The permissions for /etc/passwd are by default set so that it is world readable, that is, so that it can be read by any user on the system1. The file can be easily read using a text editor (such as gedit or vi) or with a command such as cat, which is commonly used to read files, i.e.,
Each line in /etc/passwd represents a single user. The first listed is the root (i.e., administrative) account, which has complete power over every aspect of the system. This is followed by system-defined groups and accounts that are required for proper installation and update of system software. The lines at the end represent real people who use the system.
Each line contains seven attributes or fields: name, password, user ID, group ID, gecos, home directory and shell. Each attribute is separated from the adjacent attributes by colons but with no spaces. Colons must not be used in the attributes themselves, in order to avoid confusing the system. If there is no data for an attribute, there is no space, but, rather, two consecutive colons.
The password field originally contained an encrypted login password. However, for security reasons, the encrypted passwords are now contained on another file, /etc/shadow, that cannot be read by ordinary users2. This field now merely contains the letter x to indicate that a password has been assigned to the user and is required for authentication. If this field is empty, the user can log in without a password.
User ID is the user's unique numeric identification number, which is used by the system for access control. Zero is reserved for the root account, and one through 99 are reserved for other predefined accounts. 100 through 999 are available for ordinary users and groups.
Group ID specifies the user's principal group identification number. This is usually the same as the user ID.
Named for historical reasons3, gecos contains general information about the user that is not needed by the system, most commonly the user's real name. This field can be empty, in which case there is no space between the two delimiting colons. Alternatively, it can contain multiple entries, each separated by a comma.
Home directory is the full path (i.e., the location relative to the root directory) of the user's home directory. This is the directory that the user is first in when logging into the system and which contains programs and configuration files specific to that user.
Shell is the full path of the default shell for the user. A shell is a program that provides a text-only user interface and whose main purpose is to execute commands typed in by a user and display the results. The default shell on Linux is bash, whose absolute path is /bin/bash.
Although /etc/passwd can, by default, be read by any user, it can be changed only by the root user. The main, and safest, way that it is changed is through the use of commands such as adduser and userdel, which are employed by the root account to add users to and remove users from the system, respectively. It can also be changed by direct editing with a text editor; however, as is the case with other system configuration files, great care should be exercised, as slight errors can cause serious problems, and a backup copy should be made in advance.
2This is because it is possible, and even relatively easy, for skilled intruders to decrypt encrypted passwords. However, in the early days of UNIX, there was relatively little problem with intruders and the hardware was too slow to crack well-chosen passwords.
Created July 26, 2006.