Tag Archives: password file

Understanding /etc/passwd file

/etc/passwd is the key file in any Linux Unix system. Learn fields, formats within /etc/passwd file. Understand the meaning of each field and how it can be set.

In this post, we are going to see the format, the content of /etc/passwd file. /etc/passwd (will be called as password file henceforth in this post) is a popular and most accessed file when it comes to user in any Linux or Unix based system. Every administrator should be familiar with this file. Rather whenever one starts working on Linux Unix based system this file should be covered during his/her basis learning itself.

The password file is a human-readable file that contains information about users on the system including their encrypted passwords. Some systems don’t have encrypted passwords in this file if /etc/shadow file is generated. Typical /etc/passwd file looks like below :

# cat /etc/passwd
root:x:0:0:ROOT account:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
myuser:x:513:520:Test User:/home/myuser:/bin/bash
----- output truncated -----

Since its normal text file, commands like cat, more will work without any issue on it.

By default /etc/passwd file permission is 644 i.e. -rw-r--r-- and ownership root:root. Means file is world-readable and only root users can edit it. However, it is not recommended it manually.

If you observe the above file, it has values separated by colons :. Each row is one entry. One entry is for one user. For every user (row) there are 7 fields defined separated by a colon. Those seven fields are :

  1. Username
  2. Encrypted password
  3. UID
  4. GID
  5. Comment
  6. Home directory
  7. Shell

Let’s see one by one :

Username

Its user name being used by the user to login. This field gets populated when new users are created on a system using useradd command.

Encrypted Password

Its password in an encrypted format. In the above example, you see x instead of encrypted password since /etc/shadow file is generated on the system. The encrypted password is found in /etc/shadow file in such case.

# cat /etc/shadow
root:$6$FCGlEAUb$nRMJdwjadnw7.OL6L2oxeMQzM445gv0NK1AfjpjSMyth5JHXolCQnhA0:17075:0:99999:7:::

For example, see the above output where the encrypted password for root account can be seen in the second field.

UID

Its user id. Its unique number assigned to every account on the system. More information on UID can be found here. This can be set using -u argument in useradd, usermod command. If you want to assign the same UID to some new user which is being used to the old user already then you need to specify -o in command but this is not recommended.

GID

Its group id. Its unique number of groups of which account is member of. GID is created on the system with groupadd command. More information on GID can be found here. This can be set using -g argument in useradd, usermod command.

Comment

This field is introduced to have some descriptions against the account. This is purely for humans to identify/understand what related account is or to whom it belongs to. In the above example, the “ROOT account” is the description defined for the root users. This can be the name of the person or name of application etc. This can be set using -c argument in useradd, usermod command.

Home Directory

Its a directory where normally user lands into when he/she login. The home directory is where the user’s history file, profile, etc basic account stuff resides. Every user is recommended to have a unique directory. In the above example /root is defined as the home directory for the root account. This can be set using -d argument in useradd, usermod command. If the directory does not exist on server then -m can be accompany -d option so that the directory will be created automatically.

Shell

This is a shell that will be spawn when the user successfully logs in. In the above example /bin/bash is shell defined for the root account. This can be set using -s argument in useradd, usermod command.

Password file commands

Ever wondered which all special commands can be executed on /etc/passwd file? Learn here the list of special commands and their uses for the password file.

Here is the list of commands which can be used on /etc/passwd file.

vipw

This command is being used to edit /etc/passwd file manually. It is not recommended to edit /etc/passwd file manually. All changes on user accounts should be carried out using commands like usermod. But in some scenarios, if you want to edit the password file manually, then use this command. It opens the file in vi editors and locks it for other users. So any other admin from any other terminal won’t be able to open the file in the editor for manual editing. This ensures the integrity of the file.

Also read: Understanding /etc/passwd file.

pwck 

To check the integrity of /etc/passwd file this command can be used. Once executed it checks passwd files and its all fields. It reports any issues observed in the file e.g. if the user directory does not exist on the server, it will report it.

# /usr/sbin/pwck

[/etc/passwd] sfmdb:*:107:20::/home/sfmdb:/sbin/sh
        Login directory not found

[/etc/passwd] smmsp:*:109:20::/home/smmsp:/sbin/sh
        Login directory not found

pwconv

It generates /etc/shadow file which has user passwords in the encrypted format under the second field in each user entry. If /etc/shadow file already exists on the system then this command will update relevant fields if there were any changes in /etc/passwd file. If your system is trusted (see tsconvert command) then the user password database (Trusted Computing Database) is being maintained separately and /etc/shadow doesn’t exist on the system. In that case, this command will update the TCB accordingly.

# /usr/sbin/pwconv
Updating the tcb to match /etc/passwd, if needed.

pwunconv

It reverses the changes made by pwconv command.