To begin, let's first quickly understand the differences of /etc/passwd and /etc/shadow and what the contents of each look like and represent.
A typical "/etc/passwd" file would look something like this:
test:x:1002:1002:test,,,:/test:/bin/bash
Each field is separated by a colon (":") and are as follows:
- "test" = Username
- "x" = Password field. An "x" means the users password is stored in the /etc/shadow file
- "1002" = Numeric user id. This is assigned by the adduser command. This identifies the user
- "1002" = Numeric group id. This represents the group id of the user. Usually this will match the user id too.
- "test,,," = Full name of user
- "/test" = The users home directory. Usually will be something like /home/test.
- "/bin/bash" = The users "shell account". Usually set to /bin/bash or /bin/sh