Where are the passwords of the users located in Linux? nixCraft Updated Tutorials/Posts

Can you tell me where the passwords of the users located in the Linux operating system?

The /etc/passwd is the password file that stores each user account. The /etc/shadow file stores contain the password information for the user account and optional aging information. The /etc/group file is a text file that defines the groups on the system. There is one entry per line.

Where are the passwords of the users located in Linux?

The encrypted passwords and other information such as password expiry information (the password aging information) are stored in /etc/shadow file. All fields are separated by a colon (:) symbol. It contains one entry per line for each user listed in /etc/passwd file. Generally, shadow file entry looks as follows:

The order is as follows:

1. Username : It is your login name.
2. Password : It is your encrypted password. The password should be minimum 8-12 characters long including special characters, digits, lower case alphabetic and more. Usually password format is set to $id$salt$hashed, The $id is the algorithm used On GNU/Linux as follows:
   1. $1$ is MD5
   2. $2a$ is Blowfish
   3. $2y$ is Blowfish
   4. $5$ is SHA-256
   5. $6$ is SHA-512
3. Last password change (lastchanged) : Days since Jan 1, 1970 that password was last changed
4. Minimum : The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password
5. Maximum : The maximum number of days the password is valid (after that user is forced to change his/her password)
6. Warn : The number of days before password is to expire that user is warned that his/her password must be changed
7. Inactive : The number of days after password expires that account is disabled
8. Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used.

How to view the contents of the /etc/shadow file

The normal user cannot access the /etc/shadow file directly. For example, try out the following cat command:
$ cat /etc/shadow
Sample outputs:

cat: /etc/shadow: Permission denied

You can only access the /etc/shadow file via few commands such as the passwd command. Login as root user and execute cat command on /etc/shadow file:
$ su -
Provide root user password when prompted:

Password:

Try to display the file:
# cat /etc/shadow
Sample outputs:

root: $1$s83Ugoff$EDT83WAAFpCQHWDp07E9Ux:0:99999:7:::
daemon:*:13031:0:99999:7:::
bin:*:13031:0:99999:7:::

Eash each entry in /etc/shadow is divided into following fields:

• Login name
• Encrypted password
• Days since Jan 1, 1970 that password was last changed
• Days before password may be changed
• Days after which password must be changed
• Days before password is to expire that user is warned
• Days after password expires that account is disabled
• Days since Jan 1, 1970 that account is disabled

Of course you can use the sudo command as follows:
$ sudo cat /etc/shadow
Or grep command along with the sudo:
$ sudo cat /etc/shadow | grep vivek
Please note that FreeBSD uses /etc/master.shadow file.

Say hello to getent command

To get entries from Name Service Switch libraries use the getent command. The syntax is:
getent database key
getent [option] database key
Where database can be:

1. passwd – Read user account info.
2. shadow – Read user password info.
3. group – Read group info.
4. key – Can be a user name/group name.

Examples

getent passwd
getnet passwd vivek
getent group
getent group vivek
sudo getent shadow
sudo getent shadow vivek

Conclusion

Now you know where are the passwords of the users located in Linux. I suggest that you read the following man pages using the man command:
man getent
man 5 shadow
man 5 passwd