August 2, 2015

/etc/shadow file format in Linux Explained

Full article here

In one of the recent articles we've published, we've learned the file format of /etc/passwd file, which stores one line entry for each user that can access the system. As one of the fields in each line of the /etc/passwd denotes whether the password for that user is stored in /etc/shadow file or not, it can easily be depicted that the actual passwords (of course, in the encrypted form) are stored in the /etc/shadow file. This article will help you learn more about /etc/shadow file format in more detail.

/etc/shadow File Permission

To begin with, let us observe and compare the file permissions on both /etc/passwd and /etc/shadow files:

MyLinuxBox root ~ > ll /etc/passwd
-rw-r--r--. 1 root root 1725 Jul 31 23:02 /etc/passwd
MyLinuxBox root ~ > ll /etc/shadow
-rw-------. 1 root root 1187 Jul 16 09:10 /etc/shadow
Things are pretty clear- /etc/passwd is world readable and /etc/shadow can only be read by the root user. This is because, had the password were stored in /etc/passwd file, even in encrypted format, anyone could see, decrypt and use them pretty easily. Thus, passwords are actually stored in /etc/shadow file which can only be accessed by root or superuser and not made open to the entire world, as there is a huge risk factor involved in it.
Read more on YourOwnLinux
Click Here!