Introduction
The /etc/passwd file stores user account information important for the login process in Unix-like operating systems. Therefore, understanding the /etc/passwd structure and contents is crucial for system administrators and other users.
In this article, you will learn about the /etc/passwd file, how to read its contents, check file permissions, and make necessary edits.
What Is /etc/passwd File?
Various authentication methods are available for Linux systems, but the standard one is authentication against the /etc/passwd and /etc/shadow files.
The/etc/passwd file is a plain text file with information for all user accounts. It includes a list of user accounts on the system, as well as details such as user ID, group ID, home directory, and default shell.
The root user owns the file, and only the root user or users with sudo privileges are able to modify the file. However, all system users have read access.
/etc/passwd File Example
The /etc/passwd file has one entry per line for each user on the system. The following example entry in the /etc/passwd file demonstrates the structure:
sara:x:1000:1000:Sara Z:/home/sara:/bin/bash
Each line consists of several fields separated by colons (:). In the example, the fields are:
- The username (sara). A unique string with a maximum length of 32 characters.
- x. The encrypted password stored in the /etc/shadow file.
- UID (1000). The user ID (UID) is a unique number assigned to each user by the operating system.
- GID (1000). The Group ID (GID) refers to the user's primary group. The primary group has the same name as the user. Secondary groups are listed in the /etc/groups file.
- GECOS (Sara Z). Represents the User ID Info (GECOS), the comment field containing additional information about the user. For example, the user's full name, phone number, and other contact details.
- The home directory (/home/sara). The absolute path to the directory where users are placed when they log in. It contains the user's files and configurations.
- The default shell (bin/bash). The user's default shell that starts when the user logs into the system.
How to Read /etc/passwd File?
The /etc/passwd file has read permissions, and anyone can view its contents without additional privileges. There are several ways to read the file.
Method 1: cat Command
Use cat to print the entire file content in the terminal.
To do so, enter:
cat /etc/passwd
The first line represents the root user, followed by system and standard user accounts. New entries are appended at the end.
Method 2: less command
Another command that displays the file is less. Unlike cat, the less command shows the file one page at a time, making it easier to navigate through large files.
To view the file with less, execute:
less /etc/passwd
Press the Spacebar to scroll down or the q key to exit the viewer.
Method 3: head Command
The head command, by default, displays the first ten lines. Run the following command to read the file:
head /etc/passwd
To print a different number of lines, specify the count using the -n option.
For example, to print the first fifteen lines of /etc/passwd, run:
head /etc/passwd -n 15
Method 4: tail command
Run tail without any arguments to print the last ten lines:
tail /etc/passwd
However, to set a different number of lines, run tail with the -n option. For instance, print the last fifteen lines with:
tail /etc/passwd -n 15
Method 5: Text Editor
Another option is to open the /etc/passwd file in a text editor of choice. For instance, to open the file in Vim, run:
vim /etc/passwd
Use the commands provided by the text editor to navigate, view, and exit the file.
Note: If you don't have a text editor installed, check out our list of best Linux text editors for coding.
How to Check /etc/passwd File Permissions
File permissions are essential for maintaining the security and integrity of system files.
The /etc/passwd file is owned by root and has permissions set to 644. These permissions signify the owner (root) has read and write access, while the group and other users have read-only access.
To verify the /etc/passwd file permissions, run the ls command with the -l option:
ls -l /etc/passwd
The output provides the file's owner, group, size, and permissions. To see additional file details, run the stat command:
stat /etc/passwd
How to Edit /etc/passwd File?
Editing the /etc/passwd file requires root access or sudo privileges. Any incorrect modification of /etc/passwd often leads to login issues or security vulnerabilities.
Several methods exist for editing the file.
Method 1: vipw command
The vipw command is a safe way to edit the /etc/passwd file by locking it against simultaneous modifications. The command opens the /etc/passwd file in the system editor and locks the file, which prevents other users and processes from making any changes.
Execute the following command:
sudo vipw
To test if the tool works, open another terminal window and try to change a user's password. For instance, the example below uses passwd to change the password for the user sara:
sudo passwd sara
The terminal doesn’t print the confirmation of password change, and the password won't get updated until you exit vipw.
Use the appropriate keys to exit the editor running vipw. For Vim, type wq and hit Enter.
Next, return to the other terminal window:
The output now shows that the password is updated.
Method 2: usermod command
The usermod command allows users to modify various account attributes. Depending on the changes to be made, use different arguments with usermod:
| Option | Description |
|---|---|
-c | Add info to the user. |
-s | Change the default shell. |
-d | Change the home directory. |
-e | Change account expiration date. |
-u | Change user ID. |
-l | Change username. |
For example, change the user's name with:
sudo usermod -c "Sara ZV" sara
Verify the change was successful using the commands for viewing the /etc/passwd file. For instance:
tail /etc/passwd -c 5
Method 3: Text Editor
Another option is to open the /etc/passwd file in a text editor like Vim. However, using a text editor to modify the file does not protect against simultaneous user changes.
For example, the root user is editing the /etc/passwd file in Vim. If another user tries to change the password, the initial change may not be successful. Moreover, users sometimes encounter login issues if the modification fails to update the password in /etc/passwd.
However, caution and confirmation of a single user modifying the file allow for successful editing using a text editor. For instance, open the file in Vim with:
sudo vim /etc/passwd
Using sudo when accessing a text editor allows users to edit the file. The example above shows Vim in the insert mode, and changes are being made with the user's name.
Note: If Vim is your preferred text editor, level up your knowledge with our Vim commands cheat sheet.
What Is /etc/shadow File?
The /etc/shadow file is a companion file to /etc/passwd, designed to store encrypted user passwords.
The file follows a specific format for each entry. Each line represents a user account and consists of several fields separated by colons (:).
The fields include:
- The username.
- Encrypted password.
- Password aging info (such as password expiration and change history).
- Account locking status.
However, unlike the /etc/passwd file, the /etc/shadow file is readable only by privileged users.
To read the /etc/shadow file, use the same commands used for reading the /etc/passwd file (cat, less, head, tail) but with sudo.
Conclusion
After reading the article, you now understand the /etc/passwd file. Choose your preferred tool for reading and editing the file to make the necessary changes.
Next, learn how to add users in Linux.
