0
0
Linux CLIscripting~10 mins

/etc/passwd and /etc/shadow in Linux CLI - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Concept Flow - /etc/passwd and /etc/shadow
Read /etc/passwd
Parse user info: username, UID, GID, home, shell
Check password field in /etc/passwd
Read /etc/shadow for encrypted password
Verify password or manage user authentication
Use info for login or system tasks
End
The system reads /etc/passwd for user info, then checks /etc/shadow for secure password data to authenticate users.
Execution Sample
Linux CLI
cat /etc/passwd
cat /etc/shadow
Shows the contents of /etc/passwd and /etc/shadow files to see user info and encrypted passwords.
Execution Table
StepCommandActionOutput ExampleNotes
1cat /etc/passwdRead user account inforoot:x:0:0:root:/root:/bin/bash user1:x:1000:1000::/home/user1:/bin/bashPassword field is 'x' meaning password is in /etc/shadow
2cat /etc/shadowRead encrypted passwordsroot:$6$abc123$encryptedhash...:18295:0:99999:7::: user1:$6$def456$encryptedhash...:18295:0:99999:7:::Passwords are hashed and secured
3Check password field in /etc/passwdFind 'x' or '*''x' foundIndicates password stored in /etc/shadow
4Use info for loginAuthenticate user by comparing password hashSuccess or failureSystem uses /etc/shadow hash to verify password
5EndNo more stepsN/AProcess complete
💡 Finished reading user info and password hashes for authentication
Variable Tracker
VariableStartAfter Step 1After Step 2After Step 3Final
passwd_contentroot:x:0:0:root:/root:/bin/bash user1:x:1000:1000::/home/user1:/bin/bashSameSameSame
shadow_contentroot:$6$abc123$encryptedhash... user1:$6$def456$encryptedhash...SameSame
password_field'x''x' means password in shadow file
Key Moments - 3 Insights
Why does /etc/passwd show 'x' in the password field instead of the actual password?
Because the actual encrypted passwords are stored securely in /etc/shadow, not in /etc/passwd. See execution_table step 3 where 'x' indicates this.
What is the difference between /etc/passwd and /etc/shadow?
/etc/passwd contains user info like username and home directory, while /etc/shadow stores encrypted passwords securely. This separation improves security (see execution_table steps 1 and 2).
Can a normal user read /etc/shadow?
No, /etc/shadow has restricted permissions to protect password hashes. Only root or privileged processes can read it (implied in execution_table step 2).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what does the 'x' in the password field of /etc/passwd mean at step 3?
APassword is stored in /etc/shadow
BPassword is empty
CPassword is stored in /etc/passwd
DUser account is disabled
💡 Hint
Refer to execution_table row 3 under 'Notes' explaining the meaning of 'x'
At which step do we see the encrypted password hashes?
AStep 1
BStep 3
CStep 2
DStep 4
💡 Hint
Check execution_table row 2 under 'Output Example' for encrypted hashes
If /etc/shadow is unreadable, what impact does it have on user authentication?
AUsers can still log in with passwords
BSystem cannot verify passwords, login fails
CPasswords are read from /etc/passwd instead
DUser accounts are deleted
💡 Hint
Refer to execution_table step 4 where password verification uses /etc/shadow
Concept Snapshot
/etc/passwd stores user info like username, UID, home directory.
Password field shows 'x' or '*' if password is in /etc/shadow.
/etc/shadow stores encrypted passwords securely with restricted access.
System reads /etc/passwd first, then /etc/shadow to authenticate users.
This separation protects password security on Linux systems.
Full Transcript
The /etc/passwd file contains basic user account information such as username, user ID, group ID, home directory, and default shell. However, it does not store actual passwords for security reasons. Instead, the password field in /etc/passwd usually contains an 'x' or '*', indicating that the encrypted password is stored in the /etc/shadow file. The /etc/shadow file holds the hashed passwords and has restricted permissions to protect this sensitive data. When a user logs in, the system reads /etc/passwd to find the user details, then reads /etc/shadow to verify the password by comparing the entered password's hash with the stored hash. This two-file system improves security by limiting access to password hashes. Normal users cannot read /etc/shadow, only privileged users or processes can. This separation is essential for safe user authentication on Linux systems.