A look into /etc/passwd,/etc/shadow and /etc/group

As all operating systems, linux also allows us to create users and protect the login by the use of passwords.

Every user is linux is allocated a user id which the kernel user internally while doing user specific operations.

Other than users, linux also allows us to create groups, which can consist of more than one user. The advantage of the groups is that if we want to address a number of users at the same time, for e.g. give read/write permissions of a file to a specific set of users, then we can create a group with that set and then assign the permissions to the group thus enabling us to address all the users we are interested in. Similar to user id every group also has a group id and every user has a group of his/her name by default.

Every user that is created in linux has folder by the user name in the /home folder (Other than root for whom home folder is /root). For example if we create a user by the name "user1" then there will be a folder by the name "/home/user1" and if the user is not an admin he/she will have rights to modify files only under his/her home folder.

To maintain information about the users,groups and their passwords linux makes use of three files .


This file has the information regarding all the users in the system,their user id,group id, etc.

Every line in the file is an entry for one user, the following figure gives a break up of what each field in a line means.

If the password field does not have an "x" it means that the user does not have a password set, else the presence of "x" indicates there is a password and the same is stored in encrypted format in the /etc/shadow file.

The user info field can hold extra information about the user like contact address,phone number etc which can be read using the commands like finger .

The users who have a shell in their last field are the only ones who can log in.

2. /etc/groups

This file has information regarding the various groups in the system, each line gives information about one group. The figure below gives the details of the various fields in a line mean

3. /etc/shadow. This file stores the password of all the users in an encrypted format, and other information related to the password as shown in the image below.

The password could be encrypted using different methods, which is recognized by the "id" present after first character which is the "$" symbol. The table below gives the value of the id and the corresponding encryption technique it indicates.

What ever follows after the id is the encrypted passowrd. For eg if the encrypted password field has


Then from the "id" value of "6" we can deduce that the encryption is done using sha512.

All the values of number of days in the /etc/shadow file are counted with reference to Jan 1 1970.

Thus using the file /etc/shadow and /etc/passwd the system manages the authentication and information for all the users in the system.

No comments:

Post a Comment

Follow by Email