LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is the difference between passwd and /etc/shadow?

/etc/passwd holds public account info (name, UID, home, shell) and is world-readable; the actual password HASHES live in /etc/shadow, which only root can read.

The split is a classic security fix. /etc/passwd must be readable by everyone so any program can turn a UID into a username — but that meant password hashes were exposed to offline cracking. Moving the hashes into root-only /etc/shadow (leaving an x placeholder behind) keeps the lookups public while making the secrets unreadable to ordinary users. passwd is also the command you run to change a password; it can update /etc/shadow for everyone precisely because it's SUID-root.

File Contains Readable by
/etc/passwd User info (NOT passwords) Everyone
/etc/shadow Encrypted passwords Root only

Why the split?

  • Originally, passwords were in /etc/passwd
  • Anyone could read and crack them
  • /etc/shadow restricts access to passwords

/etc/shadow format:

username:$6$salt$hash:18000:0:99999:7:::
Field Meaning
username Login name
hash Encrypted password ($6$ = SHA-512)
18000 Days since Jan 1, 1970 of last change
0 Min days before change allowed
99999 Max days before change required
7 Days before expiry to warn

Special password values:

  • ! or * = account locked
  • Empty = no password (dangerous!)

Change password:

passwd              # Change your own
sudo passwd user    # Change another user's (as root)

Go deeper:

From Quiz: LIOS / User Management and Permissions | Updated: Jul 14, 2026