The primary difference between the shadow file (/etc/shadow) and the password file (/etc/passwd) in Unix-like operating systems lies in what information they store and who has access to them:
- Password File (
/etc/passwd):- Information Stored:
- User account information like username, user ID (UID), group ID (GID), home directory, and default shell.
- Historically, it used to contain encrypted user passwords, but modern systems use the shadow file for this purpose.
- Access Rights:
- Readable by all users on the system.
- Contains non-sensitive information about user accounts.
- Example Entry:
john:x:1000:1000:John Doe:/home/john:/bin/bash
- Information Stored:
- Shadow File (
/etc/shadow):- Information Stored:
- User account password hashes and related security information like password expiration dates, password change policy, etc.
- Access Rights:
- Readable only by the superuser (root) for security reasons.
- Contains sensitive information and is crucial for protecting user passwords.
- Example Entry:code
john:$6$1nSgtoZO$YB4aTvzV96mvmvGpUQ6h3IKin6ZSjT2wEwCzmFljH9KsP1QqqNnWqmpF2sq6Bw4F4n6Rh/smgmSoE7FR7vlwL1:18809:0:99999:7:::
- Fields:
- Contains multiple fields including password hash, last password change date, password change policy, and more.
- Information Stored:
The separation of password information into the shadow file enhances security. It means that even if an attacker gains access to the /etc/passwd file, they won’t have direct access to the actual password hashes.
Modern Unix-like systems follow this practice, using the shadow file for password storage and related security information. Older systems may still use a combination of both files, but the trend has been to move towards the more secure practice of using only the shadow file for sensitive password information.