Understanding /etc/passwd File Format
Q. Can you explain /etc/passwd file format for Linux and UNIX operating systems?
A. /etc/passwd file stores essential information, which is required during login i.e. user account information.
/etc/passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser (root).
Understanding fields in /etc/passwd
The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows.
Generally, passwd file entry looks as follows (click to enlarge image):
- Username: It is used when user logs in. It should be between 1 and 32 characters in length.
- Password: An x character indicates that encrypted password is stored in /etc/shadow file.
- User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
- Group ID (GID): The primary group ID (stored in /etc/group file)
- User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
- Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
- Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.
/etc/passwd is only used for local users only. To see list of all users, enter:
$ cat /etc/passwd
To search for a username called tom, enter:
$ grep tom /etc/passwd
/etc/passwd file permission
The permission on the /etc/passwd file should be read only to users (-rw-r--r--) and the owner must be root:
$ ls -l /etc/passwd
Output:
-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd
Your password is stored in /etc/shadow file
Your encrpted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.
Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.
E-mail
Print
Can't find an answer to your question? Contact us
Related Other Helpful FAQs:
Discussion on This FAQ
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: /etc/passwd, /etc/passwd format, /etc/shadow, absolute path, etc passwd, finger command, group id, home directory, passwd, passwd file, passwd file format, primary group, system accounts, unix /etc/passwd, unix passwd file
February 19th, 2007 at 6:47 am
What are the differences between system calls and Library functions?
March 12th, 2007 at 9:28 am
What is the need for /etc/shadow file, when there is /etc/shadow file?
Can the password be maintained in /etc/paswd file itself?
please tell me why Developers implemented two files /etc/passwd and /etc/shadow/
March 14th, 2007 at 8:30 pm
surya - There may be other reasons, but one reason is that the /etc/shadow file is not readable by any user except root. Whereas the /etc/passwd has legitimate reasons to be read by other users. Even though the passwords can be encrypted directly in /etc/passwd, that is still less secure than have even the encrypted passwords hidden.
October 1st, 2007 at 2:17 am
I have been asked to create a new user on an HP-UX 7.05 machine circa 1990.
Editing the /etc/admin file in Motif to add my user account resulted in that user having denied access. the user name was as added as a user to /etc/groups. I used a new UID fot the user.
Any clues as to what i did wrong?
Thanks
October 1st, 2007 at 2:19 am
That was /etc/passwd
February 26th, 2008 at 9:31 pm
First let me tell tht i am newbie into the linux arena.
Please educate me how uupdated pwds of the users are been changed in /etc/shadow which has only read perminssions
Praveen Joy.
May 14th, 2008 at 1:45 am
What does it mean if the password (2nd field) leaves blank or shows as “*”? Thanks.
June 4th, 2008 at 3:39 pm
In the ETC/Passwd file what functionality are the five accounts used for : Shutdown, Sync, Halt, News and Netdump ? Are these logins or are they just command files? And why don’t they have a Nologin at the end of their paths?
Thanks Jerry
June 4th, 2008 at 3:46 pm
nologin is shell which displays a message that an account is not available. It is intended as a replacement shell field for accounts that have been disabled or only use by system internally.
July 10th, 2008 at 9:33 pm
In general the /etc/password and associated shadow files are very *nix dependent. ( AIX, HP-UX, linux… )
Praveen: passwords are updated by the passwd command.
Jenny: the star in the password field means “password is in shadow file”. If the password filed is null ( i.e. :: ) account is not passworded (bad)!
October 16th, 2008 at 5:46 pm
Similar to Jenny’s question… what if the second field (password) in the /etc/passwd file is “*” but the /etc/shadow file is not in use?
November 7th, 2008 (4 weeks ago) at 6:36 pm
how to line for only ftp user?
example
user:x:1000:(www-data id):(?):(?)
is true?