This tutorial explains /etc/passwd file in Linux step by step. Learning the /etc/passwd file is the essential requirement of Linux user management. Learn why /etc/passwd file is used, what is stored in it and how it is formatted in detail with examples.
The /etc/passwd file is stored in /etc directory. To view it, we can use any regular file viewer command such as cat, less, more, etc.
Each line in /etc/passwd file represents an individual user account and contains following seven fields separated by colons (:).
- Username or login name
- Encrypted password
- User ID
- Group ID
- User description
- User’s home directory
- User’s login shell
Let’s understand each field in detail.
Username or Login name
The first field stores username or login name. Login process compares the value stored in this field with the value we typed at
the login prompt in username field. If both values match, login process assumes that username is valid. While comparing username, login process starts looking for the supplied username in the first field of each line starting from first line and keeps looking until a match is found or all lines are checked.
Since each line represents an individual user account, the value stored in this field must be unique.
This field can store maximum 32 characters. Due to this limit, a username in Linux always consists less than or equal to 32 characters in length.
This field does not have any default value. It means, in order to create a new user account, we must have to supply the desired username.
As we know, Linux is a case sensitive operating system. In order to avoid any unnecessary confusion, we should not use initial
capitalization in username. For example, in Linux “Sanjay” and “sanjay” are two different usernames.
Except colons and newlines characters, we are allowed to use any symbol or character in this field. The characters colons and newlines are used as field separator and entry separator in this file respectively.
Although we are allowed to use any symbol or character except colons and newlines, still we should never use special symbols in this field. A username with special symbol works in login process, but it may not work in other processes or services. Let’s take an example to understand it more clearly.
It’s a common practice to use username as email address in Linux. In email address at (@) sign separates recipient name and domain name.
A username “sanjay@goswami”, if used with default setup in a domain name “example.com”, will become sanjay@email@example.com.
While phrasing this address, email server will understand domain name as “firstname.lastname@example.org” instead of “example.com” and
username as “sanjay” instead of “sanjay@goswami”.
An email sent on this address will never deliver. The best and safest way to avoid this kind of error, always use alphanumeric characters and generic
symbols such as underscore and hyphen in username.
The second field stores encrypted password. Historically, this field was used to store user’s password encrypted with DES algorithm.
Over the time computing power increased and DES algorithm became trivial to crack.
To use a more secure algorithm, Linux moved user’s password in a separate file /etc/shadow. Since user’s password
no longer stored in this field, a placeholder value x is used to indicate that actual password is stored in other location.
Third field stores UID of user. In Linux, every user has a unique ID known as UID (User ID). UID is a
32 bits integer value. Linux uses UID to track and manage each action of user such as creating file, modifying system properties,
starting applications and process, etc. The first UID (0) is always assigned to user root. Besides 0, other low UIDs (usually less than 500)
are assigned to service accounts such bin, lp, mail, news, games, ftp etc. UIDs of regular user accounts usually start from 500.
Never assign a deleted user account’s UID to a new user account. Linux uses UID rather than login name to tack
the files. If files created under deleted account exist in system or restored from backup, new user will be mapped
with those files automatically.
A group is a collection of user accounts which are alike or require access to a particular resource.
Linux is a multiuser network operating system. Managing services based individual user account is the most
tedious task. Grouping makes this job easier. For example, you are asked to allow a specific service for twenty
users which belong to a particular group. Without grouping you have to set the permission twenty times. But with grouping, you can do it in single time.
In Linux, every user belongs to one or more groups. While creating a user account, if we don’t specify the group name,
shell automatically creates a new group and adds user account in that group. This group is known as primary group or default group
of the user. Once user account is created, as per requirement it can be added in other groups. Other groups will be considered as secondary groups of the user.
Fourth field in each line, stores GID of user’s primary group. Group information of a user account is stored in /etc/group file separately.
Just like username, group name is also associated with a unique GID. Same as UID, GID is a 32 bits integer value.
Linux uses GID instead of group name to track, monitor and authenticate the activities of group.
Fifth field stores descriptive information about the user. In a multiuser environment where several users use system,
if stored, this field provides all necessary information about a user such as his full name, email address, phone number,
position in organization, etc. Usually the chfn utility is used to store and the finger utility is used to read this information.
Sixth field stores information about user’s home directory. Login process uses this information to decide where it
has to put the user just after the login. In other words, this is the default directory which user gets just after the login process.
While creating a user if this information is omitted, shell automatically sets it to /home/username.
If login process does not find user’s home directory at the location specified in this field, depending on system configuration,
it may either completely disallow the login or put the user in / directory. Getting root (/) directory just after the login
is an indication that user’s home directory is missing or not accessible.
The last field stores information about user’s default shell. If no shell information is specified while creating a regular user account, shell will use default value which is /bin/bash. If no shell is required, this field can be set to blank.
Some special accounts never require a shell access.
Administrators usually assign a fake shell such /bin/false or set this field to blank in these accounts.
This precaution prevents hackers from breaking the system through these accounts.
That’s all for this part. In next part we will understand the /etc/shadow file and its fields in detail. If you have any feedback or suggestion about this tutorial, please mail me. If you like this tutorial, please don’t forget to share it.
Full Version EX300 Dumps
Try EX300 Dumps Demo