What is the best way to edit /etc/passwd, shadow, and group files?

The best way to edit /etc/passwd, or shadow or group file is to use vipw command. Traditionally (under UNIX and Linux) if you use vi to edit /etc/passwd file and same time a user try to change a password while root editing file, then the user’s change will not entered into file. To avoid this problem and to put a lock while editing file, use vipw and vigr command which will edit the files /etc/passwd and /etc/group respectively. If you pass -s option to these command, then they will edit the shadow versions of those files i.e. /etc/shadow and /etc/gshadow, respectively.

The main purpose of locks is to prevent file corruption. Do not use vi or other text editor to edit password file. Syntax:

  • vipw -s : Edit /etc/passwd file
  • vigr -s : Edit /etc/group file


  • -s : Secure file editing

An example

Login as a root user:

# vipw -s

On other terminal login as normal user (for example vivek) and issue command passwd to change vivekรขโ‚ฌโ„ขs password:

$ passwd

(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: Authentication token lock busy

As you see it returned with an error “passwd: Authentication token lock busy”

This will avoid /etc/shadow file corruption.

๐Ÿฅบ Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! ๐Ÿค 
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

7 comments… add one
  • Mohan Jun 21, 2007 @ 17:34

    Nice tip. thanks.

  • Gagan Brahmi Jul 15, 2009 @ 21:46

    I think you need a correction in this article.

    vipw will edit /etc/passwd file
    vigr will edit /etc/group file


    vipw -s will edit /etc/shadow file
    vigr -s will edit /etc/gshadow file

    • sricharan Feb 20, 2012 @ 6:34

      Hi Gagan,
      I believe the given tip in the forum is correct. You can take a clear look by using vipw -s, it will redirect you to passwd file. I am confident saying, shadow file contains password information in encrypted format, which we wont find using this comand. ๐Ÿ™‚

      • Nick Oct 6, 2013 @ 7:48

        I have to agree with Gagan. If you actually do vigr –help or vipw –help, it will actually say the following:

        vigr –help
        Usage: vipw [options]

        -g, –group edit group database
        -h, –help display this help message and exit
        -p, –passwd edit passwd database
        -q, –quiet quiet mode
        -s, –shadow edit shadow or gshadow database

        This is direct input from CentOS 6.4. As you can see, the -s is editing the shadow version of the given file. From my experience, you want to edit the groups or password file using vigr or vipw then edit using vigr -s and vipw -s to comply with integrity rules.

  • dakkon Mar 7, 2012 @ 14:36


    I can say with confidence and certainty that Gagan Brahmi was correct about your post, I saw his comment after reading and using the commands you suggested, and my /etc/shadow, and /etc/gshadow file were missing my change, and the passwd and group file still contained he information I was removing while trying to create my first chroot jail.

    So to anyone reading this page that is learning linux and creating a chroot jail, only use the vipw, and vigr to edit your passwd and group files. Do not add the -s switch or you will be editing your shadow files and could potentially brick your system.

  • Crashedbboy Dec 30, 2014 @ 16:28

    Is “passwd username -d” causes the same result as edit /etc/passwd file?
    Now I need to set a user to no password, But I don’t know how to do .

  • Vikash Kumar Jha Jan 22, 2015 @ 15:12


    Mine observation:
    In one of the terminal i login as a admin whic has sudo priviledges, i did sudo su – and typed vipw -s. In the second terminal i logged in as another user and issued passwd command. i abled to successfully change the password.

    Whats your take on that?

    The system is RHEL 5.6 and i am accessing it through SSH.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.