What Is the Linux /and so forth/shadow File and What Does It Do?

While browsing your Linux system files, you may have come across a file on the Internet /etc Directory named shadow. It may sound scary, but it really is a safe, necessary, and useful file for system administration.

Today we are going to look at the content of the / etc / shadow File and what it can tell you about your system.

What is / etc / shadow?

As mysterious as it sounds, the operation of the file is fairly simple. The / etc / shadow The file contains information about the users of a Linux system, their passwords, and their password timing.

When you create or change a password on Linux, the system hashes it and stores it in the shadow file. All password rules assigned by the administrator, such as expiration dates and periods of inactivity, are also retained here. The shadow file can then tell authentication logs whether, for example, a user's password is correct or when it has expired.

You should never edit the shadow file directly. It is managed by automated processes and is not intended for ordinary users to change. Even so, the information it contains can be valuable to you, so it's worth a look.

What's in the Linux shadow file?

To view the contents of the shadow file, open up a terminal and output that cat Command on it:

sudo cat / etc / shadow

You will be asked to ask for your password. Assuming you have administrator rights, you will see a printout of text strings that look similar (highlight the ellipses where the string was cropped to fit your screen):

muo1: $ 6 $ IK2 … $ 20a …: 18731: 0: 99999: 7 :::

It looks cryptic, and in fact some of it is ciphertext. However, the string follows a certain construction and contains certain information that is specified by the Colon ((::) Character.

Here is a full layout of the string:

(User name) 🙁 password) 🙁 date of last password change) 🙁 minimum password age) 🙁 maximum password age) 🙁 warning period) 🙁 inactivity period) 🙁 expiration date) 🙁 not used)

Let's take a closer look at each of these fields:

1. User Name

Everything that follows in the string is associated with this username.

2. Password

The password field consists of three additional fields, which are identified by dollar signs: $ id $ salt $ hash.

  • I would: This defines the encryption algorithm that will be used to encrypt your password. Values ​​can be 1 (MD5), 2a (Puffer fish), 2y (Eksblowfish), 5 (SHA-256) or 6th (SHA-512).
  • Salt: This is the salt that is used to encrypt and authenticate the password.
  • Hash: This is the user's password as it will appear after hashed. The shadow file contains a hashed version of your password so that the system can verify any attempt to enter your password.

More information: Basic encryption conditions defined

Sometimes the password field only contains one asterisk ((* *) or Exclamation mark ((!). This means that the system has disabled the user account or that the user must authenticate using other means than a password. This is often the case with system processes (also known as pseudo-users), which you will likely find in the shadow file as well.

3. Date of the last password change

Here is the last time this user changed their password. Note that the system displays the date in Unix time format.

4. Minimum age for the password

Here is the number of days the user will have to wait after changing their password before changing it again.

If the minimum is not specified, the value here is 0.

5. Maximum password age

This defines how long a user can go without changing their password. Changing your password frequently has its advantages, but by default it is set to a generous 99,999 days. That's almost 275 years.

6. Warning period

This field determines the number of days before a password has reached its maximum age. During this time, the user will receive reminders to change their password.

7. Period of inactivity

This is the number of days that can pass after the user's password reaches its maximum age before the system deactivates the account. Think of this as a "grace period" in which the user has a second chance to change their password even though it has technically expired.

8. Expiration date

This date is the end of the inactivity period during which the system automatically deactivates the user account. Once deactivated, the user will not be able to log in until an administrator reactivates them.

This field is blank if it is not set. When set, the date is displayed in the epoch time.

9. Not used

This field currently has no purpose and is reserved for possible future use.

The shadow file explained

The shadow file really isn't mysterious at all. However, remember that if you want to change passwords and password rules, you should avoid editing the shadow file directly and instead use tools designed for that purpose.

Whenever you add a new user to your Linux system, the / etc / shadow The file is automatically modified to save the authentication information about the user.

How to add a user on Linux

Do you need to give a family member or friend access to your Linux PC? Here's how to add a user on Linux and give them their own account.

Continue reading

About the author

Jordan Gloor
(41 articles published)

Jordan is a tutor and journalist who is passionate about making Linux accessible and stress-free for everyone. He has a BA in English and a thing for hot tea. During the warm season he enjoys cycling on the hills of the Ozarks where he lives.

By Jordan Gloor

Subscribe to our newsletter

Sign up for our newsletter to receive tech tips, reviews, free e-books, and exclusive offers!

One more step …!

Please confirm your email address in the email we just sent you.

Leave a Reply

Your email address will not be published. Required fields are marked *