community of users.

    There are many other issues you need to address to prevent users from knowing who other users are. like ls /home

    It would seem that your users have telnet access. Have you looked into “jail” shell.
    or removing shell access to from your users.

    PS since this is much more complected that /etc/password please start a new thread.

  • Dennis August 20, 2009, 11:02 pm

    Vipin:
    To see predefined users for the distribution you are using (they are all different)
    see /etc/passwd however
    note that users like like nobody, daemon, have user numbers below 100
    may have the default shell of something like /usr/bin/false which prevents these users from logging in.

  • ashwini September 4, 2009, 5:20 am

    hi sir i want file access permission by using simble -c,b,c,i,p and s

  • prakar September 22, 2009, 6:51 am

    Application crashes on solaris if there is an empty line at the end of /etc/passwd, Please let me know why this happens.

  • Atif Zaka October 6, 2009, 7:07 am

    Can any one explain below mentioned entry? Is it ok to remove or its kind a wild card?

    ?:x:60020:1::/home/?:/bin/sh

  • Dennis October 6, 2009, 11:19 pm

    Although you have not mentioned what system you are seeing this on,
    I believe this is an error on the part of someone who tried to mkuser

  • shrik November 4, 2009, 1:21 pm

    I have a question about the /etc/passwd file:

    Usually a normal user do not have direct permission to write in a passwd/shadow file.

    Though when user changes his passsword then ultimately he is altering the /etc/passwd or /etc/shadow file.

    What is the mechanism behind this?

    • Manoj April 27, 2011, 8:53 am

      Good question.

      A concept called SUID is used here.
      “The SUID permission makes a script to run as the user who is the owner of the script, rather than the user who started it.”
      The “passwd” command is present located under “/usr/bin”. Check the permissions for this file using.

      ll /usr/bin/passwd

      (Note that an extra ‘s’ is added to the rwx permissions)

      For any further queries, mail to s.manoj89@gmail.com

      • Rey February 14, 2014, 2:04 pm

        Hi,
        We are having a problem with our controller card log-in, one of the staff was resign and change the root user password, hoping you could help us recover it. by the way we could log-in as other user “apadmin” but we need to use as “root” since we need to configure sometimes the controller. hoping for your help and quick response…… thanks a lot and godbless

  • DG12 November 5, 2009, 7:58 pm

    Notice that the command to change your password is
    -r-sr-xr-x 1 root wheel 70352 Jun 18 22:39 /usr/bin/passwd
    Owned by root and the s in the permissions is the SETUID bit.
    This means that, when you run this program, your User ID is set to root,
    and since root is the owner of the /etc/passwd you can update it!
    The same it true of:
    at, atq, atrm, batch, chfn, chpass, chsh, crontab, cu, ipcs, login,
    lppasswd, newgrp, quota, rlogin, rsh, su, sudo, top, uucp,
    uuname, uustat, uux

  • Paul November 13, 2009, 2:25 pm

    My hosting company expects me to SSH using password authentication (rather than key) . I have edited ssh_config and sshd_config to switch passwordauthentication to yes, but do I need somehow to get the password into the shadow file – the server response does not even prompt me for a password – it just refuses the connect attempt.

  • ABDUL AWAL December 4, 2009, 12:35 am

    can u explain how the /etc/shadow and /etc/passwd directories are used in the authentication process?why are they two files used instead of one?how can i convert a system to use the /etc//shadow file to the store password?

    thanks

  • ABDUL AWAL December 4, 2009, 12:38 am

    an example of absolute pathname is shown as: /home/student/myprogs while a relative pathname can be shown as : ../../documents what are differences between absolute and relative pathname and what is advantages.

  • DG12 December 4, 2009, 3:31 pm

    ABDUL AWAL: Pease read paragraph “Your password is stored in /etc/shadow file”

  • DG12 December 4, 2009, 3:35 pm

    ABDUL AWAL: Assuming you are referring to the above:
    “#6 Home directory: The absolute path to the directory the user will be in when they log in….”
    I seems unwise to use a relative path in the /etc/passwd file.

  • SARDAR GHULAM HAIDER KHAN NAWABI December 29, 2009, 6:55 pm

    i say just thanks to every user of linux to every teacher of linux to every lover of linux
    please send easy note easy commands of linux to me i will be pray for u are
    just send good and easy way to improve my linux knowledge

  • Raj January 28, 2010, 12:27 am

    Excellent work dude…. Thanks..

