8.2. The Shadow Password File: /etc/shadow

Historically, UNIX systems maintained all user information, including the encrypted password, in /etc/passwd. This presented a security problem. Since various unprivileged system utilities needed to have read access to other information in the password file, it had to be made readable to all users. This opened the door for password-cracking programs, which try encrypting large lists of likely passwords (e.g., standard dictionary words or people’s names) to see if they match the encrypted password of a user. The shadow password file, /etc/shadow, was devised as a method of preventing such attacks. The idea is that all of the nonsensitive user information resides in the publicly readable password file, while encrypted passwords are maintained in the shadow password file, which is readable only by privileged programs.

In addition to the login name, which provides the match to the corresponding record in the password file, and the encrypted password, the shadow password file also contains a number of other security-related fields. Further details on these fields can be found in the shadow(5) manual page. We’ll concern ourselves mainly with the encrypted password field, which we discuss in greater detail when looking at the crypt() library function later in Section 8.5.