surendra:$6$1aEszVo.gsdPEr:15107:22:99999:207:205:105345 :
1                                2                     3        4      5        6     7        8            9

1) User login name: This field gives details for user-login

2) Encrypted password: The password is in encryption form8) No of days from Jan 1, 1970 the account was disabled: and it’s MD5 encrypted form. This field may contain following things

  • !! or ! indicates account is present but there is no password set for it. So user can not login if second field set to this values
  • :*: indicates the account was disable.
  • :: indicates that user can login without password. in other words we can say password removed
  • $6$b93VXzq0$kI55QxFMpXv This example encrypted form indicates password is present and encrypted.

3) Last password change: Indicates when was the last time the password changed?. This is the number of days from 1st Jan 1970. To get this number to convert to human readable format please have a look in to our other post how to convert this number.

 

4) Minimum days need for a password change: This is to make user to change the password only after some days. Suppose if this value is “0”, he can change the password at any time. If this value is 15, then the user can change the password only after 15 days. What will happen if he tried to change the password today it self tho this value set to 15?

We will get following error

$ passwd temp1
 Changing password for temp1.
 (current) UNIX password:
 You must wait longer to change your password
 passwd: Authentication token manipulation error
 passwd: password unchanged

5) Maximum days the password is valid: This is the days after which the password should change. If the value is 99999 then you no need to change the password, if this value is set to some 45 then you have to change the password after 45 days completion.

6) Password expiry advanced warning days:This value is to warn the user that his password is going to expire in so and so days.. For example if this value is set to 10 days, then system will prompt to the user at every login that his password will expire in 10 days.

7) No of days after password expired, account was disabled: This is to block unwanted access to an account once it’s password was expired.

8) No of days from Jan 1, 1970 the account was disabled: This is to show when the account was disabled. Do you want to find all the accounts which were disabled? Click here

9) Reserved for future purpose:Not used

Some FAQ’s:

How can I get encrypted password in /etc/passwd back from /etc/shadow file?

use pwunconv command to revert back your encrypted passwords stored in shadow file.

Why we need shadow file?

As /etc/passwd file is world readable and can seen by any one. This is security loophole, so Linux machines moved encrypted password from /etc/passwd to /etc/shadow file. So even encrypted password is not seen by any normal user expect superuser(root).

 

shadow file aix, shadow file algorithm, shadow file aix unix, shadow file as password, shadow file access, shadow file backup, shadow file bsd, shadow file contents, shadow file centos, shadow file crypt, shadow file deleted, shadow file debian, shadow file definition, shadow file disabled, shadow file example, shadow file encryption, shadow file etc, shadow file edit, shadow file format, shadow file fields, shadow file freebsd, shadow file fields solaris, shadow file guide, shadow file hash, shadow file hp ux, shadow file hp unix, shadow file help, shadow file in Linux, shadow file in solaris, shadow file in aix, shadow file in ubuntu, shadow file in solaris, shadow file location, shadow file lock, shadow file md5, shadow file meaning, shadow file no password, shadow file password field, shadow file password hash, shadow file recovery, shadow file redhat, shadow file rename failed, shadow file root, shadow file read, shadow file syntax, shadow file system, shadow file salt, shadow file structure, shadow file update,

The following two tabs change content below.
Mr Surendra Anne is from Vijayawada, Andhra Pradesh, India. He is a Linux/Open source supporter who believes in Hard work, A down to earth person, Likes to share knowledge with others, Loves dogs, Likes photography. He works as Devops Engineer with Taggle systems, an IOT automatic water metering company, Sydney . You can contact him at surendra (@) linuxnix dot com.