/etc/passwd File Explained

In this tutorial, we’ll be understanding /etc/passwd file in Linux operating system and its format. It is one of the principal files in Linux that stores information about the user accounts in the system.

What is passwd file in Linux

The passwd file is an important plaintext file in Linux that holds necessary information about all the users in the system. The file contains system users which are required for specific applications and the normal users. It is located inside the /etc directory and its full pathname is /etc/passwd.

The file contains one record per line and each represents a user account. Each record contains seven fields and is separated by colons.

The /etc/passwd is called password file but the user's password is stored encrypted in /etc/shadow file.

Fields of /etc/passwd file

Each entry in /etc/passwd file is defined by seven fields and separated by a colon (:) delimiter.

Passwd file fields explained:

Username: The first field in the line represents the unique username or login name used by users for logging into the system. It must be unique for every user. It can have a maximum length of 32 characters.
Password: The second field shows the users encrypted password. The x signifies that the corresponding user's encrypted passwords are stored in the /etc/shadow file.
UID (User ID): Third field stores the user identifier or the User ID for the user accounts, a unique number assigned to each user by the system for identification. The User ID is a 32 bits integer. The UID 0 is reserved for root, UID 1-99 are reserved for predefined accounts and UID 100-999 are reserved for administrative and system accounts.
GID (Group ID): The fourth field stores the Group Identifier, a 32 bits integer number assigned to the user's primary group or the default group the user belongs to. In most cases, it is the same as the UID. Information about the groups in the Linux system is stored in a separate file /etc/group.
GECOS: Fifth is the comment field which stores additional information related to the users such as full name, building number, room number, telephone number, etc in comma separated values.
Home directory: Sixth field stores the absolute path of the user’s home directory . It stores user-specific configurations and files. By default, the user's home directory has the same name as the user and is under the /home directory. Also, different users have their separate home directories fitting in the multi-user philosophy of Linux.
Login shell: The last field in the line represents the absolute path of the user’s default shell. It is the shell that is initiated when the user logs in. By default, it is Bash on most Linux distros. If a shell is not required for a user, it can be set to blank. There are special accounts , especially the service accounts, that do not require shell access at all. In that case, a fake shell such as /bin/false is assigned to them or the field is left blank.

Permissions of the passwd file

To view the permissions of the passwd file, type:

ls -l /etc/passwd

By default /etc/passwd has 644 permission and the file is owned by root user. The file is readable to all users of the system but editable only by someone who has root access or a sudo user.

To view detailed information about /etc/passwd file such as size, access permissions use stat command:

stat /etc/passwd

Reading the passwd file

To read the contents of /etc/passwd file by simply running the cat command:

cat /etc/passwd

The first line of the /etc/passwd file contains the record for the root user and the subsequent lines contain the other user accounts.

For easy easy navigation, pipe the output of passwd file using less command:

cat /etc/passwd | less

less /etc/passwd

You may also use grep command to filter the specific user accounts.

Example:

grep linuxopsys /etc/passwd

To make the entries of the passwd file more readable, we parse using awk command:

cat /etc/passwd | awk -F: '{print "Username:"$1,"\nPassword:"$2,"\nUID:"$3,"\nGID:"$4,"\nGECOS:"$5,"\nHome directory:"$6,"\nLogin shell:"$7"\n-"}'

The same way to view a specifier user record, type:

user="werewolf";grep $user /etc/passwd | awk -F: '{print "Username:"$1,"\nPassword:"$2,"\nUID:"$3,"\nGID:"$4,"\nGECOS:"$5,"\nHome directory:"$6,"\nLogin shell:"$7"\n-"}'

Editing the /etc/passwd file

You require root or sudo access to edit the passwd file. Use your favorite editor such as vi or nano to edit the /etc/passwd file.

To edit the /etc/passwd file using vi, type:

sudo vim /etc/passwd

For safety purposes, it’s better to avoid direct editing of the /etc/passwd file. You can use the command vipw which prevents file corruption by setting proper locks. It even gives us the option to choose a preferred editor.

To edit the /etc/passwd file using vipw, type:

sudo vipw

Commands that manipulate the /etc/passwd file

The following commands manipulate the /etc/passwd file:

passwd command - change the password for a user account.
useradd command - add/update new user account.
usermod command - modify user account.
userdel command - delete user account.
chfn command - change finger information of user account.
chsh command - change default login shell of user account.
chpasswd command - update user passwords in batch mode.
su command - switch user.
login command - initiate a new session.
sulogin command - perform single-user login.
getent command - get entries from Name Service Switch Libraries.
pwck command - perform integrity check of password files.
pwunconv command - convert to and from shadow passwords and groups.

Conclusion

In this tutorial, we learned about the file structure of /etc/passwd and its format in detail. We learned this is a very important file in Linux and should be very careful when editing it.