Understanding the /etc/passwd File

July 13, 2023

Introduction

The /etc/passwd file stores user account information important for the login process in Unix-like operating systems. Therefore, understanding the /etc/passwd structure and contents is crucial for system administrators and other users.

In this article, you will learn about the /etc/passwd file, how to read its contents, check file permissions, and make necessary edits.

Understanding /etc/passwd file

What Is /etc/passwd File?

Various authentication methods are available for Linux systems, but the standard one is authentication against the /etc/passwd and /etc/shadow files.

The/etc/passwd file is a plain text file with information for all user accounts. It includes a list of user accounts on the system, as well as details such as user ID, group ID, home directory, and default shell.

The root user owns the file, and only the root user or users with sudo privileges are able to modify the file. However, all system users have read access.

/etc/passwd File Example

The /etc/passwd file has one entry per line for each user on the system. The following example entry in the /etc/passwd file demonstrates the structure: 

sara:x:1000:1000:Sara Z:/home/sara:/bin/bash
The /etc/passwd file example

Each line consists of several fields separated by colons (:). In the example, the fields are:

  • The username (sara). A unique string with a maximum length of 32 characters.
  • x. The encrypted password stored in the /etc/shadow file. 
  • UID (1000). The user ID (UID) is a unique number assigned to each user by the operating system.
  • GID (1000). The Group ID (GID) refers to the user's primary group. The primary group has the same name as the user. Secondary groups are listed in the /etc/groups file.
  • GECOS (Sara Z). Represents the User ID Info (GECOS), the comment field containing additional information about the user. For example, the user's full name, phone number, and other contact details. 
  • The home directory (/home/sara). The absolute path to the directory where users are placed when they log in. It contains the user's files and configurations.
  • The default shell (bin/bash). The user's default shell that starts when the user logs into the system. 

How to Read /etc/passwd File?

The /etc/passwd file has read permissions, and anyone can view its contents without additional privileges. There are several ways to read the file.

Method 1: cat Command

Use cat to print the entire file content in the terminal.

To do so, enter:

cat /etc/passwd
Terminal output for cat /etc/passwd

The first line represents the root user, followed by system and standard user accounts. New entries are appended at the end.

Method 2: less command

Another command that displays the file is less. Unlike cat, the less command shows the file one page at a time, making it easier to navigate through large files.

To view the file with less, execute:

less /etc/passwd
Terminal output for less /etc/passwd

Press the Spacebar to scroll down or the q key to exit the viewer.

Method 3: head Command

The head command, by default, displays the first ten lines. Run the following command to read the file:

head /etc/passwd
Terminal output for head /etc/passwd

To print a different number of lines, specify the count using the -n option.

For example, to print the first fifteen lines of /etc/passwd, run:

head /etc/passwd -n 15
Terminal output for head /etc/passwd -n 15

Method 4: tail command

Run tail without any arguments to print the last ten lines:

tail /etc/passwd
Terminal output for tail /etc/passwd

However, to set a different number of lines, run tail with the -n option. For instance, print the last fifteen lines with:

tail /etc/passwd -n 15
Terminal output for tail /etc/passwd -n 15

Method 5: Text Editor

Another option is to open the /etc/passwd file in a text editor of choice. For instance, to open the file in Vim, run:

vim /etc/passwd
Terminal output for vim /etc/passwd

Use the commands provided by the text editor to navigate, view, and exit the file.

Note: If you don't have a text editor installed, check out our list of best Linux text editors for coding.

How to Check /etc/passwd File Permissions

File permissions are essential for maintaining the security and integrity of system files.

The /etc/passwd file is owned by root and has permissions set to 644. These permissions signify the owner (root) has read and write access, while the group and other users have read-only access.

To verify the /etc/passwd file permissions, run the ls command with the -l option:

ls -l /etc/passwd
Terminal output for ls -l /etc/passwd

The output provides the file's owner, group, size, and permissions. To see additional file details, run the stat command:

stat /etc/passwd
Terminal output for stat /etc/passwd

How to Edit /etc/passwd File?

Editing the /etc/passwd file requires root access or sudo privileges. Any incorrect modification of /etc/passwd often leads to login issues or security vulnerabilities.

