This is the encrypted password file that stores the encrypted password information for user accounts. In addition to storing the encrypted password, the /etc/shadow file stores optional password aging or expiration information. The introduction of the shadow file came about because of the need to separate encrypted passwords from the /etc/passwd file. This was necessary because the ease with which the encrypted passwords could be cracked was growing with the increase in the processing power of commodity computers (home PCs). The idea was to keep the /etc/passwd file readable by all users without storing the encrypted passwords in it and then make the /etc/shadow file readable only by root or other privileged programs that require access to that information. An example of such a program would be the login program.
You might wonder, “Why not just make the regular /etc/passwd file readable by root only or other privileged programs?” Well, it isn’t that simple. By having the password file open for so many years, the rest of the system software that grew up around it relied on the fact that the password file was always readable by all users. Changing this could cause some software to fail.
Just as in the /etc/passwd file, each line in the /etc/shadow file represents information about a user. The lines are made up of various standard fields, shown next, with each field delimited by a colon:
- Login name
- Encrypted password
- Days since January 1, 1970, that password was last changed
- Days before password may be changed
- Days after which password must be changed
- Days before password is to expire that user is warned
- Days after password expires that account is disabled
- Days since January 1, 1970, that account is disabled
- A reserved field
A sample entry from the /etc/shadow file is shown here for the user account mmel:
UNIX Epoch: January 1, 1970
January 1, 1970, 00:00:00 UTC was chosen as the starting point or origin for keeping time on UNIX systems. That specific instance in time is also known as the UNIX epoch. Time measurements in various computing fields are counted and incremented in seconds from the UNIX epoch. Put simply, it is a count of the seconds that have gone past since January 1, 1970, 00:00:00.
An interesting UNIX time—1000000000—fell on September 9, 2001, at 1:46:40 A.M. (UTC). Another interesting UNIX time—1234567890—fell on February 13, 2009, at 11:31:30 P.M. (UTC). Numerous web sites are dedicated to calculating and displaying the UNIX epoch, but you can quickly obtain the current value by running this command at the shell prompt:
# date +%s