where is user password stored in linux
User passwords in Linux are stored as hashed values in the /etc/shadow
file, while basic account info lives in /etc/passwd.
Where is user password stored in Linux? (Quick Scoop)
In modern Linux systems, your actual password is never stored in plain text. Instead, a hash of your password (plus a salt) is stored in a special, more protected file.Core idea in one line
- User account details:
/etc/passwd(world-readable).
- User password hashes:
/etc/shadow(root-only).
Mini story: from old Unix to now
Once upon a Unix time, encrypted passwords were kept directly in `/etc/passwd`, alongside usernames and other info. This file is readable by all users, which made password hashes easier to attack with offline cracking.To fix that, systems moved the password hashes into /etc/shadow, a file
readable only by root, leaving /etc/passwd as a public user database without
real password data.
What’s inside /etc/passwd vs /etc/shadow
Below is a simple view of what each file stores.| File | Access | What it stores | Example content |
|---|---|---|---|
| /etc/passwd | Readable by all users. | [3][7]Username, UID, GID, home directory, shell, and a placeholder in place of the password.[7] |
alice:x:1000:1000:Alice User:/home/alice:/bin/bash (the
x points to /etc/shadow).[5][7] |
| /etc/shadow | Readable only by root (or shadow group). | [9][3][5]Username, salted & hashed password, password aging and expiry info.[2][6][9] |
alice:$6$KdKtA7Po$Ef3R0QTX5d...:18569:0:99999:7::: (hash, salt,
and policy data).[4][6] |
How the password is actually stored
- Linux stores a hash of your password, not the password itself.
- The hash uses a salt and an algorithm identifier (e.g. MD5-crypt, SHA-256-crypt, SHA-512-crypt, bcrypt, depending on system configuration).
- A typical
/etc/shadowentry includes:- Username
- Hashed password (with algorithm and salt)
- Last password change date
- Min/max age, warning period, and other policy fields.
Example pattern of the password field in /etc/shadow:
$id$salt$hashed_passwordwhereidencodes which hashing method is used (e.g.$1$for MD5,$6$for SHA-512 on many systems).
Other places passwords might live
On some setups, especially in enterprise environments, the system may not keep passwords only locally:- Central authentication via LDAP or similar directories: password hashes can be stored in the directory server rather than only in
/etc/shadow.
- Network authentication (e.g. Kerberos-based setups) further changes where and how credentials are verified, but local
/etc/shadowis still common for local accounts.
Why this matters for security
- Keeping hashes in
/etc/shadowdrastically reduces exposure because only root can read that file.
- Even if an attacker gets the file, they still have to crack salted, hashed passwords offline, which is significantly harder than reading plain text.
- Good password policies (length, complexity, aging) plus strong hashing algorithms (like SHA-512-crypt or bcrypt) are key to strengthening Linux login security.
TL;DR: On Linux, user passwords are stored as salted hashes in
/etc/shadow, while /etc/passwd only keeps public account info and a
reference to that shadow entry.
Information gathered from public forums or data available on the internet and portrayed here.