Linux /etc/shadow file

All Redhat and debian-based Linux OS use shadow file to provide additional layer of security to user's password. This file stores user's password in encrypted form. The shadow file is only readable by the root user. When a user tries to login, first of all the entered username is checked in the passwd file, and when that user is found then the entered password is checked in the shadow file. If everything passes correctly, user is authenticated.

The shadow file contains user authentication information such as encrypted password, password and account expiration date, last-time password changed, etc. Each line in the file corresponds to an user account whose entry is in the passwd file. There are nine fields per line entry and are separated by a colon(:). Below image is a sample entry from shadow file-

Linux shadow file
  1. Username- It is the name of a user that you will use to log in.
  2. Encrypted password- This field holds an encrypted password of the user. In general, the password is 13 to 24 character long and is of the format $id$salt$hashed. The value of id can be one of the following-
    • $1$- It means password is encrypted using MD5 algorithm.
    • $2a$- It means password is encrypted using Blowfish algorithm.
    • $2y$- It means password is encrypted using Blowfish algorithm.
    • $5$- It means password is encrypted using SHA-256 algorithm.
    • $6$- It means password is encrypted using SHA-512 algorithm.
  3. Password last changed- It specifies the number of days since the epoch(January 1, 1970), the password was last changed.
  4. Minimum password age- It specifies the minimum number of days that must pass before the password can be changed.
  5. Maximum password age- It specifies the maximum number of days for which the password is valid.
  6. Warning period- It specifies the number of days before password expiration that the user is warned about the upcoming expiration.
  7. Inactive period- The number of days after password expiration that account will be disabled.
  8. Account expiration- The date(represented as the number of days since the epoch) on which the account will expire and the user will no longer able to log in.
  9. Reserved for future

Example entry of Linux /etc/shadow file

meera:$1$.QKDPc5E$SWlkjRWexrXYgc98F.:17555:3:30:5:30:17889:

The above line shows password-related information for user meera and below it is explained in detail-

  1. The password is encrypted using MD5 algorithm.
  2. The password was last changed on 24 January, 2018.
  3. You cannot change the password till 27 January, 2018.
  4. You must change the password every 30 days(it means this password is valid till 23 February, 2018).
  5. The user will get a warning five days before the password expiration(here, it will be on 18 February, 2018).
  6. The account will disable after 30 days of password expiration, if no login attempt is made(here, it will be on 25 March, 2018).
  7. The account will expire on 24 December, 2018