Understanding The Linux /etc/passwd File

The file’s name originates from one of its initial functions as it contained the data used to verify passwords of user accounts. However, on modern Unix systems the security-sensitive password information is instead often stored in a different file using shadow passwords, or other database implementations.

To view an example of a user in the passwd file, run the following command specifying what user you’d like to view. In my example, I’ve grepped the mysql user.

# cat /etc/passwd | grep mysql

To see all users, run it without the grep as I’ve done here:

# cat /etc/passwd


The fields, in order from left to right, are:

  1. Username: It is used when user logs in. It should be between 1 and 32 characters in length.
  2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
  3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
  4. Group ID (GID): The primary group ID (stored in /etc/group file)
  5. User ID Info: The comment field. It allow you to add extra information about the users such as user’s full name, phone number etc. This field use by finger command.
  6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
  7. Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell.

Security Vulnerability Remediation – rlogin

Rlogin starts a terminal session on remote hosts. This appears as a HIGH vulnerability to some security scanners like Nessus. This is a real easy vulnerability to correct. Just comment out login in the /etc/inetd.conf file.

vi  /etc/inetd.conf

Search for the login entry



login  stream  tcp6    nowait  root    /usr/sbin/rlogind       rlogind

Comment it out

#login  stream  tcp6    nowait  root    /usr/sbin/rlogind       rlogind

Save and close