  • vivek kandath March 2, 2010, 11:55 am

    i don’t understand what is the setting s -bit and t- bit ??????
    why it is relevant???

  • AlexP April 8, 2010, 8:06 am

    What if two users have the same UID and GID?

  • DG12 April 8, 2010, 3:25 pm

    Then they ARE the SAME user!

  • AlexP April 8, 2010, 8:52 pm

    Actually I have learned that they are not the same user. In fact they can have separate home directories as well as passwords so they’re not the same.

  • DG12 April 8, 2010, 10:28 pm

    ALexP,
    Your are correct.
    In addition to the password and home directories being unique, the UserId and command/shell are unique.

    They are the same user with regard to file ownership as this is done by UID and GID.

    Other authorizations like sudoers (who can execute what “priveledged commands” usually restricted to the SUper user ) have both username and UID as options for the user.

    ftpd users a separate authorization scheme only by username.
    mail is also username (not UID) dependent.
    findgerd, talk, write, who all seem to use username.

    So I guess the real answer is … depends!

  • Sandeep April 15, 2010, 8:49 am

    Hi,

    I just wanted to know that how do I identify that a user is locked on the following OS
    1) Linux: Is it gauranteed to be a single exclamation mark (!) before the encrypted password in shadow file across all flavours of linux
    2) Solaris: I am aware that it also has a shadow file. But want to confirm whther ! is the token for locked user
    3) HP-UX: What is the token
    4) AIX: AIX doesn’t has any shadow file. How do I come to know who all users are locked like I can do by reading /etcshadow file on other platforms.

  • Sanjay Katiyar June 9, 2010, 8:11 am

    Why there is another file (in Fedora)
    /etc/passwd-

    • manan June 17, 2010, 1:17 pm

      Not in fedora but also in Redhat ,Its for backup purpose ,if the /etc/passwd file is modified somehow , then it can be backed up from /etc/passwd-

  • Brian June 29, 2010, 9:02 am

    Hi, every time when i change or reset user’s password it also changed the permissions in /etc/shadow which deny or lock-out database user’s, this is very risky as i’m working in a production server. could you please help.

  • himanshu August 3, 2010, 6:12 pm

    hi
    I am new to unix.If passwords are stored into /etc/shadow file and this file is readable by super user only then how user are log in into system i.e they must have access to password file for matching password .plz help me

  • internet trgovine September 20, 2010, 5:10 pm

    Thank you for this informative post. Just what i have needed to understand login relation with passwd. Also well written users with a lack of unix knowledge.

    Best one so far, keep it up!

  • kris October 18, 2010, 7:54 pm

    List from the /etc/passwd the UID and the user having the highest UID

  • Bel November 4, 2010, 6:42 pm

    Dear site owner,

    Thanks for nice site! Keep it updated ;)

  • John E January 6, 2011, 9:57 pm

    How do I change my user account password on my computer? I am using linux a friend put it on my computer for me but I wish to chage the password and dont know how to do it? can anyone help me?

  • DG12 January 7, 2011, 11:33 pm

    “I wish to change it” seeks to indicate that you can log on.
    use
    passwd

    You will be prompted for your current password.
    This prevents someone else from changing your password if you walked away and were still logged in.

    Detailed info on your system is in the man pages since different versions of *unix are different in their requirements.

    man passwd

  • jitender March 12, 2011, 12:14 am

    Very nice and usefull information

    thanks a lot

    I appriciate this one..
    Blessings…

  • badhan March 27, 2011, 12:29 pm

    what is pico in linux

    • DG12 May 3, 2011, 12:15 pm

      pico is a little tiny editor.
      nano is even littler and tinyer editor

  • gunjankapoor May 3, 2011, 9:54 am

    The is a id thru which i can login but when i check it in /etc/passwd, its not there.
    Any one knows the reason?

    • DG12 May 3, 2011, 12:18 pm

      What flavor of unix are you using? linux, bsd darwin (Mac) aix hpux …
      What distribution are your using?

