The primary user account file is the /etc/passwd file. Despite what it says, that's not where user account passwords are stored. This file is set to be readable by every account on the system, because applications often need to know the users on the system.
A sample entry in the /etc/passwd file is rblum:x:506:506:Rich Blum:/home/rich:/bin/bash
The entry contains seven data fields, each separated by a colon:
♦ A placeholder for the password
♦ The home folder of the user
♦ The default shell
In the original days of Linux, the /etc/passwd file contained the actual encrypted version of the user's password. However, the /etc/passwd file must be readable to all users on the system so that the system can validate them. This requirement left the user passwords vulnerable to brute-force attacks using password-cracking software.
The solution to the problem was to hide the actual passwords in a separate file that's not readable by any user.
Was this article helpful?