Short Tutorial: Understanding /etc/shadow file

The /etc/shadow file stores passwords in the encrypted format of an available user account on the operating system. This blog explains the basics of the /etc/shadow file available in Linux-based operating systems.

How to check permissions of /etc/shadow file

You can check permissions of /etc/shadow by using the ls utility.

ls -l /etc/shadow

Else, you can also use stat command to know about the file.

stat /etc/shadow

/etc/shadow Format

Each line in /etc/shadow file represents a user account with an encrypted password format on the Linux system. You can view the passed file by any editor. Here, I have used the cat utility to view the shadow file. Remember, you are able to view shadow files only if you are root or sudo privilege.

sudo cat /etc/shadow

We have just taken one line below from the output to understand the format:

root:$y$j9T$q2M.jwhqYn5SkMwZ9siQv/$w1xEho.2lA40O/ejzc//7sMxWA6RDw0bv7Y3M44z2l7:18924:0:99999:7:::
123456789
root$y$j9T$q2M.jwhqYn5SkMwZ9siQv/$w1xEho.2lA40O/ejzc//7sMxWA6RDw0bv7Y3M44z2l7189240999997--
UsernameEncrypted passwordLast Password ChangeMinimum Password AgeMaximum Password AgeWarning periodInactivity periodExpiration dateUnused
  1. Username - User's login. Must not have capital letters
  2. Encrypted password - It denotes the encrypted password in format $type$salt$hashed. Here, $type shows $1$ is MD5, $2a$ is Blowfish, $2y$ is Blowfish, $5$ is SHA-256 and $6$ is SHA-512.
  3. Last Password Change - number of days after 1 January 1970, when a password is changed.
  4. Minimum Password Age - minimum number of days before which password must not be changed
  5. Maximum Password Age - maximum number of days after which password must be changed
  6. Warning period - display the number of days till when you need to change the password
  7. Inactivity period - display the number of days post expiration since 1 January 1970. A blank field simply means that the account will never be disabled on password expiration.
  8. Expiration date - display the date on which the account was disabled. A blank field simply means that the account will never expire.
  9. Unused - reserved for future use

Can we change the password?

We can change the password by using the below command:

passwd

Should we edit /etc/shadow?

Unless you know what are you doing, till then no need to change or edit the shadow file. Read more tutorials and man page, to understand more about this command. Once you are confident enough, then only edit the shadow file.

Conclusion

The /etc/shadow file keeps monitoring all available users on the system. Generally, you need to read this file to understand the number of users who are able to log in to the system.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

OWASP API Top 10 - 2023 7 Facts You Should Know About WormGPT OWASP Top 10 for Large Language Models (LLMs) Applications Top 10 Blockchain Security Issues What is Cyber Warfare?