Understanding the /etc/passwd File
There are several different authentication schemes that can be used on Linux systems. The most commonly used and standard scheme is to perform authentication against the /etc/passwd and /etc/shadow
files.
/etc/passwd is a plain text-based database that contains information for all user accounts on the system. It is owned
by root and has 644 permissions
. The file can only be modified by root or users with sudo
privileges and readable by all system users.
Modifying the /etc/passwd file by hand should be avoided unless you know what you are doing. Always use a command that is designed for the purpose. For example, to modify a user account, use the usermod
command, and to add a new user account use the useradd
command.
How to View the /etc/passwd File
To print the entire file to the terminal, run:
cat /etc/passwdIf the file is long and you want to scroll through it page by page, use:
less /etc/passwdUse cat for a quick dump and less when you want to inspect the file more comfortably.
/etc/passwd Format
The /etc/passwd file is a text file with one entry per line, representing a user account. To view the contents of the file, use a text editor
or a command such as cat
:
cat /etc/passwdUsually, the first line describes the root user, followed by the system and normal user accounts. New entries are appended at the end of the file.
Each line of the /etc/passwd file contains seven colon-separated fields:
mark:x:1001:1001:mark,,,:/home/mark:/bin/bash
[--] - [--] [--] [-----] [--------] [--------]
| | | | | | |
| | | | | | +-> 7. Login shell
| | | | | +----------> 6. Home directory
| | | | +--------------------> 5. GECOS
| | | +--------------------------> 4. GID
| | +-------------------------------> 3. UID
| +-----------------------------------> 2. Password
+----------------------------------------> 1. Username- Username. The string you type when you log into the system. Each username must be a unique string on the machine. The maximum length of the username is restricted to 32 characters.
- Password. In older Linux systems, the user’s encrypted password was stored in the
/etc/passwdfile. On most modern systems, this field is set tox, and the user password is stored in the/etc/shadowfile. - UID. The user identifier is a number assigned to each user. It is used by the operating system to refer to a user.
- GID. The user’s group identifier number, referring to the user’s primary group. When a user creates a file
, the file’s group is set to this group. Typically, the name of the group is the same as the name of the user. User’s secondary groups
are listed in the
/etc/groupfile. - GECOS or the full name of the user. This field contains a list of comma-separated values with the following information:
- User’s full name or the application name.
- Room number.
- Work phone number.
- Home phone number.
- Other contact information.
- Home directory. The absolute path to the user’s home directory. It contains the user’s files and configurations. By default, the user home directories are named after the name of the user and created under the
/homedirectory. - Login shell. The absolute path to the user’s login shell. This is the shell that is started when the user logs into the system. On most Linux distributions, the default login shell is Bash.
Quick Reference
| Field | Position | Example |
|---|---|---|
| Username | 1 | mark |
| Password placeholder | 2 | x |
| UID | 3 | 1001 |
| GID | 4 | 1001 |
| GECOS (full name) | 5 | mark,,, |
| Home directory | 6 | /home/mark |
| Login shell | 7 | /bin/bash |
FAQ
Why is the password field set to x?
The x is a placeholder indicating that the encrypted password is stored in the /etc/shadow
file. Storing passwords in /etc/passwd was abandoned because the file is world-readable.
What does a * or ! in the password field mean?
A * means the account has no password and cannot log in via password authentication. A ! means the account is locked. Neither value is a valid password hash, so login is blocked.
What is UID 0?
UID 0 is the root user. Any account with UID 0 has full superuser privileges, regardless of its username.
What login shell is used for system accounts?
System accounts that should not have an interactive login use /usr/sbin/nologin or /bin/false as their shell. This prevents anyone from logging in as that account.
Why can all users read /etc/passwd?
The file must be readable so the system and user-space programs can map UIDs to usernames, shells, and home directories. Password hashes are not stored there; they are kept in /etc/shadow, which is restricted to root.
Can I edit /etc/passwd directly?
You should use vipw to edit the file safely — it locks the file to prevent simultaneous edits. Direct editing with a text editor risks corrupting the file if two processes write at the same time.
Conclusion
The /etc/passwd file keeps track of every user account on the system, storing the username, UID, GID, home directory, and login shell for each entry. Understanding this file is essential when troubleshooting login issues or auditing user accounts. For password storage details, see the /etc/shadow file guide
.
Tags
Linuxize Weekly Newsletter
A quick weekly roundup of new tutorials, news, and tips.
About the authors
Dejan Panovski
Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.
View author page