About
/etc/shadow is a text file that contains secure user information such as:
- and account expiration information
The public user information are stored in the /etc/passwd file.
The shadow file is readable only by the root account
It's used by the standard Unix authentication mechanism. See the PAM module PAM_UNIX
Format
One line by user where fields are separated by : colon characters
userName:password:10063:0:99999:7:::
Field | Short description | Long |
---|---|---|
userName | username | max 8 character, the username that matches the username of /etc/passwd |
password | password | 13 character encrypted * A blank entry (eg. ::) indicates a password is not required to log in * A * indicates the account has been disabled. * !! or ! : no password has been given (the account is locked) |
10063 | last password change | the number of days (since January 1, 1970) since the password was last changed. |
0 | days until change allowed | The number of days before password may be changed (0 indicates it may be changed at any time) |
99999 | days before change required | 99999 indicates user can keep his or her password unchanged for many, many years |
7 | days warning for expiration | The number of days to warn user of an expiring password (7 for a full week) |
days before account inactive | The number of days after password expires that account is disabled | |
date when account expires | The number of days since January 1, 1970 that an account has been disabled | |
reserved for future use | A reserved field for possible future use |