Understanding /etc/passwd file in Linux

sneh27

Sneh Chauhan

Posted on May 13, 2022

Understanding /etc/passwd file in Linux

Introduction

Linux has evolved from being someone's hobby to a full-fledged multi-user operating system powering 95% servers which run world's top 1 million domains.

  • 4 out of 5 smartphones in the world run on linux kernel(modified one to be precise).
  • 100% of the supercomputers have linux.

Linux is truly fascinating. In this blog, we'll understand about a special file in linux.

Let's dive straight into it.

What is /etc/passwd file?

/etc/passwd is a configuration file which stores user account information. It is a plain text-based file containing information like username, user ID and group ID.

This file is owned by root and has rw-r--r-- permissions(octal 644). Thus, the file can be read by any user but only root user or user with sudo privileges can write to the file.

How can I view that file?

To view the contents of the file, open the terminal and type in:



cat /etc/passwd


Enter fullscreen mode Exit fullscreen mode

The output of this command should be similar to the one shown below.



daniel@DVM:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
systemd-timesync:x:102:104:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:103:106::/nonexistent:/usr/sbin/nologin
syslog:x:104:110::/home/syslog:/usr/sbin/nologin
_apt:x:105:65534::/nonexistent:/usr/sbin/nologin
tss:x:106:111:TPM software stack,,,:/var/lib/tpm:/bin/false
uuidd:x:107:112::/run/uuidd:/usr/sbin/nologin
tcpdump:x:108:113::/nonexistent:/usr/sbin/nologin
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
landscape:x:110:115::/var/lib/landscape:/usr/sbin/nologin
pollinate:x:111:1::/var/cache/pollinate:/bin/false
daniel:x:1000:1000:Daniel Tanzer,,,:/home/daniel:/bin/bash


Enter fullscreen mode Exit fullscreen mode

Can I modify that file?

Yes, you can modify the file contents using any text editor like vim, nano or emacs but it's considered to be a bad idea unless you know what you are doing.
You must always use dedicated commands to modify the file. Let's say for an example, you want to add a new user to the system. For doing so, you must use adduser or useradd command instead of manually editing the /etc/passwd file using a text editor.

Understanding /etc/passwd file format

/etc/passwd file contains many lines, one for each user. The first line contains information about root user followed by system user accounts and normal user accounts.

It has 7 fields separated by colon(:).

file format

1) Username :

This is the first field in a line which represents the login name of the user. It has a length ranging from 1 to 32 characters.

2) Password :

This is the second field in a line. In older linux systems, user's encrypted password was stored here. Now in the modern systems, this field is replaced by a character x and the encrypted password is stored in a file called /etc/shadow.

If the field is blank, we do not need a password to login to the system.

To change the password of any user, use passwd command which stores the password in encrypted form in /etc/shadow.

3) User ID (UID):

This is the third field in a line. It contains a unique identifier of a user which is used by an operating system to refer to a user.

UID 0 is reserved for root user.
UID 1-99 is reserved for other predefined accounts.
UID 100-999 is reserved for system accounts.
UID above 999 are for normal user accounts.

4) Group ID(GID):

This is the fourth field in a line. It determines the primary group of the user. Users can belong to more than one group in linux. To get a full list of groups a user belongs to, type in the command:



groups <user_name>


Enter fullscreen mode Exit fullscreen mode

The first group in the output is the primary group and the rest are secondary groups.

5) GECOS :

This is the fifth field in a line. It contains comma-separated information about the user including:

  • Full name
  • Room number
  • Work phone number etc.

6) Home directory :

This is the sixth field in a line which contains the path to the user's home directory. By default, this path is under /home directory and is named after the user. For example, for a user having a username daniel, his home directory would be /home/daniel.

7) Login Shell :

This is the seventh and the last field in the line. It contains path to the user's default login shell. For most of the distributions, it is bash having the path /bin/bash.

It is not necessary to for it to be a shell. For example, system administrators can use nologin shell having path /sbin/nologin. So, if a user tries to login to an account with nologin shell, the nologin shell closes the connection.

This is it for the blog. I hope you understood the format of the file /etc/passwd.

Thank you for reading!

💖 💪 🙅 🚩
sneh27
Sneh Chauhan

Posted on May 13, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related