See how Linux stores user account records and learn quick commands to inspect the format. 08.12.2025 | reading time: 2 min What exactly lives in /etc/passwd and how do you inspect it quickly from the shell; this short guide shows concrete commands and explains the fields so you can act, not just read. Quick example Run a short command to list users and selected fields; try `getent passwd` or slice the file with `cut` as shown: ```sh $ cut -d: -f1,2,3,4,5,6,7 /etc/passwd | head -n 4 root:x:0:0:root:/root:/bin/bash debian-sys-maint:x:101:65534:Debian Sys Maint:/var/lib/debian-maint:/bin/false alice:x:1001:1001:Alice Example:/home/alice:/bin/bash bob:x:1002:1002:Bob Example:/home/bob:/bin/bash ``` Field breakdown Every line has seven colon-separated fields: username, password placeholder, UID, GID, GECOS, home directory, and login shell; learn the numbers and semantics: UID 0 is root, values below 1000 are system accounts on many distros, and the second field usually contains "x" because real hashes moved to /etc/shadow. Practical checks you can run Verify UID collisions and missing shells with commands you will use: `awk -F: '{print $1,$3,$7}' /etc/passwd` to inspect UIDs and shells, `getent passwd username` to respect NSS like LDAP, and `pwck -r` to check file consistency; run them now on a non-production host and examine any unexpected UIDs or non-existent home directories. Where passwords and central auth live On modern systems encrypted passwords live in /etc/shadow or in an external directory via NSS and PAM; use `getent passwd` to query the configured name service and remember that changes to /etc/passwd should go through `vipw` or user management tools to avoid corruption. Closing note Inspecting /etc/passwd is a small habit that reveals system state and policy; practice the commands, check for anomalies, and expand into user administration and centralized authentication for real-world readiness. Join Bits & Bytes Academy First class LINUX exam preparation. filesystem security utilities scripting