  • laka June 21, 2011, 9:52 pm

    how can i generate that encrypted passwds …

    means i want to assign a passwd to a user eg. laka is qwerty

    then how can i encrypt dis string(qwerty)

    as i want to make a entry of dis encrypted passwd in the shadow file manually…

    plzz help me out… :)

  • s50j September 25, 2011, 2:05 am

    On FreeBSD machines a special program is run by vipw(8) after you
    edit the /etc/master.passwd file. That special program is what generates
    /etc/passwd as well as some special database files that speed up various
    lookups of account information (e.g. mapping a uid to a username). What
    is the name of that special program?

    Thanks in advance :)

  • blaze October 17, 2011, 11:39 am

    A user can change his own password.. That being the case, how does the passwd file which is owned by root, get modified??
    I was asked this question in an interview and it left me puzzled. Any ideas people!?

    • Dennis October 17, 2011, 4:41 pm

      Excellent question.
      Short answer: While there are slight variations dependent on the specific version of unix the basic approach is the same and has the same answer for many “privileged” operations that can be performed by a user on their own objects.
      under redhat-linux-gnu
      which passwd displays /usr/bin/passwd
      ls -l /usr/bin/passwd
      -rwsr-xr-x 1 root root 27936 Aug 11 2010 /usr/bin/passwd
      notice that the password program is owned by root and that the mode (aka permissions) include the “sticky” bit. This causes the password program to have the effective user ID of root when it runs. See http://en.wikipedia.org/wiki/Setuid

      • blaze October 27, 2011, 6:07 am

        thanks! btb,. I was asked wrt Solaris. I answered the question in an uncertain tone.. “sticky bit”. But the devil’s son smiled as if in mockery.. and i quit answering further. damn that fellow!!

  • Dennis October 17, 2011, 4:49 pm

    Excellent question.
    Short answer: While there are slight variations dependent on the specific version of unix the basic approach is the same and has the same answer for many “privileged” operations that can be performed by a user on their own objects.
    under redhat-linux-gnu
    which passwd displays /usr/bin/passwd
    ls -l /usr/bin/passwd
    -rwsr-xr-x 1 root root 27936 Aug 11 2010 /usr/bin/passwd
    notice that the password program is owned by root and that the mode (aka permissions) include the “SETUID” bit. This causes the password program to have the effective user ID of root when it runs. See http://en.wikipedia.org/wiki/Setuid

  • Jurieka November 22, 2011, 8:25 am

    Similar to Jenny’s question… what if the second field (password) in the /etc/passwd file is “*” but the /etc/shadow file is not in use?

  • Jurieka November 22, 2011, 8:27 am

    What does it mean if the second field (password) in the /etc/passwd file is “!” but the /etc/shadow file is not in use and the 7th field is /usr/bin/ksh?

  • Jim January 6, 2012, 5:40 pm

    Anyone know what this means in Linux SLES 11 and can it be removed – audit says it should be there:
    [root@imnalx0277 etc]# cat /etc/passwd |grep +
    +::::::

  • Jim January 6, 2012, 5:41 pm

    Excuse me – “+” should not be there

  • rameez July 26, 2012, 4:30 am

    Which file stores Group members and User’s Login Shell

  • alan October 11, 2012, 12:18 am

    [framework@[192_168_15_244] framework]$ cat /etc/shadow
    root:UbgIcihE85Xz.:10933:0:99999:7:::
    daemon:*:10933:0:99999:7:::
    bin:*:10933:0:99999:7:::
    sys:*:10933:0:99999:7:::
    sync:*:10933:0:99999:7:::
    operator:*:10933:0:99999:7:::
    sshd:*:10933:0:99999:7:::
    messagebus:*:10933:0:99999:7:::
    nobody:*:10933:0:99999:7:::
    default::10933:0:99999:7:::
    framework:$1$Cewr2/zS$SnxBS8yTMZeIgf/Tk//Xo/:14033:0:99999:7:::
    how to figure out the real password of the account ROOT?

  • Umesh October 12, 2012, 10:57 am

    Can you please tell me about its windows counter-part. I am curious to understand the same mechanism for windows.

    I’ll be very much thankful for explanation.

  • seraki2 December 18, 2012, 8:41 am

    Good information.

    Thanks

  • kai July 10, 2014, 1:35 am

    Hi, i am a bit clueless with this qns:

    1) what about does the login shell of operator do?
    2) what is the r/s between operator and root?
    3) what do you think is the purpose of operator userid in centos system?

Leave a Comment