/etc/shadow
Linux /etc/shadow file
All Redhat and debian-based Linux OS use shadow file to provide additional layer of security to user's password. This file stores user's password in encrypted form. The shadow file is only readable by the root user. When a user tries to login, first of all the entered username is checked in the passwd file, and when that user is found then the entered password is checked in the shadow file. If everything passes correctly, user is authenticated.
The shadow file contains user authentication information such as encrypted password, password and account expiration date, last-time password changed, etc. Each line in the file corresponds to an user account whose entry is in the passwd file. There are nine fields per line entry and are separated by a colon(:). Below image is a sample entry from shadow file-
Linux shadow file
1. Username- It is the name of a user that you will use to log in.
2. Encrypted password- This field holds an encrypted password of the user. In general, the password is 13 to 24 character long and is of the format $id$salt$hashed. The value of id can be one of the following-
$1$- It means password is encrypted using MD5 algorithm.
$2a$- It means password is encrypted using Blowfish algorithm.
$2y$- It means password is encrypted using Blowfish algorithm.
$5$- It means password is encrypted using SHA-256 algorithm.
$6$- It means password is encrypted using SHA-512 algorithm.
3. Password last changed- It specifies the number of days since the epoch(January 1, 1970), the password was last changed.
4. Minimum password age- It specifies the minimum number of days that must pass before the password can be changed.
5. Maximum password age- It specifies the maximum number of days for which the password is valid.
6. Warning period- It specifies the number of days before password expiration that the user is warned about the upcoming expiration.
7. Inactive period- The number of days after password expiration that account will be disabled.
8. Account expiration- The date(represented as the number of days since the epoch) on which the account will expire and the user will no longer able to log in.
9. Reserved for future
Example entry of Linux /etc/shadow file
meera:$1$.QKDPc5E$SWlkjRWexrXYgc98F.:17555:3:30:5:30:17889:
The above line shows password-related information for user meera and below it is explained in detail-
1. The password is encrypted using MD5 algorithm.
2. The password was last changed on 24 January, 2018.
3. You cannot change the password till 27 January, 2018.
4. You must change the password every 30 days(it means this password is valid till 23 February, 2018).
5. The user will get a warning five days before the password expiration(here, it will be on 18 February, 2018).
6. The account will disable after 30 days of password expiration, if no login attempt is made(here, it will be on 25 March, 2018).
7. The account will expire on 24 December, 2018
=============================
In the "old" days, decades ago, UNIX systems kept user passwords stored, in plain text, in the /etc/passwd file (hence its name.) This, for very obvious reasons, was not at all good. But there was no simple solution to this as any change to an encrypted password system would break backwards compatibility with the /etc/passwd file and with any tools that depended on it. The solution was to make a new file, the /etc/shadow file that would "shadow" the /etc/passwd file and provide a place for a new encrypted password along with some additional password controls. So while having a separate file is a bit bizarre today, it has an historic context that makes it make sense. No functionality is lost and the additional complexity is nominal. (Linux and most UNIX use this file. BSD, however, uses /etc/master.passwd instead.)
UNIX History Lesson: The shadow password system was first introduced in the mid-1980s by Sun's SunOS UNIX system and by 1990 was widely copied and essentially ubiquitous in UNIX systems. So the shadow concept has been a part of Linux since inception.
Unlike the /etc/passwd and /etc/group files, /etc/shadow is protected and normal users cannot see its contents. This provides an additional level of security for it. There is no need for users to see what /etc/shadow contains, but other files are useful to see what accounts are available, groups exists and who are members of them.
Let's look at a few selected lines of /etc/shadow, notice that this is a colon delimited file:
syslog:*:16613:0:99999:7:::
jennifer:$6$Rmov1cd9$m5Z0JoE3fK6UvEpojvUQP1AOQV6zVoijFVKyyqRRPWJHu9Qu3dQDIVroRCwkadbLeuj98sK0rn/n2WlwlnHr7.:16772:0:99999:7:::
The format of the file is...
username
password (or password info)
date of last password change
days until change allowed
days before change required
days warning for expiration
days before account inactive
date when account expires
reserved
Here, in our first line, the user is syslog and in the second line the user is jennifer. Make note that it is the username, not the UID that matches users to their /etc/shadow entry.
