/etc/passwd file format
Linux stores most account features in the /etc/passwd file. It is a text-based file with with seven fields for each entry. Each entry begins with a username and continues with a set of fields separated by colons (:). Here is the syntax of an entry in the /etc/passwd file:
username:password:UID:GID:comment:home directory:default shell
Here is a description of each field:
- username – the name of the user.
- password – this field has traditionally been reserved for the password. Most Linux distributions, however, store passwords in /etc/shadow. This field is usually set to x, which means that shadow passwords are in use. If the field is set to asterisk (*) it means that the account has no password configured. If the field is set to the exclamation mark (!), the account is locked.
- UID – user identifier. It is a unique number representing the user.
- GID – the default (primary) login group ID. Users have only one primary group and that group is the group owner for all new files the user creates.
- comment – this field contain information about the user. Usually holds the user’s full name.
- home directory – the absolute path to the user’s home directory.
- default shell – the user’s default shell.
For example, here is an entry for our user bob:
In the picture above we can see the following information:
- username – bob
- password – stored in the /etc/shadow file
- UID – 1001
- GID – 1001
- comment – full name of the user is Bob Jones
- home directory – /home/bob
- default shell – /bin/bash
Although the name implies it, the /etc/passwd file doesn’t hold password information. This would present a security risk since the file is readable by all users. Instead, passwords are stored in the /etc/shadow file, explained in the next lesson.