Linux CLIscripting~5 mins

/etc/passwd and /etc/shadow in Linux CLI - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Linux stores user account information in special files. The /etc/passwd file holds basic user details, while /etc/shadow stores encrypted passwords securely. Understanding these files helps manage user access safely.

When you want to see a list of all user accounts on a Linux system.

When you need to check user information like home directory or default shell.

When you want to verify if a user has a password set or locked.

When you need to troubleshoot login issues related to user accounts.

When you want to securely manage or audit user passwords.

Commands

This command shows all user account information stored in /etc/passwd, including username, user ID, group ID, home directory, and default shell.

Terminal

cat /etc/passwd

Expected OutputExpected

root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin user1:x:1000:1000:User One:/home/user1:/bin/bash

This command shows the encrypted passwords and password-related settings for users. It requires sudo because it contains sensitive information.

Terminal

sudo cat /etc/shadow

Expected OutputExpected

root:$6$randomsalt$encryptedpasswordhash:18500:0:99999:7::: user1:$6$othersalt$anotherencryptedhash:18500:0:99999:7:::

This command lists only the usernames from /etc/passwd by cutting the first field separated by colons. Useful to see all user names quickly.

Terminal

cut -d: -f1 /etc/passwd

Expected OutputExpected

root bin daemon user1

This command finds the password entry for user1 in /etc/shadow to check if the user has a password set or if it is locked.

Terminal

sudo grep '^user1:' /etc/shadow

Expected OutputExpected

user1:$6$othersalt$anotherencryptedhash:18500:0:99999:7:::

Key Concept

If you remember nothing else, remember: /etc/passwd lists user info but does not store passwords, which are securely kept in /etc/shadow.

Common Mistakes

Trying to read /etc/shadow without sudo or root privileges.

The file is protected for security, so the command will fail with a permission denied error.

Use sudo to read /etc/shadow, for example: sudo cat /etc/shadow.

Editing /etc/passwd or /etc/shadow files directly without proper tools.

Manual edits can corrupt these files and lock users out of the system.

Use user management commands like useradd, passwd, or vipw to safely edit user info.

Assuming /etc/passwd contains passwords.

Passwords are not stored there; they are in /etc/shadow for security reasons.

Check /etc/shadow for password hashes, not /etc/passwd.

Summary

Use 'cat /etc/passwd' to view basic user account information.

Use 'sudo cat /etc/shadow' to view encrypted passwords and password settings securely.

Always use sudo when accessing /etc/shadow and avoid manual edits to these files.