Understanding the /etc/passwd File

The /etc/passwd file is the most important file in Linux operating system. This file stores essential information about the users on the system. This file is owned by the root user and to edit this file we must have root privileges. But try to avoid edit this file. Now let’s see actually how this file look

This file contains one entry per line. That means it stores one user’s information on one line. The user information contains seven fields and each field is separated by the colon ( : )symbol. Each entry in the /etc/passwd file looks like this:

Now let’s understand each field one by one:

1. Username: This field stores the usernames which are used while login into the system. The length of this field is between 1 and 32 characters.
2. Password: This field store the password of the user. The x character indicates the password is stored in /etc/shadow file in the encrypted format. We can use the passwd command to update this field.
3. User ID(UID): User identifier is the number assigned to each user by the operating system to refer the users. The 0 UID is reserved for the root user. And 1-99 UID are reserved for other predefined accounts. And 100-999 are reserved by the system for administrative and system accounts/groups.
4. Group ID(GID): Group identifier is the number indicating the primary group of users. Most of the time it is the same as the UID.
5. User ID Info (GECOS): This is a comment field. This field contains information like the user phone number, address, or full name of the user. This field is used by the finger command to get information about the user.
6. Home directory: This field contains the absolute path of the user’s home directory. By default, the users are created under the /home directory. If this file is empty, then the home directory of that user will be /
7. Login shell: This field store the absolute path of the user shell. This shell is started when the user is log in to the system.

Now we have understood the file structure of the /etc/passwd file now let’s see one example of this file. You can view the content of file using the cat file like:

cat /etc/passwd

We can see that there are many users with all information.

To search for a specific user, we can use the grep command. Now for example to get information about the user Nishant we can use the following command:

grep nishant /etc/passwd

Check /etc/passwd file permission

The normal users have only read permissions to the /etc/passwd file. The only root user can write into this file. To see the permissions of /etc/passwd file, we can use the ls command as follows:

ls -l /etc/passwd

The output will be 

We can see that the permissions of the file /etc/passwd are rw-r–r–. This means the root user has read and write access and other groups and user have read-only access to the file.

To get more details like size, modify the time of this file we can use the stat command:

stat /etc/passwd

Reading /etc/passwd file:

We can read the /etc/passwd file more user-friendly by using the while loop and IFS separator. A while loop is used to iterate through the file, and IFS is a special variable is used to separate the string by a specific character.

#!/bin/bash

# using while loop to iterate through file
while IFS=: read -r f1 f2 f3 f4 f5 f6 f7        
do
echo "User $f1 use $f7 shell and stores files in $f6 directory."
done < /etc/passwd                             

After using this script, we get the following output: