As far as I know, all unix variants have an /etc/passwd file with the traditional layout, for the sake of applications that read the file directly. Each line in the file contains colon-separated records which correspond to struct passwd fields:
- user name [login]
- encrypted password [if present]
- user id [number, in decimal]
- principal group id [number, in decimal]
- Gecos field. This field is not used by system programs except for display purposes. It is normally a comma-separated list of fields, the first three being full name, office number and telephone number.
- home directory
- login shell
One thing that varies between systems is how much liberty you can take with the syntax. For example, GNU libc [i.e.
Linux] ignores lines that begin with #: they are comments. GNU libc also ignores whitespace at the beginning of a line, so they can be indented. An invalid line might cause programs to stop processing the file or to skip to the next line.
Most modern systems no longer store an encrypted password in the second field. The content of that field is not a reliable indication of whether the user has a password set [and even if you found that out, this is not a reliable indication of whether the user can log in, because there are many other authentication methods such as SSH keys, one-time passwords, biometrics, smartcards, …].
When passwords aren't in /etc/passwd, where they are is system-dependent. The Rosetta Stone for Unix mentions many unix variants.
- Solaris uses
/etc/shadow, and this has been copied by others including Linux. Linux and Solaris shadow files have the same format; I don't know if the other systems that have a file called/etc/shadowuse the same format. - BSD systems have
/etc/master.passwd, and additionally have database files for faster access, updated bypwd_mkdb.
Remember that /etc/passwd hasn't been guaranteed to contain the full list of users for a couple of decades: users can come from other databases such as NIS [YP] or
LDAP. As a system administrator, avoid edit the /etc/passwd file directly; use vipw instead, if your system provides it [and if it doesn't, consult your manuals to see what method is recommended to modify the user database].
What I wrote above goes for groups, too. The fields in /etc/group are struct group members: group name, password [largely unused], numerical group id, and a comma-separated list of user names [the users who have this group as a secondary group]. Linux has a /etc/gshadow file, but this is rarely used, as group authentication is not widely practiced.
The /etc/passwd file is the most important file in Linux operating system. This file stores essential information about the users on the system. This file is owned by the root user and to edit this file we must have root privileges. But try to avoid edit this file. Now let’s see actually how this file look
This file contains one entry per line. That means it stores one user’s information on one line. The user information contains seven fields and each field is separated by the colon [ : ]symbol. Each entry in the /etc/passwd file looks like this:
Now let’s understand each field one by one:
- Username: This field stores the usernames which are used while login into the system.The length of this field is between 1 and 32 characters.
- Password: This field store the password of the user.The x character indicates the password is stored in /etc/shadow file in the encrypted format.We can use the passwd command to update this field.
- User ID[UID]: User identifier is the number assigned to each user by theoperating system to refer the users.The 0 UID is reserved for the root user.And 1-99 UID are reserved for other predefined accounts. And 100-999 are reserved by the system for administrative and system accounts/groups.
- Group ID[GID]: Group identifier is the number indicating the primary group of users.Most of the time it is thesame as the UID.
- User ID Info [GECOS]: This is a comment field.This field contains information like the user phone number, address, or full name of the user.This field is used by the finger command to get information about the user.
- Home directory: This field contains the absolute path of the user’s home directory.By default, the users are created under the /home directory.If this file is empty, then the home directory of that user will be /
- Login shell: This field store the absolute path of the user shell.This shell is started when the user is log in to the system.
Now we have understood the file structure of the /etc/passwd file now let’s see one example of this file. You can view the content of file using the cat file like:
cat /etc/passwd
We can see that there are many users with all information.
To search for a specific user, we can use the grep command. Now for example to get information about the user Nishant we can use the following command:
grep nishant /etc/passwd
Check /etc/passwd file permission
The normal users have only read permissions to the /etc/passwd file. The only root user can write into this file. To see the permissions of /etc/passwd file, we can use the ls command as follows:
ls -l /etc/passwd
The output will be
We can see that the permissions of the file /etc/passwd are rw-r–r–. This means the root user has read and write access and other groups and user have read-only access to the file.
To get more details like size, modify the time of this file we can use the stat command:
stat /etc/passwd
Reading /etc/passwd file:
We can read the /etc/passwd file more user-friendly by using the while loop and IFS separator. A while loop is used to iterate through the file, and IFS is a special variable is used to separate the string by a specific character.
#!/bin/bash # using while loop to iterate through file while IFS=: read -r f1 f2 f3 f4 f5 f6 f7 do echo "User $f1 use $f7 shell and stores files in $f6 directory." done < /etc/passwd
After using this script, we get the following output: