What is /etc/passwd file and various fields in /etc/passwd

If you are a Linux User or a system admin, you must have heard about /etc/passwd file. This file is a config that contains all the user details in the system and it is created during OS installation. Whenever a new user is added in the Linux system using useradd or adduser command, /etc/passwd file is updated with the details of the newly added user. This file has several fields and each field is separated by ‘:’ or colon.

There are several unix commands that uses /etc/passwd file like passwd and chpasswd – user for changing the, getent command for displaying user entries, chsh – for changing shell.
In brief, /etc/passwd is the config file that contains the login information of the users.

Contents of /etc/passwd 

Below is the format of /etc/passwd file

 As it is clear from the above example, /etc/passwd file contains seven entries or fields each separated by a colon. Now let us see what all are these fields.
  1.  Login Name or Username: First field in the /etc/passwd corresponds to the login name or Linux username.
  2.  x in the second field refers to the encrypted password that is stored in another file /etc/shadow. In case shadowing is disabled, then this field will contain the encrypted password.
  3. User ID or UID: Third entry in the /etc/passwd file is for user id or uid assigned to the user. Newly added users in RHEL 7 begins from 1000
  4. Group ID or GID: Fourth entry in the /etc/passwd file stores the Group ID or GID of Primary group
  5. GCOS field comment: Fifth entry in /etc/passwd is the comment field that can contain any detail about user like user’s full name, department, contact number etc.  GCOS stands for General Electric Comprehensive Operating System
  6. Home Directory: Sixth entry is for home directory absolute path that is assigned to the user. In the above example, user home directory is set as /home/john that means when user john will login to the machine, he will be at /home/john
  7.  Login Shell: Last one, the seventh field in the /etc/passwd file stores the login shell assigned to a user. In the above example, user john is assigned shell /bin/bash. Common shells are /bin/bash, /bin/sh, many times you will observe this field contains /sbin/nologin or /bin/false.
Sample /etc/passwd file looks like:

sample /etc/passwd file on a rhel 7.5 machine

Permissions on /etc/passwd file

Permissions on /etc/passwd file should be read only for all user, owner of the file is root.
-rw-r--r-- 1 root root 861 Dec  5 00:50 /etc/passwd
To get any  particular user details, you can use getent command
testvm:~# getent passwd john
john:x:1023:1023:Design Team:/home/john:/bin/bash
You can use awk command to filter out fields of /etc/passwd file. For example, run below command to filter out all the users in the system.
cat /etc/passwd | awk -F: '{print $1}'