In Linux/Unix operating system, etc/Passwd is a place where all passwords are stored in encrypted format. To be more clear, etc/passwd file stores essential information, which is required during login (i.e. user account information). Etc/passwd is a text file that contains a list of the system’s accounts, giving each account useful information like user ID, group ID, home directory, and shell. It should have general read permissions and can be used to map user IDs to user names, but write-access for the superuser (root).
Understanding fields in /etc/passwd
The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. There are a total of seven fields as follows.
Generally, passwd file entries look as follows (click to enlarge image):
|/etc/passwd file format|
- Username: It is used when a user logs in. It should be between 1 and 32 characters in length.
- Password: An x character indicates the encrypted password is stored in /etc/shadow file.
- User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
- Group ID (GID): The primary group ID (stored in /etc/group file)
- User ID Info: The comment field. It allows you to add extra information about the users such as user’s full name or phone number. This field is used by finger command.
- Home directory: The absolute path to the directory or the user will be there when they log in. If this directory does not exist then the users directory becomes /
- Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.
Task: See User List
/etc/passwd is for local users only. To see a list of all users, enter:
$ cat /etc/passwd
To search for a username called “tom”, enter:
$ grep tom /etc/passwd
/etc/passwd file permission
The permission on the /etc/passwd file should be read only to users (-rw-r–r–) and the owner must be root:
$ ls -l /etc/passwd
-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd
Reading /etc/passwd file
You can read a /etc/passwd file using the while loop and IFS separator as follows:
#!/bin/bash # seven fields from /etc/passwd stored in $f1,f2...,$f7 # while IFS=: read -r f1 f2 f3 f4 f5 f6 f7 do echo "User $f1 use $f7 shell and stores files in $f6 directory." done < /etc/passwd
Your password is stored in /etc/shadow file
Your encrypted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no problem with these general read permissions. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password.
Almost all modern Linux/UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow, readable only by the superuser.