linux poison RSS
linux poison Email

Shadow password file /etc/shadow explained

The problem with traditional passwd files is that they had to be world readable in order for programs to extract information about the user: such as the users full name. This means that everyone can see the encrypted password in the second field. Anyone can copy any other user's password field and then try billions of different passwords to see if they match.

The shadow password file is used only for authentication and is not world readable -- there is no information in the shadow password file that a common program will ever need -- no regular user has permission see the encrypted password field. The fields are colon separated just like the passwd file.

Here is an example line from a /etc/shadow file:


nik - The user's login name.

Q,Jpl.or6u2e7 - The user's encrypted password known as the hash of the password.

10795 - Days since the January 1, 1970 that the password was last changed.

0 - Days before which password may not be changed. Usually zero. This field is not often used.

99999 - Days after which password must be changed. This is also rarely used, and will be set to 99999 by default.

7 - Days before password is to expire that user is warned of pending password expiration.

-1 - Days after password expires that account is considered inactive and disabled. -1 is used to indicate infinity -- i.e. to mean we are effectively not using this feature.

-1 - Days since January 1, 1970 when account will be disabled.

134537220 - Flag reserved for future use.


Anonymous said...


The Geek Scope said...

Good article. For additional information please refer to

Post a Comment

Related Posts with Thumbnails