Where Are All Linux Passwords Stored?

In Linux, passwords are stored securely in system files and databases to manage user authentication and access control. Understanding where Linux stores passwords and how they are secured is essential for system administrators and security professionals.

1. The /etc/passwd File (User Information)

The /etc/passwd file contains a list of all system users, along with basic account details.

Example Entry in /etc/passwd:

username:x:1001:1001:User Name:/home/username:/bin/bash

Fields Explained:

• username: The login name of the user.
• x: Placeholder indicating that the password is stored in a separate file.
• 1001:1001: User ID (UID) and Group ID (GID).
• User Name: Full name or description of the user.
• /home/username: The user’s home directory.
• /bin/bash: The default shell assigned to the user.

2. The /etc/shadow File (Encrypted Passwords)

Linux stores actual password hashes in the /etc/shadow file, which is only accessible by the root user.

Example Entry in /etc/shadow:

username:$6$abc123$XYZhashedpassword:18528:0:99999:7:::

Fields Explained:

• $6$: Indicates the encryption algorithm (SHA-512 in this case).
• abc123: Salt used to hash the password.
• XYZhashedpassword: The actual hashed password.
• 18528: Date since last password change.
• 0:99999:7: Password aging information (minimum and maximum password validity).

Checking Password Hashing Algorithm:

To see the hashing algorithm used, run:

cat /etc/shadow | grep username

3. The /etc/group File (Group Information)

The /etc/group file contains information about user groups and group memberships.

Example Entry in /etc/group:

developers:x:1002:username1,username2

4. The /var/lib/AccountsService/ Directory (GUI User Accounts)

Some Linux distributions store user account preferences for GUI logins in:

/var/lib/AccountsService/users/

These files contain metadata such as display names and session preferences but do not store passwords.

5. Password Management Commands

Change User Password:

passwd username

View Password Aging Information:

chage -l username

Force Users to Change Password on Next Login:

passwd --expire username

6. How Linux Secures Passwords

• Hashing and Salting: Passwords are never stored in plain text. Instead, they are hashed and salted to prevent direct retrieval.
• Root-Only Access: Files like /etc/shadow are restricted to root access only.
• Pluggable Authentication Modules (PAM): Linux authentication is managed by PAM, which enforces password security policies.

Conclusion

Linux securely stores user credentials in system files like /etc/passwd and /etc/shadow, ensuring encrypted and restricted access. Understanding these storage mechanisms is essential for system security and user management.