Frequently Asked Question

What's the difference between /etc/passwd and /etc/shadow?

/etc/passwd is the account database: one colon-separated line per user, holding username, UID, primary GID, GECOS (real name), home directory, and login shell. It is world-readable so that any process can map a UID back to a name when it runs ls -l or ps. Long ago the second field held the password hash itself; that stopped being safe once anyone could cat the file and run an offline cracker over every hash on the machine.

The hashes were therefore moved into /etc/shadow, which is owned by root and readable only by root (mode 640, group shadow). Its fields record the salted hash, the date of last password change, minimum and maximum age, warning period, inactivity period, expiration date, and a reserved column. Modern distributions hash with yescrypt or SHA-512 and use a per-user salt, so even identical passwords produce different hashes. The placeholder x in /etc/passwd is what tells the login machinery to look in shadow instead.