Passwd vs Shadow

Skybear · 2026-06-15T07:16:06+0100

I’m learning about users and groups. The presenter just discussed the Passwd and Shadow commands.

I have two questions:
1) When using Passwd, why do I see only a placeholder (“x”) and not the actual password?
2) Has the use of Passwd changed? When I googled Passwd, the Geeks for Geeks website tells me that command will indeed change a user’s password. https://www.geeksforgeeks.org/linux-unix/passwd-command-in-linux-with-examples/

piorunz · 2026-06-15T09:15:17+0100

1. Do you mean password letters are not visible while typing? If yes, it's a simple security feature, stranger will not see your password by looking at your screen from behind your shoulder.
2. Check man passwd in the terminal to read how this command works.

Skybear · 2026-06-15T09:37:59+0100

I was getting confused between passwd, to change a password, and cat /etc/passwd, to view user details. I think I understand the difference now. One thing I did use was the man command.

Trml · 2026-06-15T10:02:18+0100

Yes, there is also a man shadow, but notice it says "library call" at the top. The passwd command calls the shadow library to encrypt and save the password (in /etc/shadow). This is standard for Linux for a long time and nothing a user needs to worry about. One reason for the change, i.e. not including the password itself in /etc/passwd anymore, was the shadow system can separate and limit access to the passwords:

$ ls -la /etc/passwd /etc/shadow
-rw-r--r--. 1 root root 3063 Dec 16 16:58 /etc/passwd
----------. 1 root root 1409 May 7 08:18 /etc/shadow

CaffeineAddict · 2026-06-15T11:00:52+0100

Skybear said:
2) Has the use of Passwd changed? When I googled Passwd, the Geeks for Geeks website tells me that command will indeed change a user’s password. https://www.geeksforgeeks.org/linux-unix/passwd-command-in-linux-with-examples/

passwd is cli tool to change password, however you should use your DE to change it because this will emit the change to other GUI tools that depend on it, such as various GUI keys managers, e.g. KWalletManager in KDE.
The cli tool won't affect GUI, it's only safe on servers with no GUI or systems without any UI tools that need your password.

bob466 · 2026-06-15T14:34:47+0100

To change your known Password...

Type your password...hit Enter...type new password...hit Enter...you'll see your password has been changed.
To change your password you forgot...that's a bit harder.

Rocketing-warp9 · 2026-06-15T14:37:23+0100

bob466 said:
To change your know Password...
View attachment 32309
Type your password...hit Enter...type new password...hit Enter...you'll see your password has been changed.
To change your password you forgot...that's a bit harder. View attachment 32310

You would have to get to a bash terminal on a recovery startup mode in order to get there. Or switch to init=/bin/bash on grub.
Then you can change it from there!

deb_user · 2026-06-15T16:44:16+0100

If you know the root password, you can change any user password by just using su. If you don't know any user or root password, you're just a random hacker.

bob466 · 2026-06-15T23:24:02+0100

Rocketing-warp9 said:
You would have to login as root on a recovery startup mode in order to get there.
Then you can change it from there!

Not so...user password...password...Root password what ever you want to call it...you can change your password without using sudo or Root.

Have a look at this...
https://www.linux.org/threads/reset-your-forgotten-password-from-the-grub-menu.64583/

As we all know without your password you can't Login...run Terminal commands...install updates or software. So it's very important not to forget it...a good idea is to write it down somewhere.

Rocketing-warp9 · 2026-06-15T23:36:39+0100

bob466 said:
Not so...user password...password...Root password what ever you want to call it...you can change your password without using sudo or Root.

Have a look at this...
https://www.linux.org/threads/reset-your-forgotten-password-from-the-grub-menu.64583/

As we all know without your password you can't Login...run Terminal commands...install updates or software. So it's very important not to forget it...a good idea is to write it down somewhere. View attachment 32312

Yup! That guide is good! As well as the Init= /bin/bash Method.
When I said "Log In as root" I ment just get to a / Bash terminal.
Will Reword now

Thanks!

Rocketing-warp9 · 2026-06-15T23:40:03+0100

I just had to do that for fedora recently.
but, sadly, no recovery option was available through Grub.

Switched the linux string to init=/bin/bash and it was all good.

Skybear · 2026-06-16T05:19:04+0100

CaffeineAddict said:
passwd is cli tool to change password, however you should use your DE to change it because this will emit the change to other GUI tools that depend on it, such as various GUI keys managers, e.g. KWalletManager in KDE.
The cli tool won't affect GUI, it's only safe on servers with no GUI or systems without any UI tools that need your password.

Interesting. Is it different on distros like Mint which have, and I know I’m not saying this correctly, GUI-based (?) ISO?

CaffeineAddict · 2026-06-16T06:56:31+0100

Skybear said:
Interesting. Is it different on distros like Mint which have, and I know I’m not saying this correctly, GUI-based (?) ISO?

no diff, DE's use polkit while passwd doesn't, that's the only difference if I'm right.
whether you need pwd change over polkit or not I can't tell, but I know it's safer.

Trml · 2026-06-16T07:53:48+0100

CaffeineAddict said:
whether you need pwd change over polkit or not I can't tell, but I know it's safer.

Good point, likely @Skybear 's DE (GUI desktop environment) does need it. Polkit assists with the authentication, more important for password changes is the authentication agent used by the graphical DE (which may be triggered by polkit too). This makes sure the desktop keyring are synchronised to the new (i.e. changed) password. If the password change is not done via GUI (but passwd used instead), there can be a plethora of problems. It starts from a Chromium based browser not being able to open the keyring (where it stores passwords you save in it) and complaining each time you launch it, to other applications you use with password secrets stored in the DE managed keyring not opening. You won't notice the problem at first after using passwd, because graphical log-in still works next time and other applications you had running when doing the passwd change already had authenticated via polkit.

Passwd vs Shadow

Skybear

Active Member

piorunz

Well-Known Member

Skybear

Active Member

Trml

Well-Known Member

CaffeineAddict

Well-Known Member

bob466

Well-Known Member

Rocketing-warp9

Well-Known Member

deb_user

Well-Known Member

bob466

Well-Known Member

Rocketing-warp9

Well-Known Member

Rocketing-warp9

Well-Known Member

Skybear

Active Member

CaffeineAddict

Well-Known Member

Trml

Well-Known Member

Similar threads

Follow Linux.org

Staff online

Members online

Latest posts