The 4 Password Files

There are four files that handle user account information, like group membership and passwords.

`/etc/passwd` and `/etc/shadow`: User Passwords, Shell, etc.

Entries of the form

dave:x:561:561:David Wright:/home/dave:/bin/zsh

There are seven fields separated by colons.

Usernames
An `x` in the password field to indicate that the password is stored in /etc/shadow
User id
Group id (Primary group)
Name of user and other optional personal information
User home directory
User shell

You’ll see lots of entries made by the system.

dave:Ep6mckrOLChF.:10063:0:99999:7:::

Eight fields separated by colons.

Username
Hashed password. If there is a blank entry `::`, then the user can log in without a password. If there is a `*`, the user account has been disabled
The number of days since January 1, 1970 since the password was changed
The number of days before the user can change their password, use `0` for any time
The number of days before the user must change their password, use `99999` to effectively disable this requirement
The number of days to warn a user before their password expires
The number of days after the password expires that the user’s account will be disabled
The number of days since January 1, 1970 when an account will be disabled

Entries of the form

docker:x:900:dave

Four fields separated by colons.

Group name
Password. Usually blank, the `x` here means that the password is stored in the /etc/gshadow file. You’ll most likely find it blank/disabled in that file.
Group id
Comma separated list of users who are members of the group (supplemental group membership)

docker:!!::dave

Four fields separated by colons.

Group name
Encrypted password, `!!` means no password has been set, and non-members cannot add themselves to the group using the newgrp command
Group administrators: users who can add members using the gpasswd command
Group members

Last updated on Dec 29, 2020