Encrypted Passwords
The /etc/passwd file must be world-readable for system processes to function, which is a security risk if passwords were stored there. The /etc/shadow file solves this by storing sensitive information, readable only by root.
What it Stores
Each line corresponds to a user in /etc/passwd and contains critical security data:
- Username
- Encrypted Password: A long string of characters (the hash and salt).
- Last password change date
- Minimum days between password changes
- Maximum days until password change required
- Days warning before password expiration
- Days after expiration until account disabled (inactivity)
Key Takeaway: You should never need to manually edit /etc/shadow. Use passwd and other user management tools.