Understand the /etc/passwd file.
The /etc/passwd
file is literally a colon-separated file that contains the following information: user name, encrypted password, user ID number (UID), user's group ID number (GID), full name of the user (GECOS), and more. The /etc/passwd
file is owned by the root user and must be readable by all the users, but only the root user has writable permissions.
$ cat /etc/passwd
root:x:0:0:root:/root:/bin/zsh
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
unicorn:x:1002:1006::/home/unicorn/:/bin/zsh
target:x:1003:1005::/home/target/:/bin/zsh
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
/etc/passwd file fields and format
Each user (user account) of the system has one entry per line in /etc/passwd
. A colon (:) sign separates each field. There are a total of seven fields, as shown below.
unicorn:x:1002:1006:,,,:/home/unicorn/:/bin/zsh
[--] - [-][--] [--][---][--------] [--------]
| | | | | | |
| | | | | | +-> 7. Login shell
| | | | | +----------> 6. Home directory
| | | | +--------------------> 5. GECOS
| | | +--------------------------> 4. GID
| | +-------------------------------> 3. UID
| +-----------------------------------> 2. Password
+----------------------------------------> 1. Username
- Username: The string you type when you log into the system. Each username must be a unique string on the machine. The maximum length of the username is restricted to 32 characters.
- Password: An x character indicates that an encrypted password is stored in
/etc/shadow
file. Please note that you need to use thepasswd
command to computes the hash of a password typed at the CLI or to store/update the hash of the password in/etc/shadow
file. - User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by the system for administrative and system accounts/groups.
- Group ID (GID): The user’s group identifier number, referring to the user’s primary group. When a user creates a file, the file’s group is set to this group. Typically, the name of the group is the same as the name of the user. User’s secondary groups are listed in the
/etc/groups
file. - User ID Info (GECOS): The comment field. It allows you to add extra information about the users such as the user’s full name, phone number, etc.
- Home directory: Home directory. The absolute path to the user’s home directory. It contains the user’s files and configurations. By default, the user home directories are named after the name of the user and created under the
/home
directory. If this directory does not exist then the user's directory becomes/
- Command/shell: The absolute path to the user’s login shell. This is the shell that is started when the user logs into the system. On most Linux distributions, the default login shell is Bash. Please note that it does not have to be a shell. For example, a sysadmin can use the
nologin
shell, which acts as a replacement shell for the user accounts. If the shell is set to/sbin/nologin
and the user tries to log in to the Linux System directly, the/sbin/nologin
shell closes the connection.
/etc/passwd file permission
The permission on the /etc/passwd
file should always be set to read-only to users (-rw-r--r-- OR 0644) and be owned by the root, as such:
$ ls -l /etc/passwd
OUTPUT
-rw-r--r-- 1 root root 2085 Aug 9 17:34 /etc/passwd
[...] and that’s all there is to it.
Thank you for stepping by.