Understanding the /etc/passwd file on UNIX/Linux.

The /etc/passwd file on UNIX/Linux is very easy to understand once the layout of the information is understood.

The /etc/passwd file stores information in this format.

Username : Password : UID : GID : Full Name : Home Directory : Default Shell

The Username field contains the username entered by the user at login. The Password field contains the password that is required to be entered by the user to gain access to the system. The password is stored in a encrypted hash format, encrypted by Blowfish or MD5 encryption. When the password is entered by the user, it is hashed and compared to the password stored on the system and if it matches, then the user is allowed to login.

The UID field contains the unique user id of the user and the GID is the group id that the user is a member of. The Full Name field contains the full name of the user and the Default Shell that is assigned to the user. This shell must be listed in /etc/shells for this to work correctly.

bill:x:500:500:Bill Smith:/home/bill:/bin/bash

The password for each user is very important, it is best to use the highest level of password encryption possible, Blowfish encryption is stronger than the MD5 encryption usually used by applications such as MySQL to encrypt passwords. A program such as John the Ripper may be used to decrypt a password file that uses encrypted hashes and you may run this on your own system to analyse your passwords to check if your passwords are strong enough. Using upper & lower case letters and numbers is a good way to make your password harder to crack. And making sure that no-one can get hold of your /etc/passwd file and retrieve your passwords. Changing the shell your user uses on login may be achieved by editing the /etc/passwd file and then logging out and then back in again.

No comments have been made. Use this form to start the conversation :)

Leave a Reply