Understanding /etc/shadow file format

I’m continuously writing new articles for 2daygeek website, Today i have a question to ask myself ? Do you know about shadow file format. I know this will store the user password with encrypted format but i don’t know elaborately. So I’m going to explain the /etc/shadow file format to understanding myself and to the users who want to know about it.

1) What is Shadow file ?

Shadow file contains the encrypted password information of all linux user’s accounts. The Shadow file contain every user encrypted password details with additional properties related to user password as a single line with eight fields.

2) How to view the password list

You can use the cat command to print the list of users password created on your system/server. See the output below.

[email protected] [~]# cat /etc/shadow
root:$6$W.EOKZfu$OcEiZxDxVI6bgE.vTVhHXHMZTB4sUfaZt/1.89SG4S8AGB1zg7xa8rs8iRThX3pzpk8zsi0bCKF4kiSroMtx90:15974:0:99999:7:::
massregi:$6$t8fYiY2SSmcgeg3b$XhecLno6nw39Ml9JceNWi2PNVKextmB4mxKBO3KwmvqUXmcc7AaP37k1TWjU3l7IXM8/koBLxmHjD6B7GWhVg/:15636:0:99999:7:::
tardis:$6$pGqbclNG$NUbrsZVH7s8ytDW9sM6JX6QC98rwMpZQKS4rH9L8wqIO9ckhtBalaft/5BQtxsHBbKEP62K4FQadC3PecuQBZ.:15635:0:99999:7:::
nagios:$6$cMYRO8Pz$PCb3tA6Gm9LXdZgcXGWvcm2DStYU539INYDJwdRH8M8WK/Nud0HPBHg7iqU7kn3g91jUfNOjqxIAoSKwaCBJx/:15684:0:99999:7:::
mageshm:$6$sTgBhfj0$pkzz/JpVTl8ZAmk./d4SDarRyWsGSZHguljywUHQMP4DWo8/TgNzL5rMpejqNWuyxtFlISxdyIqPmpsIsyi.i1:16088:0:99999:7:::
2daygeek:$6$iQYB/owpGrAmMbno$GqB3KPeY3XQHir5S5OFCZO0J2Kr20PyuPKWE3ESxysmbD67xDUhEyssIZ52pIkuFfRYNEfoahHExGQZZKspC2/:16055:0:99999:7:::
2gadmin:$6$RDE/drV2R$qa9YNqAE8BF/JWhfUFEGlgQIiG1Sv1YM1ODKo3q5fOnXjoF7sVeGSw6zUztL1eZY6kh3LZ/isfz2NRzObryR3/:16091:0:99999:7:::
testuser:$6$TwPBN/o.fb$TgJNlRiIGgmhogdnM.m4Hu27XhGbSEIkDIAmbwNas7xO1Dxam5iArnXiRm.mu3LBhrfTeMDCuPxkioh7Yy/jl1:16091:0:99999:7:::
demouser:$6$kNDWc7Nk$RszhplZlNWC18Hs5OsYXhV.cw9iwMSBb2lGWOBrjOe9jxPXdtBtebOZowIoaTmj9nrd0JBCsTPvVCRnRjTmvW1:16091:0:99999:7:::
ramesh:$6$vFMBf/mm.Oq5E$l7DvxkwMNOdcWNvGUUkW7STIl/nVK6v1s4AUY2fgCfwF1FusJvEUyjsj5Bbz4TFyLhRi.sQUTXR6unxc4LxK7.:16091:0:99999:7:::
suresh:$6$MwkbFnqNh$hHqGr83EuL90AMPMHrtRxr3hgyXK1N8hYd91ZTxaEmpauy9Fii2qyWlRfpFD9Yn7XazCDxpZ7ccX1RX2/OFtN0:16091:0:99999:7:::

The above output is clearly shows every line contain eight fields and every fields separated by comma “:”

3) Details of eight field

See the eight fields details of shadow file.

[email protected] [~]# span style="color:#25c5fa">grep "mageshm" /etc/shadow
mageshm:$6$sTgBhfj0$pkzz/JpVTl8ZAmk./d4SDarRyWsGSZHguljywUHQMP4DWo8/TgNzL5rMpejqNWuyxtFlISxdyIqPmpsIsyi.i1:16088:0:99999:7: : :
------- -------------------------------------------------------------------------------------------------- ----- - ----- - - -
   1                                                       2                                                 3   4   5   6 7 8

4) Explanation of eight fields

See the explanation of seven fields.

  1. Username (mageshm) : Login user name.
  2. Password ($6$sTgBhfj0$pkzz/JpVTk./d4SDarljywUH8/TgNzL5rxtFlpsIsyi.i1) : It’s your encrypted password. The password should be minimum 6-8 characters with (Alphabets(Caps & Small), Special characters ($#%@&), Digits (1,2,3) to create secure password.
  3. Last Changed Date(16088) : Last password set/changed date.
  4. Minimum days (0) : How many days remaining to change new password of user.
  5. Maximum days (99999) : How many days the password to be valid for user.
  6. Warn days (7) : This will show the warning message to user, how many days remaining to update/change the new password.
  7. Inactive days () : After password expired, it will be disabled the user account for mentioned days (date).
  8. Expire date () : Within the mentioned (Expire) date, the account has been disabled and user can’t login to system.

5) View the mageshm user password properties

[email protected] [~]# chage -l mageshm
Last password change                                    : Jan 18, 2014
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

6) Understanding Password hash field

The Password hash field contains an encrypted password instead of original password and the original password haven’t stored anywhere in system. The encrypted password is having three field and the field is separated by ($) symbol. See the details.

Format :

The common Format for password field in linux shadow file.

Syntax :# $[hash_algorithm]$[hash_salt]$[hash_data]

7) Details of password field

See the three fields details of password field.

$6$sTgBhfj0$pkzz/JpVTl8ZAmk./d4SDarRyWsGSZHguljywUHQMP4DWo8/TgNzL5rMpejqNWuyxtFlISxdyIqPmpsIsyi.i1
 - -------- --------------------------------------------------------------------------------------
 1    2                                             3

8) Explanation of three fields of password field

See the explanation of three fields.

  1. hash_algorithm (6) : This field shows which hashing algorithm used. Currently using (SHA-512) Algorithm and its indicate 6.
  2. hash_salt (sTgBhfj0) : Salt field is contain encrypted password instead of actual password.
  3. hash_data (JpVTl8ZAmk./d4SDarRyWsGSZHguljywUHQMP4DWo8/TgNzL5rMpejqNWuyxtFlISxdyIqPmpsIsyi.i1) : This is salted hash password.

8) Details of hash_algorithm ?

See the hashing algorithm and its code.

CODE ALGORITHM
$1 MD5 hashing algorithm.
$2 Blowfish Algorithm.
$2a eksblowfish Algorithm.
$3 NT hashing algorithm.
$5 SHA-256 Algorithm.
$6 SHA-512 Algorithm.

9) How to check shadow file permission

The permission of “shadow” file is write only to root user(–w——-) and root is the owner of file.

[email protected] [~]# ls -la /etc/shadow
--w-------. 1 root root 2608 Jan 29 23:16 /etc/shadow

Magesh Maruthamuthu

Love to play with all Linux distribution

You may also like...