1. The Password File (`/etc/passwd`)
The /etc/passwd file is a critical system file in Linux that stores information about all registered user accounts on the system. Each line in this file represents a single user and contains seven colon-separated fields.
Structure of a `passwd` entry:
username:password_placeholder:UID:GID:GECOS:home_directory:shell
Field Descriptions:
| Field | Description |
|---|---|
username | The user’s login name. |
password_placeholder | Historically, this field contained the encrypted password. For security, it now typically holds an ‘x’ or ‘*’ indicating that the actual encrypted password is stored in the /etc/shadow file. |
UID | User ID. A unique numerical identifier for the user. UIDs below 1000 are typically reserved for system accounts. |
GID | Primary Group ID. The numerical ID of the user’s primary group. |
GECOS | General Electric Comprehensive Operating System. This field is for optional user information like full name, office location, and contact number. |
home_directory | The absolute path to the user’s home directory (e.g., /home/username). |
shell | The absolute path to the user’s default login shell (e.g., /bin/bash, /bin/sh, /sbin/nologin). |
Example:
A typical entry in /etc/passwd might look like this:
john:x:1001:1001:John Doe,,,:/home/john:/bin/bash
This indicates a user named ‘john’ with UID 1001, primary GID 1001, full name “John Doe”, home directory /home/john, and default shell /bin/bash. The ‘x’ signifies the password is in /etc/shadow.
You can view the contents of this file using:
$ cat /etc/passwd
2. Password Security
Password security is paramount in Linux to protect user accounts and system integrity. Weak passwords are a major vulnerability.
Key Aspects of Password Security:
- Complexity: Passwords should be a mix of uppercase and lowercase letters, numbers, and special characters.
- Length: Longer passwords are more secure. Aim for at least 12-16 characters.
- Uniqueness: Do not reuse passwords across different accounts or systems.
- Avoid Obvious Choices: Do not use personal information (birthdays, names), common words, or simple sequences (e.g., “123456”, “password”).
- Regular Changes: While less emphasized now with strong passwords, periodic changes can still add a layer of security.
- Hashing Algorithms: Linux stores passwords as cryptographically hashed values, not plain text. Modern systems use strong hashing algorithms like SHA-512.
Example:
A strong password example: P@$$w0rdS3cur3!2025
A weak password example: user123 or myname
Linux systems often enforce password policies through modules like PAM (Pluggable Authentication Modules), which can check for complexity, length, and history.
3. Shadow Files (`/etc/shadow`)
The /etc/shadow file is a highly sensitive file that stores the actual encrypted passwords and password aging information for user accounts. It is readable only by the root user, which significantly enhances security by preventing unauthorized access to password hashes.
Structure of a `shadow` entry:
username:encrypted_password:last_changed:min_days:max_days:warn_days:inactive_days:expiration_date:reserved
Field Descriptions:
| Field | Description |
|---|---|
username | The user’s login name, matching an entry in /etc/passwd. |
encrypted_password | The cryptographically hashed password. This is the most critical field. An asterisk (*) or exclamation mark (!) here means the account is locked or has no password set. |
last_changed | The number of days since January 1, 1970, that the password was last changed. |
min_days | The minimum number of days required between password changes. User cannot change password again before this period. |
max_days | The maximum number of days a password is valid. After this, the user will be forced to change it. |
warn_days | The number of days before password expiration that the user will be warned. |
inactive_days | The number of days after password expiration that the account will be disabled. |
expiration_date | The date (days since Jan 1, 1970) when the account will expire. |
reserved | A reserved field, currently unused. |
Example:
A typical entry in /etc/shadow might look like this:
john:$6$rounds=40000$abcdefghijklmn$oPqRsTuVwXyZ0123456789ABCDEFGH.IJKLMN:19800:0:99999:7:::
Here, $6$... indicates a SHA-512 hashed password. The 19800 means the password was last changed 19800 days after Jan 1, 1970. 0:99999:7 means no minimum days between changes, password valid for 99999 days, and a warning 7 days before expiration.
You can view the contents of this file (as root) using:
$ sudo cat /etc/shadow
4. Group and Group Files (`/etc/group`)
Groups are a fundamental concept in Linux for managing permissions and access control. Users can be members of one or more groups, and permissions can be assigned to groups rather than individual users, simplifying administration.
The /etc/group file stores information about all defined groups on the system.
Structure of a `group` entry:
group_name:password_placeholder:GID:member_list
Field Descriptions:
| Field | Description | |
|---|---|---|
group_name | The name of the group. | |
password_placeholder | Historically, this field was for a group password. It typically contains an ‘x’ or is empty. Group passwords are rarely used. | |
GID | Group ID. A unique numerical identifier for the group. | |
member_list | A comma-separated list of usernames that are members of this group. Users whose primary group is this group are not listed here. |
Example:
A typical entry in /etc/group might look like this:
users:x:100:john,jane sudo:x:27:john
This shows a group named ‘users’ with GID 100, and ‘john’ and ‘jane’ are secondary members. The ‘sudo’ group (GID 27) has ‘john’ as a secondary member, allowing him to use sudo.
You can view the contents of this file using:
$ cat /etc/group
To see which groups a user belongs to:
$ groups john john : john sudo users
5. Default Files (`/etc/skel`)
The /etc/skel directory (short for “skeleton”) contains a set of default configuration files and directories that are copied to a new user’s home directory when their account is created. This ensures that new users have a consistent and basic environment setup.
Common files/directories in `/etc/skel`:
.bashrc: Configuration for the Bash shell..profile: General user environment settings, sourced on login..bash_logout: Commands executed when a Bash login shell exits..config/: Directory for user-specific configuration files (often empty or contains default subdirectories)..local/: Directory for user-specific data that should persist.
Example:
When you create a new user, say ‘newuser’, using useradd, the contents of /etc/skel are copied to /home/newuser/.
You can see the contents of the skeleton directory using:
$ ls -a /etc/skel/ . .. .bash_logout .bashrc .profile .config
If you want all new users to have a specific alias or a custom prompt, you would add that configuration to the relevant file (e.g., .bashrc) within /etc/skel.