Where and How are Passwords Stored on Linux?

The username and password are a must when logging into the Linux system and without them (by default). However, there’s a way to configure it to use without them, but it compromises the security because everyone can use the system without authentication, which isn’t a good practice. 

In Linux, when the user tries to log into the system, the credentials are compared with a database or a file where the system stores the usernames and passwords and is granted authentication if matched. Now, you may wonder where and how passwords are stored on a Linux-based OS.

This post will describe the location/files where the password are saved in a Linux system: 

Checking the Stored Password by Accessing the /etc/passwd File

A plain text file that is used by the Linux system to store the user information like username, user id (UID), group id (GID), and home directory, and the shell is the “passwd” file located in “/etc/” directory. Each field is separated by a colon (:).

Let’s view it using this command (any editor can be used).

$ cat /etc/passwd

To explain the above output, let’s take the “root” user displayed right below the command in the first line.

  • The term “root” refers to the username; this field has a maximum limit of 32 characters.
  • The “x” denotes the encrypted password kept hidden for security purposes.
  • The “0” represents the user id or UID unique for every user. For standard/non-root users, it would start from “1000.”
  • The following “0” shows the group id or GID that leads the group to which the user belongs. More details on Linux groups can be found.
  • The “root” after that shows the complete data about the users, including a full name, contact information, email, and other related information. This helps in user identification.
  • The “/root” displays the root user’s home directory, which is different for every user, and it would be “/” if there isn’t any.
  • The “/bin/bash” is the default shell for the current user. 

This file has permission to be read by all users using the system. Still, only the root user has the power to modify/change the contents of this file for various reasons related to security.

How to Look for a User With a Specific Name in the/etc/passwd File on Linux?

To get information about a specified user from the “/etc/passwd,” the grep command is highly recommended. Let’s search for “itslinux” as done in this command.

$ grep itslinux /etc/passwd

As seen in the image above, the user “itslinux” details are filtered from the long list of users in the/etc/passwd file. 

Note: You can find more details regarding this file by reading this article.

Checking the Stored Password by Accessing the /etc/shadow File

The shadow file is the most critical file on Linux, where users with sudo/root access can only access the Linux OS and store the user passwords in encrypted form. Passwords are stored in a hashed format, making it highly challenging to get their information.

Hashing is done using the one-way Secure Hash Algorithm (SHA-256), one of the most secure and reliable hashing algorithms.

The latest Linux operating systems are now using the bcrypt hashing function based on Blowfish symmetric-key block cipher. It has a unique feature called “salt,” using which the system adds a random value to the password hash before storing it in the shadow file. This makes it more problematic for a hacker to use precomputed tables of hashed values for the password to be cracked, so you can view the content by typing:

$ sudo cat /etc/shadow

Here is the encrypted/hashed password of the current user (itslinux).

After examining the above output, you’ll see three “$” signs.

  • First, $ represents the type of hashing algorithm used in the current system (bcrypt in this case).
  • The second $ is for the added salt (it may not be there if another hashing algorithm like SHA-512 is used).
  • The third $ is the hashed password that is nearly impossible to crack.

Note: Click here to read all the details about the “/etc/shadow” file.

Conclusion

In Linux, things may look simple from the front side, but there’s much work being done in the background to protect your privacy and data from illegal access. Of course, you know that the passwords are stored inside the system and compared while logging in. This article explains everything related to it.