Understanding /etc/passwd File Format

Tutorial details Difficulty Easy (rss) Root privileges No Requirements None Time 5m

ADVERTISEMENTS



Understanding /etc/passwd file fields

Can you explainfile format for Linux and Unix-like operating systems?file stores essential information, which required during login. In other words, it stores user account information. The /etc/passwd is a plain text file. It contains a list of the system�s accounts, giving for each account some useful information like user ID, group ID, home directory, shell, and more. The /etc/passwd file should have general read permission as many command utilities use it to map user IDs to user names. However, write access to the /etc/passwd must only limit for the superuser/root account.

The /etc/passwd contains one entry per line for each user (user account) of the system. All fields are separated by a colon ( : ) symbol. Total of seven fields as follows. Generally, /etc/passwd file entry looks as follows:



(Fig.01: /etc/passwd file format – click to enlarge)

/etc/passwd Format

From the above image:

Username: It is used when user logs in. It should be between 1 and 32 characters in length. Password: An x character indicates that encrypted password is stored in /etc/shadow file. Please note that you need to use the passwd command to computes the hash of a password typed at the CLI or to store/update the hash of the password in /etc/shadow file. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups. Group ID (GID): The primary group ID (stored in /etc/group file) User ID Info: The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes / Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.

I hope you understood /etc/passwd file format. Let us see some examples of commands.

/etc/passwd is only used for local users. To see list of all users, simply use the cat command:

$ cat /etc/passwd

To search for a username called tom, use the grep command:

$ grep tom /etc/passwd

OR

$ grep -w '^tom' /etc/passwd

Sample outputs:

tom:x:1000:1000:Vivek Gite:/home/vivek:/bin/bash

See /etc/passwd file permission

The permission on the /etc/passwd file should be read only to users (-rw-r–r–) and the owner must be root:

$ ls -l /etc/passwd

Sample outputs:

-rw-r--r-- 1 root root 2659 Sep 17 01:46 /etc/passwd

Reading /etc/passwd file

You can read /etc/passwd file using the while loop and IFS separator as follows:

#!/bin/bash # seven fields from /etc/passwd stored in $f1,f2...,$f7 # while IFS =: read -r f1 f2 f3 f4 f5 f6 f7 do echo "User $f1 use $f7 shell and stores files in $f6 directory." done < / etc / passwd #!/bin/bash # seven fields from /etc/passwd stored in $f1,f2...,$f7 # while IFS=: read -r f1 f2 f3 f4 f5 f6 f7 do echo "User $f1 use $f7 shell and stores files in $f6 directory." done < /etc/passwd

Your password is stored in /etc/shadow file

Your encrpted password is not stored in /etc/passwd file. It is stored in /etc/shadow file. In the good old days there was no great problem with this general read permission. Everybody could read the encrypted passwords, but the hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that of a friendly user-community.

Almost, all modern Linux / UNIX line operating systems use some sort of the shadow password suite, where /etc/passwd has asterisks (*) instead of encrypted passwords, and the encrypted passwords are in /etc/shadow which is readable by the superuser only.

Common commands that uses /etc/passwd files

Here is a list of commands:

passwd command

su command

sulogin command

getent command

login command

pwck command

pwunconv command

chpasswd command

chsh command

chfn command

useradd command

userdel command

Conclusion

The /etc/passwd file used to store all user names and accounts on the Linux or Unix-like system.



1 of 3 in the Linux / UNIX System's Accounts Files Tutorial series. Keep reading the rest of the series: Understanding /etc/passwd File Format /etc/shadow file format Linux and Unix /etc/group file This entry isofin theseries. Keep reading the rest of the series: