/etc/shadow: Explanation & Insights

User password information

The /etc/shadow file is a system file in Unix-like operating systems, including Linux, which stores encrypted user passwords and related information.

Each line in the /etc/shadow file represents a user account and contains a set of fields separated by colons (:), for example:

john:$6$VKBCvL9i$5gSkK5R5lwVJpFrsOx7Cjwqtg8L2VesH3q5KLDe9bGjK5YvxkMv5oBwdVgKj.TmhiH2QbZz3j1/9E/4UXU4gz/:18676:0:99999:7:::

The fields in the file typically include the following information:

  • Username: This field contains the username for the user account.
  • Password: This field contains the encrypted password for the user account.
  • Last password change: This field contains the date of the last password change for the user account.
  • Minimum password age: This field specifies the minimum number of days that must pass before the user can change their password again.
  • Maximum password age: This field specifies the maximum number of days that the user's password can be used before it must be changed.
  • Password warning period: This field specifies the number of days before the password expiration date that the user will receive a warning message.
  • Password inactive period: This field specifies the number of days after the password expiration date that the user account will be disabled.
  • Account expiration date: This field specifies the date on which the user account will be disabled.
  • Reserved field: This field is reserved for future use.

The /etc/shadow file is typically only readable by the root user, as it contains sensitive information. By storing passwords in an encrypted form, the /etc/shadow file helps to protect user accounts from unauthorized access. When a user attempts to log in to the system, their entered password is encrypted and compared against the encrypted password stored in this file. If the two passwords match, the user is granted access to the system.

Information about the user, such as home directory and login shell can be found in the /etc/passwd file.

The text above is licensed under CC BY-SA 4.0 CC BY SA