Everything you need to know about the /etc/passwd file in Linux
Understanding the /etc/passwd file is important for managing user accounts in Linux. This file is a plain text file that stores essential information about all system user accounts required for logging in.
The /etc/passwd file is owned by the root user and has a permissions mode of 644 (rw-r--r--), which means it is readable by all users on the system but can only be modified by the root user or users with sudo privileges.
You can view the contents of this file using any text viewer on Linux, such as cat, more, less, or by running the getent passwd command. Here's an example of what the contents of the /etc/passwd file look like:
root:x:0:0::/root:/bin/bash
bin:x:1:1::/:/usr/bin/nologin
daemon:x:2:2::/:/usr/bin/nologin
mail:x:8:12::/var/spool/mail:/usr/bin/nologin
ftp:x:14:11::/srv/ftp:/usr/bin/nologin
git:x:963:963:git daemon user:/:/usr/bin/git-shell
tom:x:1001:1001::/home/tom:/usr/bin/bash
jenkins:x:961:961:Jenkins CI:/var/lib/jenkins:/usr/bin/nologin
named:x:40:40:BIND DNS Server:/:/usr/bin/nologin
grafana:x:207:207::/var/lib/grafana:/usr/bin/nologin
traw:x:1005:1005::/home/traw:/bin/bashTypically, the first line describes the root user, followed by the regular system or service and user accounts. A new entry is appended to the end of the file.
It is strongly recommended to avoid manually modifying the /etc/passwd file unless you have a thorough understanding of its format and implications. Instead, use the appropriate commands for managing user accounts, such as usermod or groupmod to modify existing user account information, and useradd or adduser to create new user accounts.
Understanding /etc/passwd file fields
Each line in the /etc/passwd file represents a user account and consists of seven colon-separated fields:
Username or login name
Encrypted password
User ID
Group ID
User description (GECOS)
User’s home directory
User’s login shell (User's default shell)
traw:x:1005:1005:traw,,,:/home/traw:/bin/bash
[--] - [--] [--] [-----] [--------] [--------]
| | | | | | |
| | | | | | +-> 7. Login shell
| | | | | +----------> 6. Home directory
| | | | +--------------------> 5. GECOS
| | | +--------------------------> 4. GID
| | +-------------------------------> 3. UID
| +-----------------------------------> 2. Password
+----------------------------------------> 1. Username
Now that we understand the fields in the /etc/passwd file, let's explore what they represent and how they are used in the system.
Username or Login name
The first field stores the username or unique login name. During the login process, the value entered in the username field is compared against this field. If a match is found, the login process assumes the username is valid. The comparison starts from the first line and continues until a match is found or all lines have been checked. The maximum length for a username is 32 characters.
Encrypted password
Historically, the second field was used to store the user's encrypted password using the DES algorithm. However, as computing power increased, the DES algorithm became less secure. To address this, Linux moved user passwords to a separate /etc/shadow file, and now this field contains an 'x' to indicate that the actual encrypted password is stored elsewhere.
User ID
The third field stores the user's unique identifier (UID). In Linux, each user is assigned a UID, which is a 32-bit integer. The UID allows the system to track and manage user activities, such as creating files, changing system properties, and running applications or processes. The root user always has the UID of 0, while low UIDs (usually less than 500) are assigned to system accounts like news, mail, games, etc. Typical user account UIDs start from 500.
Group ID
A group is a collection of user accounts that share similar access requirements or need access to the same resources. Linux, being a multi-user operating system, supports assigning users to groups to simplify access management. Each user belongs to at least one group, known as the primary or default group. When creating a new user account without specifying a group, the system automatically creates a new group with the same name as the user and assigns the user to that group. Users can also be added to secondary groups as needed, which are listed in the /etc/groups file.
Grouping user accounts simplifies the process of granting or revoking access to resources. Instead of managing permissions for individual users, you can manage them at the group level, making it more efficient, especially when dealing with a large number of users requiring access to the same resources.
User description (GECOS)
The fifth field stores descriptive information about the user. In a multi-user environment, this field can contain details such as the user's full name, room number, work phone, home phone, email address, and other relevant information. Generally, the chfn command is used to change user information, and the finger command is used to read this information.
User’s home directory
The sixth field contains the path to the user's home directory. The login process uses this information to determine where to place the user immediately after they log in. In other words, this is the default directory the user lands in after a successful login. When creating a new user account, if this information is omitted, the shell automatically sets the home directory to /home/username or ~/.
Login shell
The final field stores the path to the user's default shell. If no shell is specified during the creation of a regular user account, the system typically assigns /bin/bash as the default shell. However, you can leave this field blank if the user account does not require shell access.
Some special system accounts do not require interactive shell access. For these accounts, administrators typically assign a false shell such as /bin/false or leave this field empty. This practice helps prevent unauthorized access to the system through these accounts.
Summing up
That's all for this guide! Thank you for getting this far. I hope this guide has provided you with a better understanding of how user accounts are managed in Linux and the significance of each field in the /etc/passwd file.