Understanding /etc/passwd

It’s very likely that you’ve seen this file but, if you’re not sure about what does each line mean, in this ‘quick-tip’ I’ll show you.

File usage
Fields explanation
Editing the file

File usage

/etc/passwd provides information about user accounts. Each line refers to each user (some users are created manually by persons, others are created by programs). In each line there are seven fields delimited by colons (:). If a field doesn’t apply for a user, that field will be empty (there is always seven fields in each line).

This file is writable only by root, but readable for everyone:

$ ls -l /etc/passwd
-rw-r--r-- 1 root root 2257 ago 21 13:25 /etc/passwd

Fields explanation

First field (user name)

...
Changing the user information for ricardo
Enter the new value, or press ENTER for the default
	Full Name []:
...

Second field (password)

This field contains the user password, encrypted. If this field contains a lower case ‘x’, the password is actually stored (always encrypted) on /etc/shadow. If the field is empty, no password is required to log in as the specified user.

Third field (UID)

Numerical User ID.

Fourth field (GID)

Numerical Group ID.

Fifth field (full name/comments)

This field contains the ‘Full Name’ and the rest of GECOS fields (separated by commas).

Sixth field (home directory)

User’s home directory. This will be the initial working directory when log in as the specified user.

Seventh field (shell)

Full path of the user’s command interpreter (Bash, Zsh, Fish, etc.). If it’s empty, defaults to /bin/sh. If the user is not allowed to login (users such as www-data, nobody), this field contains /usr/sbin/nologin, /usr/bin/nologin or similar path.

Editing the file

As I say before, this file is writable only by the root user, but it’s preferable to use well-known commands like adduser, passwd, usermod or chsh to do user management instead of editing the file directly.

If you have any suggestion, feel free to contact me via social media or email.