/etc/shadow file format

Most modern Linux distributions use the /etc/shadow file to store encrypted password data. Passwords are stored using a hash (a one-way type of encryption). This file also stores various password information, such as the date of the last password change, password expiration date, etc.

Here is how an entry in the /etc/shadow file looks like:

username:encrypted password:last password change:minimum:maximum:warning:disabled:disabled date

Here is a brief description of each field:

  • username – the name of the user.
  • encrypted password – the password in encrypted form.
  • last password change – the date of the last password change. This date is stored as the number of days since January 1, 1970.
  • minimum – the number of days before a password change is allowed. The value of 0 means the password can be changed any time.
  • maximum – the number of days before the password must be changed. The value 99999 means the user’s password never expires.
  • warning – the number of days before a password is going to expire during which the user will be warned.
  • disabled – the number of days after a password has expired until the user account is disabled. No entry in this field means that the account is disabled immediately after the password expires.
  • disabled date – the number of days since January 1, 1970 that the account has been disabled. No entry in this field means the account is not disabled.

Here is an entry for our user bob:

linux etc shadow file

In the picture above you can see the following information:

  • username – bob
  • encrypted password
  • last password change – the password has last been changed 16182 days since January 1, 1970 (April 22, 2014).
  • minimum0 means that the password can be changed at any time.
  • maximum – bob’s password expires 30 days after the last password change (May 22, 2014)
  • warning – bob will be warned 7 days before password is going to expire
  • disabled – no value means that the account is disabled immediately after the password expires
  • disabled date – no entry in this field means the account is not disabled.

 

The /etc/shadow file is typically not readable by ordinary users. The file is accessible only by root.

Linux course

Geek University 2022