In Linux, users' passwords are essentially stored in two files, but not in plain text, but in encrypted form:
1. `/etc/passwd`
2. `/etc/shadow`
3. Security note:
4. Passwords Conclusion:
1.) /etc/passwd
- This file contains basic information about the user accounts, including the username, user ID (UID), group ID (GID), home directory, and shell.
- Previously, this file also stored the encrypted passwords. However, for security reasons, passwords are no longer stored directly in this file these days.
Example contents of the /etc/passwd file:
username:x:1000:1000:User Name,,,:/home/username:/bin/bash
The `x` in the second field indicates that the password is stored in a different location.
2.) /etc/shadow
- This file contains the encrypted passwords of user accounts and is only accessible to the user root and other administrators.
- The shadow file also stores additional information such as the date of the last password change and password expiration options.
Example contents of the /etc/shadow file:
username:$6$randomsalt$hashedpassword:18295:0:99999:7:::
This line contains:
- username: The user name.
- $6$randomsalt$hashedpassword: The encrypted password (salted for increased security).
- The following fields concern password aging, expiration date and other options.
3.) Security note:
Because root access is required to read or edit the /etc/shadow file, access to this file is strictly limited. This restriction prevents unauthorized users from viewing or tampering with passwords.
The password hashes in the shadow file can theoretically be cracked (e.g. by brute force attacks), but they are protected by strong hashing algorithms and additional security mechanisms such as salt values.
4.) Passwords Conclusion:
- File with the user information:
/etc/passwd
- File with the encrypted passwords:
/etc/shadow
Only administrators should have access to the shadow file to ensure the security of the system.
