Skip to main content
Engineering LibreTexts

02-B.9: Users: Create, Modify, and Delete - etc passwd and etc shadow

  • Page ID
    26811
  • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

    The /etc/passwd File

    The /etc/passwd file stores information about all user accounts on the system. It is a colon-separated file that contains important information:

    • Username - the name the user logs into the system with.
    • Encrypted password - in the /etc/passwd file this is usually represented by an 'x,' the encrypted password is stored elsewhere.
    • User ID number (UID) - the unique user ID number, the system uses this number to represent the user.
    • User's group ID number (GID) - the unique group ID number that signifies the user's primary group.
    • Full name of the user (GECOS) - this field was historically used to contain specific user information such as name, office, telephone number, etc.
    • User home directory - the absolute path of the user's home directory.
    • Login shell - the absolute path to the file that gets executed when this user logs in.

    A typical /etc/passwd file is shown below. Notice: 1) the password field is an 'x' for every ID; 2) more of these users have /usr/sbin/nologin as their shell - they are NOT allowed to login using this userid 3) syslog has a login shell of /bin/false, and the root user and pbmac have /bin/bash as their login.

    root:x:0:0:root:/root:/bin/bash
    daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
    bin:x:2:2:bin:/bin:/usr/sbin/nologin
    sys:x:3:3:sys:/dev:/usr/sbin/nologin
    sync:x:4:65534:sync:/bin:/bin/sync
    games:x:5:60:games:/usr/games:/usr/sbin/nologin
    man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
    lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
    mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
    news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
    uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
    nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin 
    syslog:x:101:103::/home/syslog:/bin/false 
    pbmac:x:1000:1000:pbmac,,,:/home/pbmac:/bin/bash

    Looking at the userid pbmac, the entry is broken down as:

      pbmac:x:1000:1000:,,,:/home/pbmac:/bin/bash
      [---] - [--] [--] [-] [---------] [-------]
        |   |   |    |   |       |          |
        |   |   |    |   |       |       Login shell
        |   |   |    |   |  Home directory
        |   |   |    | GECOS
        |   |   |   GID
        |   |  UID
        | Password
     Username
    

    The /etc/shadow file contains the password information for the system's accounts and optional aging information. This file must not be readable by regular users if password security is to be maintained. Each line of this file contains 9 fields, separated by colons.

    Here is a brief description of each field:

    • Username – the name of the user.
    • Encrypted password – the password in encrypted form.
    • Last password change – the date of the last password change. This date is stored as the number of days since January 1, 1970.
    • Minimum – the number of days before a password change is allowed. The value of 0 means the password can be changed any time.
    • Maximum – the number of days before the password must be changed. The value 99999 means the user’s password never expires.
    • Warning – the number of days before a password is going to expire during which the user will be warned.
    • Disabled – the number of days after a password has expired until the user account is disabled. No entry in this field means that the account is disabled immediately after the password expires.
    • Disabled date – the number of days since January 1, 1970 that the account has been disabled. No entry in this field means the account is not disabled.
    pbmac:$6$kgBH9Jca$6Jf7V1qc27CYSAHiSUuRGGOxT5g0VaXYZUDf5ySgDGm5.2PsNZLdqdw43jlnyGHNb/:17847:0:99999:7:::
    [---] [----------------------------------------------------------------------------] [---] - [---] - - -
    username                                   hashed value of user's password           |   | | |   | | | |
                                                                                          days | |   | | | |
                                                                                        since  | |   | | | |
                                                                                          last | |   | | | |
                                                                                        change | |   | | | |
                                                                                               | |   | | | |
                                                                                           days  |   | | | |
                                                                                           till  |   | | | |
                                                                                             it  |   | | | |
                                                                                           MUST  |   | | | |
                                                                                         change  |   | | | |
                                                                                                 |   | | | |
                                                                                                days | | | |
                                                                                               until | | | |
                                                                                                user | | | |
                                                                                                  is | | | |
                                                                                              warned | | | |
                                                                                                       | | |
                                                                                                Last 3: 1)days after 
                                                                                                password expires that
                                                                                                account is disabled
                                                                                                2) Days account has been
                                                                                                disable, 3) Unused
    

    This page titled 02-B.9: Users: Create, Modify, and Delete - etc passwd and etc shadow is shared under a CC BY-NC 4.0 license and was authored, remixed, and/or curated by Patrick McClanahan.