Linux Shadow File – Explained

August 15, 2012     |     Linux,Tutorials

Pinterest
Print Friendly

In Linux, /etc/shadow file contains password and account expiry information for the users. In the absense of /etc/shadow file the password information is kept in the /etc/password file. This article provides detailed explanation of the user account information contained in the /etc/shadow file.

Let’s take an example. Following is the entry for user bob in /etc/shadow file,

# cat /etc/shadow | grep bob
bob:$1$9691cSVC$zN/LWa6NNAYADAZXUMGIV0:15582:10:30:7:20:15631:

Each line in the /etc/shadow file corresponds to a user account. Each entry is divided in to 9 fields with the help of a delimiter ‘:’.

Linux shadow file entry details

Field 1 contains the username.
Field 2 contains the hashed password of the user.
Field 3 – 8 contains the user account expiry information.
Field 9 is reserved for future use.

The password expiry information for a user account can be displayed/modified by using chage command.

Here is the output of the chage command for user bob.

# chage -l bob
Last password change                                    : Aug 30, 2012
Password expires                                        : Sep 29, 2012
Password inactive                                       : Oct 19, 2012
Account expires                                         : Oct 18, 2012
Minimum number of days between password change          : 10
Maximum number of days between password change          : 30
Number of days of warning before password expires       : 7

Each entry in the shadow file can be mapped to the output of the ‘chage -l’ command as shown below.

Linux shadow file entries and chage command output correlation

Note – In /etc/shadow file the date is displayed as the number of days since the epoch, 01 Jan 1970. However, chage command output displays the calculated date.

Field 3 represents the number of days since the epoch when the password was changed.
Field 4 represents the minimum number of days that must pass since the last password change date before the password can be changed again.
Field 5 represents the maximum number of days after the last password change date when the password must be changed again.
Field 6 represents the number of days before the accounting expiry date to issue password change warning.
Field 7 represents the number of days after password expiry when the account will be locked
Field 8 represents the password expiry date in the form of number of days since epoch.

Pinterest
Don't Miss a Post ! Subscribe to Our Free Email Newsletter.

{ 0 comments… add one now }

Leave a Comment

{ 1 trackback }

Next post: