In Linux systems, user passwords are securely stored using encrypted formats within dedicated system files and authentication databases. These credentials play a critical role in managing access control and ensuring that only authorised users can interact with system resources. For example, standard user passwords are typically hashed and saved in the /etc/shadow file, which is only accessible by privileged processes. Likewise, services such as OpenSSH rely on these stored hashes to verify user identities during remote login sessions.

For hosting providers like AvaHost, understanding how and where Linux stores these credentials is essential for maintaining secure environments across VPS and dedicated servers. Whether you’re configuring passwd policies for multiple clients or enforcing secure access via sshd_config, proper handling of password storage is key to preventing unauthorised access and protecting hosted data.

1. The /etc/passwd File (User Information)

The /etc/passwd file contains a list of all system users, along with basic account details.

Example Entry in /etc/passwd:

username:x:1001:1001:User Name:/home/username:/bin/bash

Fields Explained:

  • username: The login name of the user.
  • x: Placeholder indicating that the password is stored in a separate file.
  • 1001:1001: User ID (UID) and Group ID (GID).
  • User Name: Full name or description of the user.
  • /home/username: The user’s home directory.
  • /bin/bash: The default shell assigned to the user.

2. The /etc/shadow File (Encrypted Passwords)

Linux stores actual password hashes in the /etc/shadow file, which is only accessible by the root user.

Example Entry in /etc/shadow:

username:$6$abc123$XYZhashedpassword:18528:0:99999:7:::

Fields Explained:

  • $6$: Indicates the encryption algorithm (SHA-512 in this case).
  • abc123: Salt used to hash the password.
  • XYZhashedpassword: The actual hashed password.
  • 18528: Date since last password change.
  • 0:99999:7: Password aging information (minimum and maximum password validity).

Checking Password Hashing Algorithm:

To see the hashing algorithm used, run:

cat /etc/shadow | grep username

3. The /etc/group File (Group Information)

The /etc/group file contains information about user groups and group memberships.

Example Entry in /etc/group:

developers:x:1002:username1,username2

4. The /var/lib/AccountsService/ Directory (GUI User Accounts)

Some Linux distributions store user account preferences for GUI logins in:

/var/lib/AccountsService/users/

These files contain metadata such as display names and session preferences but do not store passwords.

5. Password Management Commands

Change User Password:

passwd username

View Password Aging Information:

chage -l username

Force Users to Change Password on Next Login:

passwd --expire username

6. How Linux Secures Passwords

  • Hashing and Salting: Passwords are never stored in plain text. Instead, they are hashed and salted to prevent direct retrieval.
  • Root-Only Access: Files like /etc/shadow are restricted to root access only.
  • Pluggable Authentication Modules (PAM): Linux authentication is managed by PAM, which enforces password security policies.

Conclusion

Linux securely stores user credentials in system files like /etc/passwd and /etc/shadow, ensuring encrypted and restricted access. Understanding these storage mechanisms is essential for system security and user management.