Linux - /etc/shadow (Secure user information)


/etc/shadow is a text file that contains secure user information such as:

  • and account expiration information

The public user information are stored in the /etc/passwd file.

The shadow file is readable only by the root account

It's used by the standard Unix authentication mechanism. See the PAM module PAM_UNIX


One line by user where fields are separated by : colon characters


Field Short description Long
userName username max 8 character, the username that matches the username of /etc/passwd
password password 13 character encrypted
* A blank entry (eg. ::) indicates a password is not required to log in
* A * indicates the account has been disabled.
* !! or ! : no password has been given (the account is locked)
10063 last password change the number of days (since January 1, 1970) since the password was last changed.
0 days until change allowed The number of days before password may be changed (0 indicates it may be changed at any time)
99999 days before change required 99999 indicates user can keep his or her password unchanged for many, many years
7 days warning for expiration The number of days to warn user of an expiring password (7 for a full week)
days before account inactive The number of days after password expires that account is disabled
date when account expires The number of days since January 1, 1970 that an account has been disabled
reserved for future use A reserved field for possible future use

Documentation / Reference

Discover More
Linux - /etc/passwd (public user information)

/etc/passwd is the text file that contains public user account information The name is a little bit misleading because the password is no more present (replaced with a X) as this file is used by many...
Linux - Password (User)

user password are password of a user stored in the secure shadow file. The password is the second field of the shadow file It's 13 character encrypted A blank entry (eg. ::) indicates a password...
Linux - User (Uid)

Every user who has access to a Linux system needs a login and a password. The root login is the super admin user. The term root may refer to: the root account (the superuser, who has permission...
SASL - saslauthd server (Cyrus SASL)

saslauthd is a daemon process that handles plaintext authentication requests on behalf of the SASL library. called also the saslauthd server For the configuration, it must be told which authentication...

Share this page:
Follow us:
Task Runner