There are various types of authentication methods are available on Linux. The most common way to perform authentication is to use /etc/passwd and /etc/shadow files.
Normally, /etc/shadow is a text file containing the information regarding the passwords of the user. However, the owner of /etc/shadow file is the root user and shadow group. The default permissions of /etc/shadow files are 640 permissions.

How to view /etc/shadow file
Primarily, the /etc/shadow file contains information related to the user account on your system. It has one entry per line, each line represents a user account. To view the content of /etc/shadow file you can use a text editor or use the command in terminal. In the example below, we are going to edit /etc/shadow file using cat command.
sudo cat /etc/shadow
As you can see in the command above, we must run the command with sudo privileges. The first word displays the cat command itself which displays the content of /etc/shadow file. You will see the output as below.

Now let’s take one single line from the output as an example.
daemon:*:18858:0:99999:7:::
In /etc/shadow file, each line is divided into 9 different colon-separated fields. Let’s breakdown the single line.
- Username: The first word you see in a line is a username of your account.
- Encrypted Password: The second string is an encrypted password. The common password you will see as * in each line. This password uses $type$salt$hashed format. Where $type is the method cryptographic hash algorithm. For many users, the password is the asterisk (*) or exclamation point (!). With * as a password, the user can not log in to the system using password authentication. However, he/she can log in with key-based authentication or switch to another user with permissions.
- Last Password Change: This is the date format when the password was recently changed. It is the day’s count since January 1, 1970.
- Minimum Password Age: It is the limit in days, that must pass before the user can change the password. The default value is 0.
- Maximum Password Age: It is the limit in days after the password must be forcibly changed. The default value is 99999.
- Warning Period: It is the value, that indicates the number of days before the password expires. Users will be warned to change the password during the warning period.
- Inactivity Period: It is the time limit in days. After that time limit user account will be disabled. The default value is empty.
- Expiration Date: It is the date when the specified account is disabled. The given date is in an epoch date format.
- Unused Field: This field is reserved for future use by Linux systems.
Conclusion on /etc/shadow file in Linux
In Linux based systems, the /etc/shadow file keeps track of the user’s password information on the system. It records all details in multiple lines by keeping each record in one single line. As the above explanation, we hope you learned about /etc/shadow file. If you have further questions, please type in the comments below.
Leave a Reply