In the second field we see a major difference. For syslog we just see an "*". This denotes that the account is locked and cannot use a password for authentication. This is common for accounts that have no need for a log in (like a system account here) or for users who only log in via some other means such as keys (which we will learn about later.) We would not want a password here if there was no password authentication allowed for the account. For the jennifer account we see an encrypted password in this field, instead.
We we learn later how dates are stored in UNIX systems, so the numbers here in the date fields may seem a bit odd.
In the third field we have the date of the last password change. This affects nothing, just provides info to the system.
The fourth field tells us how long before another change is allowed. Generally you will see this as a 0 as this is often unused. With 0 the user can change their password immediately.
The fifth field offers us how long until a change to the password must be made (in the example here 99999 is the rough equivalent of never needs to be changed.)
The six field is for expiration warning times. Many of the later fields can be ignored and left blank. The colons separating the blank fields must be retained, however.
The seventh field is the number of days before the account becomes inactive.
The eighth field is the date when the account expires.
The nine field is reserved and unused.
Typically we use nothing more in this file that the username and password fields to determine how an account is being treated. It is rather uncommon to look at the /etc/shadow file manually. It is extremely common for most fields to go unused.
If we rarely look at the /etc/shadow file, one might inquire as to how it is created or altered, especially as the password field requires encryption. The answer is the pwconv command. Of course, most user creation tools will manage /etc/shadow for us automatically behind the scenes. But if we create a user manually by editing the /etc/passwd file by hand of course they will not get an entry in the /etc/shadow field. Since editing the /etc/passwd file by hand or by script is not uncommon, we need to learn the pwconv command (literally means "password convert" - meaning to convert from old style passwords in /etc/passwd to modern ones in /etc/shadow.)
All we need to do, after editing /etc/passwd is run the command like this:
# pwconv
Obviously root level permissions are needed for this command given the nature of what it does.
Recommended Exercise:
Create a user by hand in /etc/passwd
Look at /etc/shadow and notice that they have no entry
Use pwconv to make the user ready for a password
Look at /etc/shadow again and notice that they have a passwordless entry
Use passwd as root to create their initial password
More on the asterisk, exclamation point and double exclamation point in the password field:
In all three cases, these are simple "bad" passwords that don't work and function to lock an account. Under the hood, that's all that they do. In practice, though, an asterisk (*) is supposed to denote a service account that was never given a password so has been unable to login since creation. And exclamation point (!) or a double (!!) are two different tools' ways of denoting that a password used to exist but that the account has since become locked. In some cases the ! will be followed by the old password, but not always.
=========================
Shadow Utilities
If you are in a multiuser environment and not using a networked authentication scheme such as Kerberos, you should consider using Shadow Utilities (also known as shadow passwords) for the enhanced protection offered for your system's authentication files. During the installation of Red Hat Linux, shadow password protection for your system is enabled by default, as are MD5 passwords (an alternative and arguably more secure method of encrypting passwords for storage on your system).
Shadow passwords offer a few distinct advantages over the previous standard of storing passwords on UNIX and Linux systems, including:
Improved system security by moving the encrypted passwords (normally found in /etc/passwd) to /etc/shadow which is readable only by root
Information concerning password aging (how long it has been since a password was last changed)
Control over how long a password can remain unchanged before the user is required to change it
The ability to use the /etc/login.defs file to enforce a security policy, especially concerning password aging
The shadow-utils package contains a number of utilities that support:
Conversion from normal to shadow passwords and back (pwconv, pwunconv)
Verification of the password, group, and associated shadow files (pwck, grpck)
Industry-standard methods of adding, deleting and modifying user accounts (useradd, usermod, and userdel)
Industry-standard methods of adding, deleting, and modifying user groups (groupadd, groupmod, and groupdel)
Industry-standard method of administering the /etc/group file using gpasswd
There are some additional points of interest concerning these utilities:
The utilities will work properly whether shadowing is enabled or not.
The utilities have been slightly modified to support Red Hat's user private group scheme. For a description of the modifications, see the useradd man page. For more information on user private groups, turn to the Section called User Private Groups.
The adduser script has been replaced with a symbolic link to /usr/sbin/useradd.
===================================
Understanding Linux /etc/shadow File Format
The /etc/shadow file stores actual password in encrypted format and other passwords related information such as user name, last password change date, password expiration values, etc,.
It’s a text file and readable only by the root user and is therefore less of a security risk.
The /etc/shadow file contain every user details as a single line with nine fields, each fields separated by colon :.