Several methods exist for editing the file.

Method 1: vipw command

The vipw command is a safe way to edit the /etc/passwd file by locking it against simultaneous modifications. The command opens the /etc/passwd file in the system editor and locks the file, which prevents other users and processes from making any changes.

Execute the following command:

sudo vipw
Terminal output for sudo vipw /etc/passwd

To test if the tool works, open another terminal window and try to change a user's password. For instance, the example below uses passwd to change the password for the user sara:

sudo passwd sara
Terminal output for sudo passwd without password update

The terminal doesn’t print the confirmation of password change, and the password won't get updated until you exit vipw.

Use the appropriate keys to exit the editor running vipw. For Vim, type wq and hit Enter.

exiting vipw window

Next, return to the other terminal window:

sudo passwd terminal output confirming change

The output now shows that the password is updated.

Method 2: usermod command

The usermod command allows users to modify various account attributes. Depending on the changes to be made, use different arguments with usermod:

OptionDescription
-cAdd info to the user.
-sChange the default shell.
-dChange the home directory.
-eChange account expiration date.
-uChange user ID.
-lChange username.

For example, change the user's name with:

sudo usermod -c "Sara ZV" sara
Terminal output for sudo usermod -c

Verify the change was successful using the commands for viewing the /etc/passwd file. For instance:

tail /etc/passwd -c 5
Terminal output for tail /etc/passwd -n -5

Method 3: Text Editor

Another option is to open the /etc/passwd file in a text editor like Vim. However, using a text editor to modify the file does not protect against simultaneous user changes.

For example, the root user is editing the /etc/passwd file in Vim. If another user tries to change the password, the initial change may not be successful. Moreover, users sometimes encounter login issues if the modification fails to update the password in /etc/passwd.

However, caution and confirmation of a single user modifying the file allow for successful editing using a text editor. For instance, open the file in Vim with:

sudo vim /etc/passwd
Editing /etc/passwd in Vim

Using sudo when accessing a text editor allows users to edit the file. The example above shows Vim in the insert mode, and changes are being made with the user's name.

Note: If Vim is your preferred text editor, level up your knowledge with our Vim commands cheat sheet.

What Is /etc/shadow File?

The /etc/shadow file is a companion file to /etc/passwd, designed to store encrypted user passwords.

The file follows a specific format for each entry. Each line represents a user account and consists of several fields separated by colons (:).

The fields include:

  • The username.
  • Encrypted password.
  • Password aging info (such as password expiration and change history).
  • Account locking status.

However, unlike the /etc/passwd file, the /etc/shadow file is readable only by privileged users.

To read the /etc/shadow file, use the same commands used for reading the /etc/passwd file (cat, less, head, tail) but with sudo.

Conclusion

After reading the article, you now understand the /etc/passwd file. Choose your preferred tool for reading and editing the file to make the necessary changes.

Next, learn how to add users in Linux.

Was this article helpful?
YesNo
Sara Zivanov
Sara Zivanov is a technical writer at phoenixNAP who is passionate about making high-tech concepts accessible to everyone. Her experience as a content writer and her background in Engineering and Project Management allows her to streamline complex processes and make them user-friendly through her content.
Next you should read
chpasswd Command in Linux with Examples
January 25, 2023

The chpasswd command in Linux is a useful tool for batch-updating passwords. This article provides examples and explanations of how to use chpasswd for optimal security...
Read more
Linux Security Stats, Tools, and Best Practices
March 16, 2023

Maximize your data security with our comprehensive list of 40 Linux security tips and best practices. Despite the inherent security advantages of Linux, remember that no operating system is foolproof. Implement these...
Read more
How to Change Sudo or Root Password in Ubuntu
April 16, 2024

Are you looking to change the root password in Ubuntu? Changing passwords is a good practice and should be done periodically. Linux allows multiple user accounts, each having its own...
Read more
How to Reset or Change the Root Password in Linux
October 22, 2018

In Linux, root privileges (or root access) refers to a user account that has full access to all files, applications, and system functions. Most basic Linux user accounts run with limited privileges.
Read more