Hi Friends,

I need a clarification on /etc/passwd file. Can it have same user name entry two times, if so what is the use of it. I see it applying the first entry's configuration only. What is the use of second entry with different configuration.

Can somebody please clarify about this.


9 Years
Discussion Span
Last Post by Fest3er

I don't know the solution for your problem I just would like let you know that the etc/shadow is more secure . . .


I believe /etc/passwd is 'keyed' on the username, and I believe the system uses only the first instance it finds. So while you can have many users with the same name, only the first entry will be used.

However, you *can* have several user names with the same numerical user ID (UID). For example, you could have users master, alpha and beta all using the same UID, but having different home directories. This would allow you to assign different passwords to each user, but allow them to access the same files. The username associated with all files owned by these users would be the first one in /etc/passwd.

Of course, some will say that this is what groups are for. But groups do not achieve equality as to file ownership. User and group permissions must be the same on all files and directories for access and control to be equally shared; this is not always guaranteed to work and is not always easy to set up.

As to /etc/shadow being more secure, this applies only to the actual passwords; it shadows /etc/passwd and stores the encrypted passwords in a file readable only by root. The system still uses /etc/passwd to find the user name associated with a UID, just as it uses /etc/group to find the group name associated with a GID.

The only utility I could see in having multiple users with the same name is if you had a PAM login module that differentiated logins based on IP address. That is, if a user is authorized to access the system only form a certain set of IP addresses, then logins from anywhere else using that name could be directed to a chroot jail. And if the passwords are different, then the effect of the compromise is lessened. Of course, this is more akin to 'security through obscurity', which never works terribly well.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.