We had already written an article about Linux /etc/passwd file format in previous post. As earlier explained in the /etc/passwd file that second field written as (x), which means shadowing is enabled and encrypted password exists for that user in another file “/etc/shadow”.
The encrypted passwords can be stored in /etc/passwd file and the same was followed in the initial days. But it’s not recommended due to world readable permissions on the /etc/passwd file.
Also, /etc/passwd doesn’t allow to store other password related information since the /etc/passwd file has only one field for password information.
To mitigate all these issue, they had created the /etc/shadow file and allowed to store encrypted password and other password related information.
The /etc/login.defs file provides default configuration information for user account password parameters. It defines, Password ageing related information such as password Min/Max days, password warning age, etc.,
# grep PASS /etc/login.defs
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_WARN_AGE Number of days warning given before a password expires.
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
#PASS_CHANGE_TRIES
#PASS_ALWAYS_WARN
#PASS_MIN_LEN
#PASS_MAX_LEN
# NO_PASSWORD_CONSOLE
How to Access /etc/shadow File in Linux?
As i told in the beginning of the article, it’s a text file and readable only by the root user. Use any file manipulation commands to access it.
I have trimmed the file for better understanding.
# cat /etc/shadow
root:!:17952:0:99999:7:::
daemon:*:17737:0:99999:7:::
bin:*:17737:0:99999:7:::
.
.
daygeek:$6$iU9KjTeD$5myyo4W7zppTOEdVUeP8/E6Kmjl7CtYYFqIIyes.fnNHy1fR0gJLb0q2KLhjAH6KrPpHZ0eJorBh.D74mq.vQ.:17952:0:99999:7:::
sshd:*:17952:0:99999:7:::
thanu:!:17965:0:99999:7:::
renu:$6$hvf089W7$lBhBB7DUkJZ.zU2ekY3M1AWUAXiRLO0fnxqrhPVhyIRKfp/w2NS8ZJTmzJFz5sAI3HY0OVmcVo8swGavk4Srp1:17965:0:99999:7:::
2gadmin:$6$4GhyWZ7F$gzlNBezxIkooZn6vnUVcZv3fyemo8EDSVx/Ru93cqXn6e12gKu9l.N9A6jzoUjuteCtdIfSF/zigW0aMUAdMP.:17972:0:99999:7:::
testuser:$6$r.PhJ0HG$Y.xOpTBqJbWpc3f0uri.g8ErCu4wIiUGqPYYwXdxtjGtgZxaOh7ZkStlg9kDRAITtlZrHajxmAMHfd3rnSivt1:17965:0:99999:7:::
demouser:$6$9CZpDyNz$bq5vvUP/ZI.2o43hIfjjMxfFcFgpaYAeUt5t0tntRMp7uO2NwCz/vqLoHGn.OCLJ.ZPSQXe5nOSoaos91Sf01/:17965:0:99999:7:::
sudha:$6$qnxlK8b1$.TUnwqmrDNNoPBi/1UcKMcWnQ18vrBM7jp8G1ZZOCjW3IzWtvY9/Cv06SUFuFMTuop6BcQqojabEamDZz5Eoy.:17965:0:99999:7:::
suresh:$6$FJd45FHD$nc8.lfpNTMByrrVJMc01Ax2ui6dvhzoa4tLi5qTmSJ0hznZDp2gM4b5pBUCuIkh5B5sDPF.QHmQn7ykRxfzvD0:17965:0:99999:7:::
mysql:!:17972:0:99999:7:::
ntp:*:17982:0:99999:7:::
_chrony:*:17983:0:99999:7:::
Debian-exim:!:18056:0:99999:7:::
u1:$6$hWt8cQ6t$7a.Y1P0QbpeTh2gY0uqWMvQtem2zbtQLkLXWeQ0PVsYJMYFZ/qexoV5BTNEUA0Dy3l6EynUaVr6Zm5TNPKK0v1:18058:0:99999:7:::
u2:$6$dmiZ1DNZ$bNP9zmltm2q3vUeo/1UjsAhsT6MJhcGznh3WsZKYXNXh/sOTDzLvmpUtUNVmClr26ZbrO6XwCecqfNh9/.sMV.:18058:0:99999:7:::
u3:$6$jURs3Rwk$F5sAISRA/C9YSUqgcLkylkYELubobnNbu0a1PY.16TFH.lKkqWrtSpglm9iOMgIRkxU69ndiRZU5EC1Tg8P/A1:18058:0:99999:7:::
u4:$6$GaRMSi2G$VX.iXvxxPDKVdqTV7tlWSOCHS6HQ7N4J2UtXoOD/Obs.0Nf3xfOtaRPSHeO4x.6YivafK.J4h3.DSNDREoqvE/:18058:0:99999:7:::
u5:$6$YzYrK29s$tC39cPEmFEI61WskTHSyEQsnNoEUQ6O6GubmqYDTR4RKHM8b239TBypTJobxdWb7WF9XxM1FpsSvQq4oh/C5m.:18058:0:99999:7:::
nagios:$6$LJBp6Hb4$RBLQ3S9cngte8yDmLr5T8QTMSvPWzleYltT4NLUVExqXv9SIOL.0KhTvqHiU5OxhUP5k4njgNAjUI1Ve6Ndjg0:18085:0:99999:7:::
What are the Nine Fields and it’s Details?
