So, user accounts themselves are defined in /etc/passwd. Linux
systems contain a companion file to /etc/passwd that's called
/etc/shadow. This file, unlike /etc/passwd, is
readable only by root and contains encrypted password information. Let's
look at a sample line from /etc/shadow:
drobbins:$1$1234567890123456789012345678901:11664:0:-1:-1:-1:-1:0
Each line defines password information for a particular account, and again,
each field is separated by a :. The first field defines the particular user
account with which this shadow entry is associated. The second field contains
an encrypted password. The remaining fields are described in the following
table:
| field 3 | Number of days since 1/1/1970 that the password was modified |
| field 4 | # of days before the password will be allowed to be changed (0 for "change anytime") |
| field 5 | # of days before system will force user to change to a new password (-1 for "never") |
| field 6 | # of days before password expires that user will be warned about expiration (-1 for "no warning") |
| field 7 | # of days after password expiration that this account is automatically disabled by the system (-1 for "never disable") |
| field 8 | # of days that this account has been disabled (-1 for "this account is enabled") |
| field 9 | Reserved for future use |
