Which file saves a user’s password in Linux?
Unix based OSes like Linux maintain user password in /etc/shadow file in encrypted algorithm basically in hash method.
You can view this file with standard Linux text editor or with cat command:
- # cat /etc/shadow
This file has default permission of 600 which mean only root user can read or write this file and other users are denied to access this file which obvious it should since it contains root and other users password. Whenever any user authentication happen Linux refer this file. So this file is very important for user authentication in Linux.
Example of /etc/shadow file with its parameter values detail:
- csingh:$6$.n.:17736:0:99999:7:::
- [--] [------][----]-[-----]----
- | | | | | ||||
- 1. 2. 3. 4. 5. 6.7.8.9.
Values order wise:
1. Username
2. Encrypted Password
3. Last password change
4. Minimum password age
5. Maximum password age
6. Warning period
7. Inactivity period
8. Expiration date
9. Unused
This file contain each user entry per line starting with root user then system and normal users. This file also contains user account information along with its password seperated by colons (:).
The /etc/shadow contain password in $type$salt$hashed format. $type is the method of encryption hash algorithm. This file support below encryption hash algorithm types for storing user password:
- $1$ – MD5
- $2a$ – Blowfish
- $2y$ – Eksblowfish
- $5$ – SHA-256
- $6$ – SHA-512
You can identify password encryption type with above value number available in second column.
If this file contain * or ! in any user password field that means password for that user is locked and cannot be authenticate through password in system but that user can access system either by key based authentication or by switching to his user id from other user account.