The /etc/shadow file contain every user password details as a single line with nine fields as described below, each fields separated by colon :.
The password field comes with following three variants.
Usable Encrypted Password: This allow us to login to the Linux system since it’s comes with proper password.
Locked Password: A password field which starts with a exclamation mark means that the password is locked.
(! and *) Represent Empty Password: This field may be empty, in which case no passwords are required to authenticate as the specified login name. These user will not be able to use a unix password to log in.
These are the Nine fields, which is in /etc/shadow file.
Username: User login name, it be a valid account name, which exist on the system.
Encrypted Password: Encrypted Password hash, which contains three parts like hash_algorithm, hash_salt, and hash_data.
Date of last password change: The date of the last password change, expressed as the number of days since Jan 1, 1970.
Minimum password age: The minimum password age is the number of days the user will have to wait before she will be allowed to change her password again.
Maximum password age: The maximum password age is the number of days after which the user will have to change her password.
Password warning period: The number of days before a password is going to expire (see the maximum password age above) during which the user should be warned.
Password inactivity period: The number of days after a password has expired during which the password should still be accepted. After expiration of the password and this expiration period is elapsed, no login is possible using the current user’s password.
Account expiration date: The date of expiration of the account, expressed as the number of days since Jan 1, 1970.
Reserved field: Not used or reserved for future use.
# grep "mageshm" /etc/shadow
mageshm:$6$sTgBhfj0$pkzz/JpVTl8ZAmk./d4SDarRyWsGSZHguljywUHQMP4DWo8/TgNzL5rMpejqNWuyxtFlISxdyIqPmpsIsyi.i1:16088:0:99999:7: : :
-------|--------------------------------------------------------------------------------------------------|-----|-|-----|-|-|-|-|
1 2 3 4 5 6 7 8 9
Understanding the Password Hash Field and it’s Details?
The Password hash field contains an encrypted password instead of original password and the original password haven’t stored anywhere in system.
The encrypted password is having three fields and the field is separated by $ symbol.
These are the three fields, which is in password field.
hash_algorithm: This field shows which hashing algorithm used.
hash_salt: This field is contain encrypted password instead of actual password.
hash_data: This field is salted hash password.
$6$sTgBhfj0$pkzz/JpVTl8ZAmk./d4SDarRyWsGSZHguljywUHQMP4DWo8/TgNzL5rMpejqNWuyxtFlISxdyIqPmpsIsyi.i1
- -------- --------------------------------------------------------------------------------------
1 2 3
Details of hash_algorithm
Details of hash_algorithm and it’s code.
+------+------------------------+
| Code | Algorithm |
+------+------------------------+
| $1 | MD5 hashing algorithm |
| $2 | Blowfish Algorithm |
| $3 | Eksblowfish Algorithm |
| $4 | NT hashing algorithm |
| $5 | SHA-256 Algorithm |
| $6 | SHA-512 Algorithm |
+------+------------------------+
How to Check /etc/shadow File Permission?
Simply use ls command to check the /etc/shadow file permission.
# ls -la /etc/shadow
-rw------- 1 root root 942 Jun 1 22:14 /etc/shadow
How to View Users Password Properties in Linux?
Use chage command to check users password properties.
