Saturday, 1 August 2015

/etc/passwd File Format in Linux Explained

/etc/passwd file is one of the most important files as it possess all the necessary details about every account in the Linux system. In this article, we will learn about /etc/passwd file in more depth.

File permissions on /etc/passwd file

In order to view file permissions on /etc/passwd file, you can execute ll /etc/passwd as follows:

MyLinuxBox root ~ > ll /etc/passwd
-rw-r--r--. 1 root root 1718 Jun  6 12:01 /etc/passwd
You can clearly observe that, this file is open to be read by all, but is only writable by root or superuser.

/etc/passwd file contents

As quoted, /etc/passwd maintains the information about each and every user that can use the system. Every time a new user account is created, the user account details are stored in the same file. Whenever some user attempts for a login to the system, the getty process validates the user, whether the user is legitimate or not, using /etc/passwd (and /etc/shadow for the password validation) file.

Normally, the /etc/passwd is a text file that contains one separate line entry, delimited by a colon (:), for each user account configured in the system, as shown below:

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
mandar:x:500:500:Mandar Shinde:/home/mandar:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
Let us consider entry for the user 'mandar', to get in the depth of the file contents:

mandar  :  x  :  500  :  500  :  Mandar Shinde  :  /home/mandar  :  /bin/bash
As I said, there is a separate entry on a separate line in the /etc/password file, for each user in the system, and each entry being delimited with a colon (:). For better understanding, I've created the fields across each colon and numbered each of the fields, in this way, there are total 7 fields generated. Let us study each field one by one:

  1. Username field: This field denotes the User (or User Account) Name. According to the man page of useradd command, "Usernames may only be up to 32 characters long". This username must be used at the time of logging in to the system.
  2. Password field: Second field is the Password field, not denoting the actual password though. A 'x' in this field denotes the password is encrypted and saved in the /etc/shadow file.
  3. UID field: Whenever a new user account is created, it is assigned with a user id or UID (UID for the user 'mandar' is 500, in this case) and this field specifies the same.
  4. GID field: Similar to the UID field, this field specifies which group the user belongs to, the group details being present in /etc/group file.
  5. Comment/Description/User Info field: This field is the short comment/description/information of the user account (For this example, user account 'mandar' belongs to the user Mandar Shinde, hence this comment).
  6. User Home Directory: Whenever a user logs in to the system, he is taken to his Home directory, where all his personal files reside. This field provides the absolute path to the user's home directory (/home/mandar in this case).
  7. Shell: This field denotes, the user has access to the shell mentioned in this field (user 'mandar' has been given access to /bin/bash or simply bash shell).
To get the user account information, you can simple write a script, that fetches the details from /etc/passwd file, as below:


grep -w "$1" /etc/passwd | while IFS=':' read USR PSWD USRID GRPID DESC HOMEDIR SHL
        echo -e "\t\tUsername : $USR
                UID : $USRID
                GID : $GRPID
                Description : $DESC
                Home Directory : $HOMEDIR
                Shell : $SHL"
To check this, run the script as follows:

MyLinuxBox root ~ > ./ mandar
                Username : mandar
                UID : 500
                GID : 500
                Description : Mandar Shinde
                Home Directory : /home/mandar
                Shell : /bin/bash

MyLinuxBox root ~ > ./ nagios
                Username : nagios
                UID : 501
                GID : 501
                Description :
                Home Directory : /home/nagios
                Shell : /bin/bash
That's all about this article, stay tuned for many more of them.


  1. Very helpful, thank you.

  2. When users shell is set to /sbin/nologin, upon trying to login a friendly message is displayed to convey that user is not allowed to login.