It seems to me that /etc/shadow and /etc/passwd contain the same data. Why are there two files? Are they different?
3 Answers
Historically /etc/passwd had all of the user data, there was no shadow. However it was discovered that a dictionary attack could be done on the file, to discover passwords (if they are in the dictionary).
Therefore it was decided to remove the passwords from /etc/passwd, the rest of the file remained, as it was used by many programs, e.g. ls. The passwords were moved to /etc/shadow, and this file was made so that only root can read it.
/etc/passwdnow has anxfor the password field./etc/shadowonly shares the first field (the key-field / the user name)./etc/shadowhas been expanded to contain other password management fields.
The existence of the two files is a consequence of that /etc/passwd is a text file that can be read by other applications (as finger, ident or ls for example), so an attacker could gain access to the information of the file that included the hashed password.
To increase security, the hashed password that used to be in the file was moved to other file called /etc/shadow that is accessible only by root
The major difference is that they contain different pieces of data.
passwd contains the users' public information (UID, full name, home directory), while shadow contains the hashed password and the password expiry data. The reasons for the division are partly historical.
/etc/shadowin the first place, although some of us might have an/etc/spwd.db. Second: They do not have the same data.