/etc/passwd and other informative files

The basic user database in a Unix system is the text file, /etc/passwd  (called the password file), which lists all valid usernames and their associated information. The file has one line per username, and is divided into seven colon-delimited fields:

1. Username.
2. Password, in an encrypted form.
3. Numeric user id.
4. Numeric group id.
5. Full name or other description of account.
6. Home directory.
7. Login shell (program to run at login).

Any user on the system may read the password file, so that they can, for example, learn the name of another user. This means that the password (the second field) is also available to everyone. The password file encrypts the password, so in theory there is no problem. However, the encryption is breakable, especially if the password is weak (e.g., it is short or it can be found in a dictionary). Therefore it is not a good idea to have the password in the password file.

Many Linux systems have shadow passwords. This is an alternative way of storing the password: the encrypted password is stored in a separate file, /etc/shadow , which only root can read. The /etc/passwd  file only contains a special marker in the second field. Any program that needs to verify a user is setuid, and can therefore access the shadow password file. Normal programs, which only use the other fields in the password file, can't get at the password.