Understanding the /etc/passwd File

Introduction

On Linux systems, there are various alternative authentication mechanisms that can be employed. The most frequent and conventional technique is to use the /etc/passwd and /etc/shadow files for authentication.

/etc/passwd is a plain text-based database that holds information for all of the system's user accounts. Root owns it, and it has 644 permissions. The file is only readable by all system users and can only be modified by root or users with sudo access.

Hand-editing the /etc/passwd file is not recommended unless you are confident in your abilities. Always use a command that is specifically intended for the task at hand. For example, the usermod command can be used to alter a user account, whereas the useradd command can be used to create a new user account.

In this tutorial, we will help you understand the /etc/passwd command. We will also address a few FAQs on /etc/passwd file.

/etc/passwd Format

A user account is represented in the /etc/passwd file, which is a text file with one entry per line. Use a text editor or a command like cat to see the contents of the file.

cat /etc/passwd

The root user is usually described first, followed by the system and standard user accounts. At the conclusion of the file, new items are appended.

The /etc/passwd file has seven comma-separated fields on each line:

Output

mark:x:1001:1001:mark,,,:/home/mark:/bin/bash
[--] - [--] [--] [-----] [--------] [--------]
|    |   |    |     |         |        |
|    |   |    |     |         |        +-> 7. Login shell
|    |   |    |     |         +----------> 6. Home directory
|    |   |    |     +--------------------> 5. GECOS
|    |   |    +--------------------------> 4. GID
|    |   +-------------------------------> 3. UID
|    +-----------------------------------> 2. Password
+----------------------------------------> 1. Username
  1. Username. When you log into the system, you type this string. On the system, each username must be a unique string. The username can be no more than 32 characters long.
  2. Password. The user's encrypted password was stored in the /etc/passwd file on previous Linux systems. This field is set to x on most current systems, and the user password is saved in the /etc/shadow file.
  3. UID. Each user has a unique identity, which is a number. The operating system uses it to refer to a user.
  4. GID. The primary group of the user's group identity number. When a user creates a file, it is automatically assigned to this group. The name of the group is usually the same as the user's name. The /etc/groups file lists the user's supplementary groups.
  5. GECOS or the user's complete name. The following information is contained in a list of comma-separated values in this field:
  • The entire name of the user or the name of the application.
  • The number of the room.
  • Phone number for the company.
  • Phone number for the residence.
  • Contact information for others.

6. Home directory. The user's home directory's absolute path. It's where the user's files and settings are kept. The user home directories are created under the /home directory by default and are named after the user's name.

7. Login shell. The user's login shell's absolute path. When a user logs into the system, this is the shell that is launched. Bash is the default login shell on most Linux distributions.

FAQs on /etc/passwd file

What are the fields/columns present in the /etc/passwd file? 

Each line in the /etc/passwd file represents a user account and is divided into several fields separated by colons (:). The fields, in order, are username, password (usually an "x" indicating that the password is stored in the /etc/shadow file), user ID (UID), group ID (GID), user information (e.g., full name), home directory, and default shell.

Can I edit the /etc/passwd file manually? 

Editing the /etc/passwd file manually is generally not recommended, as it can lead to system instability or security issues. Instead, you should use dedicated user management commands like useradd, usermod, or vipw to modify user accounts safely.

How can I determine the number of users on the system using the /etc/passwd file? 

You can count the number of users on the system by counting the number of lines in the /etc/passwd file. You can use the wc command with the -l option to accomplish this. For example, wc -l /etc/passwd will display the total number of lines, which corresponds to the number of users.

Can I find a user's home directory from the /etc/passwd file? 

Yes, the home directory of a user can be found in the /etc/passwd file. It is listed as the sixth field in each user entry. The path to the home directory provides the location where a user's personal files and directories are stored.

How can I change a user's default shell using the /etc/passwd file?

To change a user's default shell, you need to modify the /etc/passwd file. Locate the user entry, then edit the last field, which represents the default shell. Update it with the desired shell path, such as /bin/bash or /bin/zsh.

Can I use the /etc/passwd file to see the user account expiration dates? 

No, the /etc/passwd file does not store user account expiration information. Account expiration dates are usually managed through the /etc/shadow file, which stores password-related information, including expiration dates.

How is the password field represented in the /etc/passwd file? 

Traditionally, the password field in the /etc/passwd file contains an "x" character, representing that the actual password is stored in the /etc/shadow file for increased security. This separation ensures that the password hashes are not accessible to regular users.

Conclusion

All users on the system are tracked in the /etc/passwd file.

If you have any queries, please leave a comment below and we’ll be happy to respond to them.