/etc/passwd File in Linux Explained

On Linux systems, user account information such as username, User ID (UID), Group ID (GID), home directory and shell are kept in a plain text file called /etc/passwd. When a user is created, system files such as /etc/passwd, /etc/shadow and /etc/group are updated.

/etc/passwd file is readable for everyone as many utilities like to read file metadata. For example, mail delivery agent look for home directory information from this file.

The /etc/passwd file stores account information in shadow password format with the password represented as a single 'x' character while /etc/shadow file stores actual password in encrypted format.

Understanding /etc/passwd file Format

This file stores local accounts information of the system. It can be read by any users but is writable only by the super-user root. It contains some lines and uses colons (:) to separate the fields where each line represents a specific user.

$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
linoadmin:x:1000:1000::/home/linoadmin:/bin/bash

/etc/passwd file has seven fields which can be represented as below

passwd file linux

You can understand the role of each file with the details below:

  • Username or login: The first field defines the username of the user to login. Only local users have entries in passwd file. It should be between 1 to 32 characters.
  • Password (x): The second field identified by x character represents that the encrypted password is available in /etc/shadow file. The password file doesn’t include the password for security reasons (readable by everybody).
  • User ID (UID): It represents the third field. Every user created in a Linux machine has a unique user ID which identify them on the system. The root user is always referenced by user ID 0. UID 1 to 99 are reserved for other predefined accounts while UID 100-999 are reserved by system for administrative and system accounts/groups. UIDs for new users on some Linux system start at 1000.
  • Group ID (GID): It represents the fourth field. When a user is created using the command useradd, it will also create a primary group for the user in the same name as the username if you didn’t explicitly mention any group name. It represents the unique ID given for the primary group to which the user belongs to. A single user can be a member of multiple groups which can be found from the file /etc/group but the passwd file will contain the information of the primary group only.
  • User ID info or comment or description: The fifth field is a short comment/description/information of the user account. It allows you to add extra information about the users such as user’s full name, phone number, descriptions of the service the account was made for, etc.
  • Home Directory: The sixth field represents the absolute path to the user's home directory when they log in. For regular users, this would usually be /home/username. For root, the home directory is /root.
  • Shell: The seventh field is the absolute path of command or shell /bin/bash. Typically this field contain information about user's default shell.

a. /etc/passwd file permission

Because /etc/passwd file is very important for Linux systems, its default permission are 644 to prevent any mistaken modifications so any user can only read the file and only root user can edit it. You can the permission as below

# ls -l /etc/passwd
-rw-r--r-- 1 root root 1501 May 11 16:58 /etc/passwd

b. How passwd command works

It is possible to change your own password or the password assigned to a user with /usr/bin/passwd command. You can the permission of this command below:

 ls -l /usr/bin/passwd 
-rwsr-xr-x. 1 root root 27832 Jun 10 2014 /usr/bin/passwd

You can see that the user and group owner are root with read and executable permissions also for the other users. Although it's owned by root, you can see the SETUID bit represented by the s permission which allows users to run a program as if they were the user owner of the program (root in our case). That is why you can use this command to change your password even if your are not a root user.

To change your own password, just enter passwd command without option

$ passwd 
Changing password for user papso.
Changing password for papso.
(current) UNIX password: 
New password:

Notice that, event if you can change your own password without root privileges, you can't change a user password without it.

$ passwd patrick
passwd: Only root can specify a user name.

Conclusion

The /etc/passwd is a very important file on Linux so pay attention while editing this. I hope you enjoyed reading this tutorial and please leave your suggestions on the below comment section.

Leave a Comment