In this article, we explain what the /etc/passwd file is in Linux, its format and the meaning of the fields contained in each line of the file.
What is Linux?
Linux is a family of open-source operating systems based on the Linux kernel. The first Linux system kernel was released on September 17, 1991, by Linus Torvalds.
Read more …
Popular Linux distributions include Debian, Fedora, and Ubuntu, and the commercial distributions include Red Hat Enterprise Linux and SUSE Linux Enterprise Server.
There are also quite a number of customized Linux distributions, such as Kali Linux, REMnux etc. Kali Linux is a Debian-based distribution developed, funded and maintained by Offensive Security for ethical hackers for the purposes of Penetration Testing, Security Research & Assessment, and Computer Computer Forensics & Reverse Engineering. REMnux, on the other hand, is a Linux distro curated for reverse-engineering and malware analysis purposes.
UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity.
Dennis Ritchie
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
/etc/passwd File in Linux
In Linux, /etc/passwd is a plain text file that stores essential user account information. It contains a list of the system’s accounts, represented with a line of text for each user. As an essential system file, /etc/passwd file is owned by the root user and it has 644 permissions, i.e., it allows read access to all the system users while only the root account can modify its content.
To display access permissions on the the /etc/passwd file, you can use the ls command in Linux, as described below.
$ ls -la /etc/passwd
/etc/passwd File Format
The /etc/passwd file contains one entry per line that describes useful information on user accounts defined in the system. Each line of the user information is represented by 7 fields that are separated (delimited) by a colon symbol. An example /etc/passwd file entry and the meaning of its contents are depicted in Figure 2.
Explanation of the Fields in the /etc/passwd File
- Username: A unique string on a machine that is used to log into the system. The maximum length of the username is restricted to 32 characters.
- Password: Historically, password information was stored in the
/etc/passwdfile. However, on modern Linux distributions, this field is set tox, meaning the password is encrypted and stored in the/etc/shadowfile. - User ID (UID): A unique identifier for each user, represented by a number.
- Group ID (GID): A unique identifier for user groups, represented by a number.
- User ID Info (GECOS): A comma separated values (Full name, room number, work phone number, home phone number, other contact information) that contain detailed information on the user.
- User Home Directory: The absolute path to the user’s home directory. On most Linux distributions, user home directories are named after the usernames and created under the
/homedirectory. - User Login Shell: The absolute path to the user’s login shell. On most Linux distributions, the default user login shell is Bash. In the case of the users created for system applications, this field is set to
/sbin/nologin, meaning that the corresponding user can not log in to the Linux system directly.
Displaying the /etc/passwd File
To display the content of the /etc/passwd file, you can use the cat command in Linux, as described below.
$ cat /etc/passwd
To filter the output of the pervious cat /etc/passwd command by specifying a search pattern, such as a username, you can use the grep command command in Linux, as shown below.
$ cat /etc/passwd | grep kali
To learn more on Linux, you could also visit our Linux Resources Page.
