what is difference between /etc/shadow and /etc/passwd

Short answer:

passwd stores general user info and shadow stores user passwd info.

Somewhat longer answer:

passwd is the file where the user information (like username, user ID, group ID, location of home directory, login shell, ...) is stored when a new user is created.

shadow is the file where important information (like an encrypted form of the password of a user, the day the password expires, whether or not the passwd has to be changed, the minimum and maximum time between password changes, ...) is stored when a new user is created.

Some interesting extra info: passwd and shadow


/etc/shadow

file stores actual password in encrypted format for user's account with additional properties related to user password i.e. it stores secure user account information. All fields are separated by a colon (:) symbol FOR MORE

/etc/passwd

file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. FOR MORE


Traditional Unix systems keep user account information, including one-way hashed passwords, in a text file called /etc/passwd. As this file is used by many tools (such as ls) to display file ownerships, etc. by matching user id #'s with the user's names, the file needs to be world-readable. Consequentally, this can be somewhat of a security risk.

Another method of storing account information, one that I always use, is with the shadow password format. As with the traditional method, this method stores account information in the /etc/passwd file in a compatible format. However, the password is stored as a single "x" character (ie. not actually stored in this file). A second file, called /etc/shadow, contains encrypted password as well as other information such as account or password expiration values, etc. The /etc/shadow file is readable only by the root account and is therefore less of a security risk.

Details of each file->