/etc/passwd Illustrated

| Comments

etc/passwd file is is located, well, in /etc directory. /etc stores most of the system level configurations for a typical UNIX(-like) system. There are more than one ways to do something on a UNIX(-like) system. We’ll discuss about some commands no the way which can be used to do stuff we gonna do by tinkering with /etc/passwd in this post. So let’s talk less and discuss something about the /etc/passwd without loosing time.


Why do /etc/passwd exist?

So the first question that would come in a mortal mind is ‘what for?’. Why do /etc/passwd even exist? It saves the information about all the users on a system. Original use of this file was to store almost all the data related to a user, including passwords. May be that’s the reason behind its name. But don’t worry, passwords are no longer stored as plain text in this file. More on this in later sections.


Structure of /etc/passwd

If you are on a GNU/Linux or similar system right now, you can take a look at it. User info is stored in this file in single lines, new lines for different users, with colons(’:’) as the separating character. Quick, run this command:
head -n 1 /etc/passwd
This will get you the first line of the file. If you do ‘cat /etc/passwd’, you will see there are many lines. More than the users you have made. Linux (and other Unix like systems) make users for running some special processes which need some certain set of special permissions. If you want to look which is the line for you (the presently logged in user that is), run this
cat /etc/passwd | grep username
On my system, it look like this:
channi:x:1000:100:Charanjit Singh,Beat of the Geek:/home/channi:/bin/zsh
Different fields of the file are separated by colons(’:’). If you count, there are 7 columns in total. Lets discuss them all.


First column of /etc/passwd

It’s your login name. The name you enter when you login to the system (or choose from the GUI). Yes, your login name will change if you change the /etc/passwd file here. There are many ways of changing things in GNU/Linux, and most of the times they are different commands which change the underlying configuration files like this one.


Alternative command for changing the login name

usermod -l NEWNAME oldname

Some system (including Ubuntu) offer another command for making changes to user info. To your surprise, it’s called moduser The difference b/w usermod and moduser is that of sophistication. Which one is more sophisticated is arguable though. usermod uses flags to set different information, and moduser provide an interface which ask you for the information in a menu like manner. Try them yourself.


Second column of /etc/passwd

That’s your login password. Surprised? Your actual password is not stored in this file actually. It’s not secure to store it in plain text here, or even in ciphered form. Many programs need access to this file for read purposes. Did you notice you didn’t need to enter root password for reading /etc/passwd? So where is the password stored in Linux? Your real password is ciphered with a secure one-way encryption algorithm and is stored in a shadow file (/etc/shadow). Try to do ‘cat’ on it. Yes you can’t. And that is justifiable. If you cat it with root password, you will see login names and a jumbled word in front of them. That’s the ciphered password. We’ll probably discuss them some other day. So since the password is not stored here, we can’t do anything about it by editing /etc/passwd, right? Not really. There is one thing we can do. If you change the ‘x’ in there with an asterisk ’*’, the account gets disabled and can’t be used. Actually if you change that ‘x’ (or if your system has some other value there), it simply won’t work. The user is greeted with charming ‘Authentication Failure’ messages.


Third column of /etc/passwd

In the third column comes user’s user id (UID you call it). A UID is a unique id assigned by the system to each user on the system. Usernames are only for humans, system itself identifies a user by its UID. You can change this number (obviously) but it’s not recommended. There are certain complications which may arise when you change the UID of a user (remember file permissions? cron tabs?). If you want to change the uid, better do it with usermod -u.


Fourth column of /etc/passwd

Similar to the uid, that’s the users gid (Group ID). It’s the id of primary group of the user. On most systems it is set same as the uid (not on mine though). You can change it with usermod -g command.
usermod -g
If you want to know different id’s related to a user, feel free to use id command. It will tell you many different ids. Just type
You can see different groups the user is member of with groups command.


Fifth column

This field contains comments about a user. It’s called the gecos field and contains a comma separated list of the extra information about a user like full name, address etc. Apart from usermod -c, you can use chfn to change this field. chfn chfn is abbreviation for ‘change finger info’. Most of the information related to a user can be accessed with finger command. In other words, someone with access the system can finger you to get information (pun intended). Check it out:  



Sixth column

That’s the path to user’s home directory. It can be changed here or with usermod -d command. Although there are other ways of changing it (including editing /etc/passwd file), but it is recommended not to do it that way. We’ll probably discuss the complications some other day.
usermod -d /home/new-home USERNAME


Seventh column

That’s the final column of the /etc/passwd file. It contains the shell for the users. Actually it’s the path to a program which is executed everytime a user logs in to the system. For the normal users it is a shell. It can be safely changed here or with usermod -s. Another quick command for changing default shell for a user is chsh.