# chage -l daygeek
Last password change : Feb 25, 2019
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
==============================
In the Linux operating system, a shadow password file is a system file in which encryption user password are stored so that they aren't available to people who try to break into the system. Ordinarily, user information, including passwords, is kept in a system file called /etc/passwd . The password for each user is stored in an encrypted form (some would call it an encoded form since it isn't really encrypted by the usual algorithm) that is created and used as follows:
The original password is encrypted (or encoded) by using a randomly-generated value or encryption key between 1 and 4096 and a one-way hashing function to arrive at the encoded password that is actually stored. Note that the stored result is not something that you can enter as a password itself.
The key (referred to as the salt) is stored with the encoded password. Note the key itself can't be used to decode the encrypted/encoded password because the encoding is one-way. You can't decode the result back into the original password by using the key.
When someone enters a password, their password is then rehashed with the salt value and compared with the encoded password value. If they match, the user is given access to the system.
In spite of encoding the password with a randomly-generated one-way hash function, a cracker could still break the system if they got access to the /etc/passwd file. Using an approach known as the dictionary attack, a cracker could methodically test each encoded password in the file against their dictionary of commonly-used passwords, each encoded 4096 different ways (to cover all the hash possibilities). Assuming that the system was lax in its password creation requirements and some user used one of the many commonly-used passwords, at least one password could be discovered. In Linux, this possibility can be foreclosed by simply moving the passwords in the /etc/passwd file to another file, usually named /etc/shadow and making this file readable only by those who have access to the system root directory. Using a shadow password file requires that the Linux system installer also install the optional Shadow Suite, which, like Linux, is open source software and available from a number of sites on the Web.
=============================
We have written about /etc/passwd file in past. In this article we will see /etc/shadow file, its format, its content, its importance for Linux system. /etc/shadow file (henceforth referred as shadow file in this article) is one of the crucial file on system and counterpart of /etc/passwd file.
Unlike password file, shadow file is not world readable. It can be read by root user only. Shadow file permissions are 400 i.e. -r-------- and ownership is root:root. Means it can be only read and by root users only. Reason for such security is password related information which is being stored in this file.
Typical /etc/shadow file looks like :
# cat /etc/shadow
root:$1$UFnkhP.mzcMyajdD9OEY1P80:17413:0:99999:7:::
bin:*:15069:0:99999:7:::
daemon:*:15069:0:99999:7:::
adm:*:15069:0:99999:7:::
testuser:$1$FrWa$ZCMQ5zpEG61e/wI45N8Zw.:17413:0:33:7:::
Since its normal text file, commands like cat, more will work without any issue on it.
/etc/shadow file has different fields separated by colon. There are total of 8 fields in shadow file. They are –
Username
Encrypted password
Last password change
Min days
Max days
Warn days
Inactive days
Expiry
Lets walk through all these fields one by one.
Username
Username is user’s login name. Its created on system whenever user is created using useradd command.
Encrypted password
Its user’s password in encrypted format.
Last password change
Its number of days since 1 Jan 1970, that password was last changed. For example in above sample testuser’s last password change value is 17413 days. Means count 17413 days since 1 Jan 1970 which comes to 4 Sept 2017! That means testuser last changed his password on 4 Sept 2017.
You can easily add/subtract dates using scripts or online tools.
Min days
Its minimum number of days between two password changes of that account. That means user can not change his password again unless min days has passed after his last password change. This field can be tweaked using chage command. This is set to 7 days generally but can be 1 too depends on your organization security norms.
Max days
Its maximum number of days for which user password is valid. Once this period exausted, user is forced to change his/her password. This value can be altered using chage command. It is generally set to 30 days but value differ as per your security demands.
Warn days
Its number of days before password expiry, user will start seeing warning about his password expiration after login. Generally it is set to 7 but its upto you or your organisation to decide this value as per organizational security policies.
Inactive days
Number of days after password expiry, account will be disabled. Means if user dont login to system after his/her password expiry (so he doesnt change the password) then after these many days account will be disabled. Once account is disabled system admin needs to unlock it.
Expiry
Its number of days since 1 Jan 1970, account is disabled. Calculations we already seen in ‘last password change’ section.
Except first 2 fields, rest all fields are related to password aging / password policies.
==========================
Most modern Linux distributions use the /etc/shadow file to store encrypted password data. Passwords are stored using a hash (a one-way type of encryption). This file also stores various password information, such as the date of the last password change, password expiration date, etc.
