/etc/passwd in Linux: File Format and Fields Explained
When you need to inspect local user accounts, confirm a UID, or check a user’s home directory and login shell, /etc/passwd is one of the first files to examine. It stores local account metadata, while password hashes are normally kept in /etc/shadow
.
/etc/passwd is a plain-text database for accounts stored locally on the system. It is typically owned
by root with 644 permissions
, which makes it readable by all users but writable only by root or a process with the required privileges. Linux can also obtain account information from sources such as LDAP or NIS through the Name Service Switch (NSS).
This guide explains how to view /etc/passwd, read its seven fields, and safely manage the local account data it contains.
How to View the /etc/passwd File
To print the entire file to the terminal, run:
cat /etc/passwdThe output lists each local account entry stored in the file, one per line:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
mark:x:1001:1001:mark,,,:/home/mark:/bin/bashThe first line is the root account (UID 0, with Bash as its login shell). The system accounts in the middle use /usr/sbin/nologin to refuse shell logins, and the last line is a regular local user account. We break down each field below.
If the file is long and you want to scroll through it page by page, use:
less /etc/passwdUse cat for a quick dump and less when you want to inspect the file more comfortably.
To query the passwd database through the sources configured in NSS, use:
getent passwdThe output uses the same colon-separated format as /etc/passwd. It may include directory-service accounts and other entries that are not stored in the local file, although some NSS sources do not support listing every entry.
/etc/passwd Format
The /etc/passwd file is a text file with one entry per line, representing a local user account. As shown above, you can view it with cat
or open it in a text editor
. Usually, the first line describes the root user, followed by system and regular user accounts. Account-management tools commonly append new local entries to the file.
Each line of the /etc/passwd file contains seven colon-separated fields:
mark:x:1001:1001:mark,,,:/home/mark:/bin/bash
[--] - [--] [--] [-----] [--------] [--------]
| | | | | | |
| | | | | | +-> 7. Login shell
| | | | | +----------> 6. Home directory
| | | | +--------------------> 5. GECOS
| | | +--------------------------> 4. GID
| | +-------------------------------> 3. UID
| +-----------------------------------> 2. Password
+----------------------------------------> 1. Username- Username. The login name for the local account. Each username should be unique. Current shadow-utils releases accept usernames up to 256 characters, although other tools and site policies may impose shorter limits.
- Password. Older systems stored the password hash in
/etc/passwd. On most modern systems, this field is set tox, and the password hash is stored in/etc/shadow. - UID. The user identifier is a number assigned to each user. It is used by the operating system to refer to a user.
- GID. The numeric ID of the user’s primary group. A newly created file normally uses the process’s effective GID, which is usually the user’s primary group, but a directory with the setgid bit can cause the file to inherit the directory’s group instead. A user’s secondary groups are defined separately.
- GECOS or comment field. This optional field is informational. By convention, it can contain comma-separated values such as:
- User’s full name or the application name.
- Room number.
- Work phone number.
- Home phone number.
- Other contact information.
- Home directory. The absolute path used as the account’s home directory and the value assigned to
HOMEat login. Regular user accounts commonly use/home/username, but the path is configurable. - Login shell. The program started when the user logs in and the value assigned to
SHELL. Bash is a common default, but the configured shell varies by distribution and account type.
Quick Reference
| Field | Position | Example |
|---|---|---|
| Username | 1 | mark |
| Password placeholder | 2 | x |
| UID | 3 | 1001 |
| GID | 4 | 1001 |
| GECOS/comment | 5 | mark,,, |
| Home directory | 6 | /home/mark |
| Login shell | 7 | /bin/bash |
FAQ
Why is the password field set to x?
The x is a placeholder indicating that the password hash is stored in the /etc/shadow
file. Password hashes were moved out of /etc/passwd because the file must remain readable by regular users and programs.
What does a * or ! in the password field mean?
Neither value is a valid password hash, so UNIX password authentication is disabled. An exclamation mark commonly indicates a locked password. This does not necessarily disable the entire account because SSH keys or other authentication methods may still work.
What is UID 0?
UID 0 is the root user. Any account with UID 0 has full superuser privileges, regardless of its username.
What login shell is used for system accounts?
System accounts that should not have an interactive shell commonly use /usr/sbin/nologin or /bin/false. These programs refuse shell login attempts, but services can still run under the account.
Why can all users read /etc/passwd?
The file must be readable so the system and user-space programs can map UIDs to usernames, shells, and home directories. Password hashes are not stored there; they are kept in /etc/shadow, which is restricted to root.
Can I edit /etc/passwd directly?
You should use vipw to edit the file safely. It locks the file to prevent simultaneous edits and reduce the risk of corruption. For routine account changes, prefer commands such as usermod
and useradd
.
Conclusion
The /etc/passwd file stores local account records, including each username, UID, GID, home directory, and login shell. Use getent passwd when you also need accounts supplied by NSS sources, and see the /etc/shadow file guide
for password storage details.
Tags
Linuxize Weekly Newsletter
A quick weekly roundup of new tutorials, news, and tips.
About the authors
Dejan Panovski
Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.
View author page