What Is /etc/passwd

Content on WhatAnswers is provided "as is" for informational purposes. While we strive for accuracy, we make no guarantees. Content is AI-assisted and should not be used as professional advice.

Last updated: April 11, 2026

Quick Answer: The /etc/passwd file is a plain text database on Unix and Linux systems containing basic user account information, with one user account per line using seven colon-separated fields. Originally introduced in AT&T Unix in the 1970s, it has remained a fundamental component of all Unix-like operating systems for over 50 years. While historically containing password hashes, modern systems store encrypted passwords in the /etc/shadow file, introduced in 1989, to enhance security.

Key Facts

First implemented in AT&T Unix in 1971 as a simple text-based user database fundamental to Unix systems
Contains exactly seven colon-separated fields: username, password marker, UID, GID, full name, home directory, and login shell
Readable by all system users but writable only by the root user, balancing accessibility with security protection
Modern Linux distributions store actual password hashes in /etc/shadow since 1989 rather than directly in /etc/passwd
Every system must contain at least one user account (root with UID 0) for the operating system to function properly

Overview

The /etc/passwd file is a fundamental component of all Unix and Linux operating systems that stores essential user account information. It is a plain text file located in the /etc directory that contains basic data about every user account on the system, including usernames, user IDs (UIDs), group IDs (GIDs), home directories, and default login shells. Despite its name suggesting it contains passwords, modern Linux systems actually store encrypted passwords in a separate file called /etc/shadow for improved security.

Originally introduced in AT&T Unix during the early 1970s, /etc/passwd has remained a critical component of Unix-like systems for over five decades. Every user account on a Linux or Unix system must have an entry in /etc/passwd for the system to recognize and authenticate that user. The file is readable by all system users, allowing programs to look up user information, but it is writable only by the root user to maintain system integrity and prevent unauthorized modifications to user accounts.

How It Works

The /etc/passwd file uses a simple and efficient format where each line represents a single user account and contains seven colon-separated fields. Understanding this structure is essential for system administrators and users who need to manage user accounts or troubleshoot access issues.

Username Field: The first field contains the user's login name, typically consisting of lowercase letters and numbers, limited to 32 characters in most systems and must be unique across the entire system.
Password Field (x marker): The second field historically contained the password hash but now displays an "x" to indicate that the actual password hash is stored in /etc/shadow for security reasons, which modern systems began implementing in 1989.
User ID (UID): The third field contains a unique numerical identifier assigned to each user, with 0 reserved for the root superuser, and regular users typically receiving UIDs starting from 1000 on modern Linux systems.
Group ID (GID): The fourth field specifies the user's primary group ID, which determines initial file permissions and group membership, allowing the system to manage resource access based on group associations.
User Information (GECOS): The fifth field contains optional information such as the user's full name, office location, or phone number, providing human-readable identification for administrative purposes.
Home Directory: The sixth field specifies the absolute path to the user's home directory where personal files and configurations are stored, typically /home/username for regular users and /root for the root user.
Login Shell: The seventh field defines the default command interpreter that launches when the user logs in, commonly /bin/bash, /bin/sh, or /usr/sbin/nologin for system accounts that should not allow interactive logins.

Key Comparisons

Understanding how /etc/passwd relates to other system files and authentication methods is crucial for comprehensive system administration knowledge.

Aspect	/etc/passwd	/etc/shadow	LDAP Directory
Content	Basic user account info without passwords	Encrypted password hashes and aging info	Centralized user database in network directory
Readability	Readable by all users	Readable only by root	Controlled by directory access policies
Introduced	1970s (AT&T Unix)	1989 (Shadow Suite)	1990s (standardized as X.500)
Use Case	Local system user records	Secure password storage	Enterprise-wide directory services

Why It Matters

The /etc/passwd file remains essential for modern Unix and Linux systems despite being primarily a legacy component in many enterprise environments. Understanding its structure and purpose is fundamental for anyone working in system administration, security, or software development on Unix-like platforms.

System Authentication: All login processes reference /etc/passwd to verify that users exist on the system and to retrieve necessary account configuration details required for session initialization.
Permission Management: File and directory permissions are associated with UIDs rather than usernames, making /etc/passwd the critical reference point for resolving numerical IDs to human-readable user information.
Security Foundation: The separation of /etc/passwd (world-readable) from /etc/shadow (root-only) represents a foundational security principle that protects password hashes from unauthorized access.
Compatibility and Portability: The standardized /etc/passwd format ensures consistency across different Unix and Linux distributions, enabling system administrators to manage user accounts predictably across diverse environments.

System administrators and developers should understand /etc/passwd not only for managing user accounts but also for troubleshooting authentication issues, implementing security policies, and understanding how Unix-like systems fundamentally organize user identity and access control. This knowledge remains relevant even in modern systems using centralized authentication like LDAP or Active Directory.