In Linux, /etc/shadow file contains password and account expiry information for the users. In the absense of /etc/shadow file the password information is kept in the /etc/password file. This article provides detailed explanation of the user account information contained in the /etc/shadow file.
Let’s take an example. Following is the entry for user bob in /etc/shadow file,
# cat /etc/shadow | grep bob bob:$1$9691cSVC$zN/LWa6NNAYADAZXUMGIV0:15582:10:30:7:20:15631:
Each line in the /etc/shadow file corresponds to a user account. Each entry is divided in to 9 fields with the help of a delimiter ‘:’.
Field 1 contains the username.
Field 2 contains the hashed password of the user.
Field 3 – 8 contains the user account expiry information.
Field 9 is reserved for future use.
The password expiry information for a user account can be displayed/modified by using chage command.
Here is the output of the chage command for user bob.
# chage -l bob Last password change : Aug 30, 2012 Password expires : Sep 29, 2012 Password inactive : Oct 19, 2012 Account expires : Oct 18, 2012 Minimum number of days between password change : 10 Maximum number of days between password change : 30 Number of days of warning before password expires : 7
Each entry in the shadow file can be mapped to the output of the ‘chage -l’ command as shown below.
Note – In /etc/shadow file the date is displayed as the number of days since the epoch, 01 Jan 1970. However, chage command output displays the calculated date.
Field 3 represents the number of days since the epoch when the password was changed.
Field 4 represents the minimum number of days that must pass since the last password change date before the password can be changed again.
Field 5 represents the maximum number of days after the last password change date when the password must be changed again.
Field 6 represents the number of days before the accounting expiry date to issue password change warning.
Field 7 represents the number of days after password expiry when the account will be locked
Field 8 represents the password expiry date in the form of number of days since epoch.