Here is how an entry in the /etc/shadow file looks like:
username:encrypted password:last password change:minimum:maximum:warning:disabled:disabled date
Here is a brief description of each field:
username – the name of the user.
encrypted password – the password in encrypted form.
last password change – the date of the last password change. This date is stored as the number of days since January 1, 1970.
minimum – the number of days before a password change is allowed. The value of 0 means the password can be changed any time.
maximum – the number of days before the password must be changed. The value 99999 means the user’s password never expires.
warning – the number of days before a password is going to expire during which the user will be warned.
disabled – the number of days after a password has expired until the user account is disabled. No entry in this field means that the account is disabled immediately after the password expires.
disabled date – the number of days since January 1, 1970 that the account has been disabled. No entry in this field means the account is not disabled.
Here is an entry for our user bob:
linux etc shadow file
In the picture above you can see the following information:
username – bob
encrypted password
last password change – the password has last been changed 16182 days since January 1, 1970 (April 22, 2014).
minimum – 0 means that the password can be changed at any time.
maximum – bob’s password expires 30 days after the last password change (May 22, 2014)
warning – bob will be warned 7 days before password is going to expire
disabled – no value means that the account is disabled immediately after the password expires
disabled date – no entry in this field means the account is not disabled.
=============================
Traditional Unix systems store user account information, including one-way encrypted passwords, in user database file "/etc/passwd". This file is world-readable and hence storing password in this file is not secure.
Another method of storing account information is the shadow password format. This method stores account information in the /etc/passwd file, but the password is stored as a single "x" character (ie. not actually stored in this file). A second file, called "/etc/shadow", contains encrypted password and other information related with password. The "/etc/shadow" file is readable only by the root account.
The following are the advantages shadow passwords over the traditional way of storing passwords on UNIX-based systems.
• Improves system security by moving encrypted password hashes from the world-readable /etc/passwd file to /etc/shadow, which is readable only by the root user.
• Stores information about password aging.
• Allows the use the /etc/login.defs file to enforce security policies.
A sample /etc/shadow configuration file is copied below.
root:$1$CQoPk7Zh$370xDLmeGD9m4aF/ciIlC.:14425:0:99999:7:::
bin:*:14425:0:99999:7:::
daemon:*:14425:0:99999:7:::
adm:*:14425:0:99999:7:::
lp:*:14425:0:99999:7:::
sync:*:14425:0:99999:7:::
shutdown:*:14425:0:99999:7:::
halt:*:14425:0:99999:7:::
mail:*:14425:0:99999:7:::
news:*:14425:0:99999:7:::
uucp:*:14425:0:99999:7:::
operator:*:14425:0:99999:7:::
games:*:14425:0:99999:7:::
gopher:*:14425:0:99999:7:::
ftp:*:14425:0:99999:7:::
nobody:*:14425:0:99999:7:::
rpm:!!:14425:0:99999:7:::
dbus:!!:14425:0:99999:7:::
avahi:!!:14425:0:99999:7:::
mailnull:!!:14425:0:99999:7:::
smmsp:!!:14425:0:99999:7:::
nscd:!!:14425:0:99999:7:::
vcsa:!!:14425:0:99999:7:::
haldaemon:!!:14425:0:99999:7:::
rpc:!!:14425:0:99999:7:::
rpcuser:!!:14425:0:99999:7:::
nfsnobody:!!:14425:0:99999:7:::
sshd:!!:14425:0:99999:7:::
pcap:!!:14425:0:99999:7:::
ntp:!!:14425:0:99999:7:::
gdm:!!:14425:0:99999:7:::
xfs:!!:14425:0:99999:7:::
sabayon:!!:14425:0:99999:7:::
tintin:$1$wKAP1RyH$JeCAcEGhSGVlD0J7.AMg.0:14396:2:5:7:30::
Column Field Description
1 Username Username
2 Password Encrypted password; requires an x in the second column of /etc/passwd
3 Password history Date of the last password change, in number of days after January 1, 1970 (Unix epoch)
4 mindays Minimum number of days that you must keep a password (-m)
5 maxdays Maximum number of days after which a password must be changed (-M)
6 warndays Number of days before password expiration when a warning is given (-W)
7 inactive Number of days after password expiration when an account is made inactive (-I)
8 disabled The number of days since January 1, 1970 (Unix epoch) that an account has been disabled (-E)
9 Reserved Currently not in use
Last updated
Was this helpful?