That’s a great question! While /etc/passwd stores general user information, /etc/shadow is specifically designed to store sensitive password information securely.
Here is why it exists and what it does:
1. Security (The Main Reason)
In the early days of Linux, encrypted passwords were saved directly in /etc/passwd. However, since many programs need to read /etc/passwd to find UIDs and usernames, that file must be readable by everyone. This made it easy for hackers to try and crack passwords.
To fix this, the passwords were moved to /etc/shadow, which:
- Is only readable by the root user (and the
shadowgroup). - Prevents regular users from seeing even the encrypted versions of other people's passwords.
2. What's inside it?
If you were to look at a line in /etc/shadow (which you can now do as joker using sudo cat /etc/shadow), you would see several fields separated by colons:
- Encrypted Password: A long string of random-looking characters.
- Last Change: When the password was last changed.
- Aging Information: It tracks when a password expires, how many days before it must be changed, and when the account might be disabled.
Summary
/etc/passwd: Who is the user? (Publicly readable info like home directory and shell)./etc/shadow: Is the password correct? (Secret info stored behind restricted permissions).
In your lab, when you ran sudo cat /etc/shadow, you were successfully using your new administrative "power" to view one of the most sensitive files on the system! Keep up the great work!
