Which field contains the same data for both the /etc/passwd and /etc/shadow file records?

As far as I know, all unix variants have an /etc/passwd file with the traditional layout, for the sake of applications that read the file directly. Each line in the file contains colon-separated records which correspond to struct passwd fields:

1. user name (login)
2. encrypted password (if present)
3. user id (number, in decimal)
4. principal group id (number, in decimal)
5. Gecos field. This field is not used by system programs except for display purposes. It is normally a comma-separated list of fields, the first three being full name, office number and telephone number.
6. home directory
7. login shell

One thing that varies between systems is how much liberty you can take with the syntax. For example, GNU libc (i.e. Linux) ignores lines that begin with #: they are comments. GNU libc also ignores whitespace at the beginning of a line, so they can be indented. An invalid line might cause programs to stop processing the file or to skip to the next line.

Most modern systems no longer store an encrypted password in the second field. The content of that field is not a reliable indication of whether the user has a password set (and even if you found that out, this is not a reliable indication of whether the user can log in, because there are many other authentication methods such as SSH keys, one-time passwords, biometrics, smartcards, …).

When passwords aren't in /etc/passwd, where they are is system-dependent. The Rosetta Stone for Unix mentions many unix variants.

• Solaris uses /etc/shadow, and this has been copied by others including Linux. Linux and Solaris shadow files have the same format; I don't know if the other systems that have a file called /etc/shadow use the same format.
• BSD systems have /etc/master.passwd, and additionally have database files for faster access, updated by pwd_mkdb.

Remember that /etc/passwd hasn't been guaranteed to contain the full list of users for a couple of decades: users can come from other databases such as NIS (YP) or LDAP. As a system administrator, avoid edit the /etc/passwd file directly; use vipw instead, if your system provides it (and if it doesn't, consult your manuals to see what method is recommended to modify the user database).

What I wrote above goes for groups, too. The fields in /etc/group are struct group members: group name, password (largely unused), numerical group id, and a comma-separated list of user names (the users who have this group as a secondary group). Linux has a /etc/gshadow file, but this is rarely used, as group authentication is not widely practiced.

This tutorial explains /etc/passwd file in Linux step by step. Learning the /etc/passwd file is the essential requirement of Linux user management. Learn why /etc/passwd file is used, what is stored in it and how it is formatted in detail with examples.

The /etc/passwd file is stored in /etc directory. To view it, we can use any regular file viewer command such as cat, less, more, etc.

Each line in /etc/passwd file represents an individual user account and contains following seven fields separated by colons (:).

1. Username or login name
2. Encrypted password
3. User ID
4. Group ID
5. User description
6. User’s home directory
7. User’s login shell

Let’s understand each field in detail.

Username or Login name

The first field stores username or login name. Login process compares the value stored in this field with the value we typed at the login prompt in username field. If both values match, login process assumes that username is valid. While comparing username, login process starts looking for the supplied username in the first field of each line starting from first line and keeps looking until a match is found or all lines are checked.

Since each line represents an individual user account, the value stored in this field must be unique.

This field can store maximum 32 characters. Due to this limit, a username in Linux always consists less than or equal to 32 characters in length.

This field does not have any default value. It means, in order to create a new user account, we must have to supply the desired username.

As we know, Linux is a case sensitive operating system. In order to avoid any unnecessary confusion, we should not use initial capitalization in username. For example, in Linux “Sanjay” and “sanjay” are two different usernames.

Except colons and newlines characters, we are allowed to use any symbol or character in this field. The characters colons and newlines are used as field separator and entry separator in this file respectively.

Although we are allowed to use any symbol or character except colons and newlines, still we should never use special symbols in this field. A username with special symbol works in login process, but it may not work in other processes or services. Let’s take an example to understand it more clearly.

It’s a common practice to use username as email address in Linux. In email address at (@) sign separates recipient name and domain name.

A username “sanjay@goswami”, if used with default setup in a domain name “example.com”, will become sanjay@.

While phrasing this address, email server will understand domain name as “[email protected]” instead of “example.com” and username as “sanjay” instead of “sanjay@goswami”.

An email sent on this address will never deliver. The best and safest way to avoid this kind of error, always use alphanumeric characters and generic symbols such as underscore and hyphen in username.

Encrypted password

The second field stores encrypted password. Historically, this field was used to store user’s password encrypted with DES algorithm. Over the time computing power increased and DES algorithm became trivial to crack.

To use a more secure algorithm, Linux moved user’s password in a separate file /etc/shadow. Since user’s password no longer stored in this field, a placeholder value x is used to indicate that actual password is stored in other location.

User ID

Third field stores UID of user. In Linux, every user has a unique ID known as UID (User ID). UID is a 32 bits integer value. Linux uses UID to track and manage each action of user such as creating file, modifying system properties, starting applications and process, etc. The first UID (0) is always assigned to user root. Besides 0, other low UIDs (usually less than 500) are assigned to service accounts such bin, lp, mail, news, games, ftp etc. UIDs of regular user accounts usually start from 500.

Never assign a deleted user account’s UID to a new user account. Linux uses UID rather than login name to tack the files. If files created under deleted account exist in system or restored from backup, new user will be mapped with those files automatically.

Group ID

A group is a collection of user accounts which are alike or require access to a particular resource. Linux is a multiuser network operating system. Managing services based individual user account is the most tedious task. Grouping makes this job easier. For example, you are asked to allow a specific service for twenty users which belong to a particular group. Without grouping you have to set the permission twenty times. But with grouping, you can do it in single time.

In Linux, every user belongs to one or more groups. While creating a user account, if we don’t specify the group name, shell automatically creates a new group and adds user account in that group. This group is known as primary group or default group of the user. Once user account is created, as per requirement it can be added in other groups. Other groups will be considered as secondary groups of the user.

Fourth field in each line, stores GID of user’s primary group. Group information of a user account is stored in /etc/group file separately. Just like username, group name is also associated with a unique GID. Same as UID, GID is a 32 bits integer value. Linux uses GID instead of group name to track, monitor and authenticate the activities of group.

User description

Fifth field stores descriptive information about the user. In a multiuser environment where several users use system, if stored, this field provides all necessary information about a user such as his full name, email address, phone number, position in organization, etc. Usually the chfn utility is used to store and the finger utility is used to read this information.

Home directory

Sixth field stores information about user’s home directory. Login process uses this information to decide where it has to put the user just after the login. In other words, this is the default directory which user gets just after the login process. While creating a user if this information is omitted, shell automatically sets it to /home/username.

If login process does not find user’s home directory at the location specified in this field, depending on system configuration, it may either completely disallow the login or put the user in / directory. Getting root (/) directory just after the login is an indication that user’s home directory is missing or not accessible.

Login shell

The last field stores information about user’s default shell. If no shell information is specified while creating a regular user account, shell will use default value which is /bin/bash. If no shell is required, this field can be set to blank.

Some special accounts never require a shell access. Administrators usually assign a fake shell such /bin/false or set this field to blank in these accounts. This precaution prevents hackers from breaking the system through these accounts.

That’s all for this part. In next part we will understand the /etc/shadow file and its fields in detail. If you have any feedback or suggestion about this tutorial, please mail me. If you like this tutorial, please don’t forget to share it.

By ComputerNetworkingNotes Updated on 2021-06-25 10:04:38 IST

Which of the following are fields within a etc passwd file record?

What is etc passwd and etc shadow?

Which field of ETC shadow file encrypted password is stored select the correct option?

What information is stored in etc passwd file?