Understanding Linux /etc/passwd File Format

User account creation is one of the basic task for Linux administrator that everyone aware.

Do you know where it’s keeping the users information and how to check and understand it?

Linux user information was residing in /etc/passwd file.

It’s a text file that contains the essential information about each user as a single line with seven fields.

It can be readable by all users in the system with help of any text editor.

Each line in /etc/passwd represents a single user. This file keep the user’s information in three parts.

  • Part-1: root user information
  • Part-2: system-defined accounts information
  • Part-3: Real user information

The first part is the root account, which is administrator account has complete power over every aspect of the system.

The second part is followed by system-defined groups and accounts that are required for proper installation and update of system software.

The third part at the end represent real people who use the system.

If you want to know other articles related for user management then navigate to the following URL.

The /etc/login.defs file provides default configuration information for user account parameters. It defines, UID and GID Min/max values for normal users and system users to select correct values while creating a user.

# grep "UID\|GID" /etc/login.defs

UID_MIN			 1000
UID_MAX			60000
SYS_UID_MIN		  500
SYS_UID_MAX		  999
GID_MIN			 1000
GID_MAX			60000
SYS_GID_MIN		  500
SYS_GID_MAX		  999

Also, it uses the following parameters while creating user to assign home directory, shell and group name, etc.,

# cat /etc/default/useradd

# useradd defaults file for ArchLinux
# original changes by TomK
GROUP=users
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no

When we create a new user, the new user details will be appended into this file.

While creating a new users the below four files will be modified.

  • /etc/passwd: User details will be updated in this file.
  • /etc/shadow: User password info will be updated in this file.
  • /etc/group: Group details will be updated of the new user in this file.
  • /etc/gshadow: Group password info will be updated of the new user in the file.

How to Access /etc/passwd File in Linux?

As i told in the beginning of the article, it’s a text file and everybody has an access. Use either getent command or any file manipulation commands to access it.

I have trimmed the file for better understanding.

# cat /etc/passwd
or
# getent passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
.
.
gdm:x:121:125:Gnome Display Manager:/var/lib/gdm3:/bin/false
daygeek:x:1000:1000:daygeek,,,:/home/daygeek:/bin/bash
sshd:x:122:65534::/run/sshd:/usr/sbin/nologin
thanu:x:1001:1001::/home/thanu:/bin/sh
renu:x:1002:1002:Renu,,9600106327,:/home/renu:/bin/bash
2gadmin:x:1003:1003::/home/2gadmin:/bin/bash
testuser:x:1004:1004::/home/testuser:/bin/bash
demouser:x:1005:1005::/home/demouser:/bin/bash
sudha:x:1006:1006::/home/sudha:/bin/bash
suresh:x:1007:1007::/home/suresh:/bin/bash
mysql:x:123:127:MySQL Server,,,:/nonexistent:/bin/false
ntp:x:124:128::/nonexistent:/usr/sbin/nologin
_chrony:x:125:129:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin
Debian-exim:x:126:130::/var/spool/exim4:/usr/sbin/nologin
u1:x:1008:1008::/home/u1:/bin/sh
u2:x:1009:1009::/home/u2:/bin/sh
u3:x:1010:1010::/home/u3:/bin/sh
u4:x:1011:1014::/home/u4:/bin/sh
u5:x:1012:1015::/home/u5:/bin/sh

What are the Seven Fields and it’s Details?

The /etc/passwd is a text file that contains each user information, which is necessary to login Linux system. It maintain useful information about users such as username, password, user ID, group ID, user ID info, home directory and shell.

The /etc/passwd file contain every user details as a single line with seven fields as described below, each fields separated by colon “:”

These are the seven fields, which is in /etc/passwd file.

  • Username
  • Password
  • User ID
  • Group ID
  • User ID Info – Comments
  • Home Directory
  • Shell
# grep "daygeek" /etc/passwd

daygeek:x:1000:1000:2g Admin:/home/daygeek:/bin/bash
-------|-|----|----|--------|-------------|---------
   1    2  3   4     5          6           7

Below are the detailed information about these seven fields.

  • Username (daygeek): Username of created user. Characters length should be between 1 to 32.
  • Password (x): It indicates that encrypted password is stored at /etc/shadow file.
  • User ID (UID-1000): It indicates the user ID (UID) each user should be contain unique UID. UID (0-Zero) is reserved for root, UID (1-499) reserved for system users and UID (500-999) reserved for system accounts/groups
  • Group ID (GID-1000): It indicates the group ID (GID) each group should be contain unique GID is stored at /etc/group file.
  • User ID Info (2g Admin - daygeek): It indicates the comment field. This field can be used to describe the user information.
  • Home Directory (/home/daygeek): It indicates the user home directory.
  • shell (/bin/bash): It indicates the user’s bash shell.

Use the following command, if you would like to print only normal users, which starts UID from 1000.

$ cat /etc/passwd | cut -d":" -f1,3 | sed 's/:/ /g' | awk '{ if($2 >= 1000) print $1;}'
nobody
daygeek
thanu
renu
2gadmin
testuser
demouser
sudha
suresh
u1
u2
u3
u4
u5
nagios

Use the following command, if you would like to print only normal users and their UID as well, which starts UID from 1000.

$ cat /etc/passwd | grep /home | cut -d":" -f1,3 | sed 's/:/ /g' | column -t
syslog          102
cups-pk-helper  110
daygeek         1000
thanu           1001
renu            1002
2gadmin         1003
testuser        1004
demouser        1005
sudha           1006
suresh          1007
u1              1008
u2              1009
u3              1010
u4              1011
u5              1012
nagios          1013

How Users are Allowed to Change their Own Password in Linux?

You might have a question that how users are allowed to change their own password when the file only has read permission to them?

Yes, you are right, don’t worry, I’m here to clarify that.

Simply use ls command to check the /etc/passwd file permission.

$ ls -lh /etc/passwd
-rw-r--r-- 1 root root 3.2K Jul  8 11:16 /etc/passwd

This would be achieved by assigning a Sticky Bit permission to the passwd script file.

$ ls -lh /bin/passwd
-rwsr-xr-x 1 root root 55K Apr  4 02:03 /bin/passwd*

What is Sticky Bit?

The sticky bit is primarily used on shared directories. It allows users to a create their own files, read, write and execute files owned by other users, but are not allowed to remove files owned by other users.

About Magesh Maruthamuthu

Love to play with all Linux distribution

View all posts by Magesh Maruthamuthu

Leave a Reply

Your email address will not be published. Required fields are marked *