What is the difference between passwd and /etc/shadow?
/etc/passwd holds public account info (name, UID, home, shell) and is world-readable; the actual password HASHES live in /etc/shadow, which only root can read.
The split is a classic security fix. /etc/passwd must be readable by everyone so any program can turn a UID into a username — but that meant password hashes were exposed to offline cracking. Moving the hashes into root-only /etc/shadow (leaving an x placeholder behind) keeps the lookups public while making the secrets unreadable to ordinary users. passwd is also the command you run to change a password; it can update /etc/shadow for everyone precisely because it's SUID-root.
| File | Contains | Readable by |
|---|---|---|
/etc/passwd |
User info (NOT passwords) | Everyone |
/etc/shadow |
Encrypted passwords | Root only |
Why the split?
- Originally, passwords were in
/etc/passwd - Anyone could read and crack them
/etc/shadowrestricts access to passwords
/etc/shadow format:
username:$6$salt$hash:18000:0:99999:7:::
| Field | Meaning |
|---|---|
| username | Login name |
| hash | Encrypted password ($6$ = SHA-512) |
| 18000 | Days since Jan 1, 1970 of last change |
| 0 | Min days before change allowed |
| 99999 | Max days before change required |
| 7 | Days before expiry to warn |
Special password values:
!or*= account locked- Empty = no password (dangerous!)
Change password:
passwd # Change your own
sudo passwd user # Change another user's (as root)
Go deeper:
shadow(5) — /etc/shadow file format — every aging field (last-change, min/max, warn, inactivity, expiry).