Difference between Password File and Shadow File

The primary difference between the shadow file (/etc/shadow) and the password file (/etc/passwd) in Unix-like operating systems lies in what information they store and who has access to them:

1. Password File (/etc/passwd):
   • Information Stored:
     • User account information like username, user ID (UID), group ID (GID), home directory, and default shell.
     • Historically, it used to contain encrypted user passwords, but modern systems use the shadow file for this purpose.
   • Access Rights:
     • Readable by all users on the system.
     • Contains non-sensitive information about user accounts.
   • Example Entry: john:x:1000:1000:John Doe:/home/john:/bin/bash
2. Shadow File (/etc/shadow):
   • Information Stored:
     • User account password hashes and related security information like password expiration dates, password change policy, etc.
   • Access Rights:
     • Readable only by the superuser (root) for security reasons.
     • Contains sensitive information and is crucial for protecting user passwords.
   • Example Entry:codejohn:$6$1nSgtoZO$YB4aTvzV96mvmvGpUQ6h3IKin6ZSjT2wEwCzmFljH9KsP1QqqNnWqmpF2sq6Bw4F4n6Rh/smgmSoE7FR7vlwL1:18809:0:99999:7:::
   • Fields:
     • Contains multiple fields including password hash, last password change date, password change policy, and more.

The separation of password information into the shadow file enhances security. It means that even if an attacker gains access to the /etc/passwd file, they won’t have direct access to the actual password hashes.

Modern Unix-like systems follow this practice, using the shadow file for password storage and related security information. Older systems may still use a combination of both files, but the trend has been to move towards the more secure practice of using only the shadow file for sensitive password information.