The /etc/shadow file on Linux explained

Today in this article we will explain /etc/shadow file format on Linux or Unix operating system.

What is /etc/shadow file in Linux

The /etc/shadow file is a text file that stores the password of user accounts of a system in encrypted form. Each line of this file represents a user account and some additional information such as the last password change date, password expiration value. Understanding /etc/shadow file can help in better administering a Linux system.

How to display the content of file /etc/shadow

You can use command-line tools like cat, less, or more to display the content of this file. This file is readable only by the root user so run one of the given commands as root or use sudo before the command to get superuser privileges –

sudo cat /etc/shadow

OR use one of the given commands to scroll and read the content –

sudo less /etc/shadow

OR

sudo more /etc/shadow

You will see the output as it looks like in the image below –

Understanding the fields in the /etc/shadow file

The file contains one entry per line for each user account listed in the /etc/passwd file.  Every line contains nine fields each one of them is separated using a colon. The first line of the file shows the root user information which looks like given below.

root:!:18753:0:99999:7:::

From left to right each field show the given information-

Username – It is used while the user log in. In the above example root is the username.

Password – This field shows the password in encrypted form. Usually, the password is set in $type$salt$hashed format where $type is a cryptographic hash algorithm. And it can have the given values –

  • $1$ – MD5
  • $2a$ – Blowfish
  • $2y$ – Eksblowfish
  • $5$ – SHA-256
  • $6$ – SHA-512

If the password field contains * or ! that means the user will not be able to login to that account using password authentication.

Last password change – This shows the last password change days since 1 Jan 1970

Minimum age of password – The minimum number of days a user has to wait before he allowed to change the password by default it is set to zero which means there is no waiting time

Maximum password age –  This shows the number of days after which a user will have to change his user account password. By default, this is set to 99999.

Warning period – The number of days before the password expires during which a user is warned that he must change his password.

Inactive period – This shows the number of days after the password expires and before the account is disabled.

Expiration date – The date when the account is disabled, It is expressed as the number of days since 1 Jan 1970

Reserved field – This is unused or reserved for future use

Conclusion

I hope now you have a basic understanding of the /etc/shadow file in Linux. In case you have a query then write us in the comments below.

Leave a Comment