Fedora Linux

user's full name; the chfn and finger commands use it to store the user's full name, office location, office phone number, and home phone number, separated by commas.

This field is historically called the gecos or gcos field because it originally cross-referenced user IDs between the Unix and General Electric Comprehensive Operating System (gecos) at Bell Labs. You'll still find this field documented as pw_gecos in Linux library function documentation (for an example, see man getpwent). 

home directory

At login, the shell changes to this directory automatically, and the HOME environment variable is set to this value.

shell

This field specifies the user's default shell.

For accounts that require a password but should not permit the user to log in, such as an account used only for file sharing or POP/IMAP email access, use the dummy shell /sbin/nologin. If the user attempts to log in, the message 'This account is currently not available' is displayed, and the user is logged out automatically. To use a different message, place the desired text in the file /etc/nologin.txt. 

Since /etc/passwd must be readable by everyone so that commands such as ls -l can function correctly, the passwords have been moved to a file that is readable only by root , named /etc/shadow , which looks like this:

root:$1$45ZWBaPE$XvzhGEj/rA4VDJXdQESi0.:13024:0:99999:7:::
bin:*:13024:0:99999:7:::
daemon:*:13024:0:99999:7:::
adm:*:13024:0:99999:7:::
...(Lines snipped)...
fax:!!:13024:0:99999:7:::
nut:!!:13024:0:99999:7:::
privoxy:!!:13024:0:99999:7:::
chris:$1$hUjsHJUHIhUhu889H98hH.8.BGhhY79:13068:0:99999:7:::
diane:$1$97KJHNujHUkh88JHmnjNyu54NUI9JY7:13024:0:99999:7:::
jane:$1$yuaJsudk9jUJHUhJHtgjhytnbYhGJHy:13024:0:99999:7:::
richard:$1$pIjyfRbKo71jntgRFu3duhU97hHygbf:13024:0:99999:7:::

Note that the second field contains an encrypted version of the password. The encryption function, called a hash , is not reversible, so it's not possible to take this data and reconstruct the password. When the user enters his password, it is also encrypted; then the two encrypted values are compared.

The other fields in this file contain information used for password aging (expiry).

In a similar way, /etc/group contains basic information about each group:

root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
...(Lines snipped)...
fax:x:78:
nut:x:57:
privoxy:x:73:
chris:x:500:fen
diane:x:501:
jane:x:502:
richard:x:503:
audit:x:504:jane,richard
soccer:x:505:richard,jake,wilson,audrey,shem,mike,olgovie,newton
toronto:x:506:matthew,jake,wilson,richard,audrey,shem,mike,olgovie,newton,ed,jack
...(Lines snipped)...

The fields here are:

group name

The name assigned to the group.

group password

A password assigned to the group. This is rarely used, because it's just as easy to add a user into a group as it is to give her the password. The actual password values have been moved to /etc/gshadow .

group ID

The numeric value assigned to the group. This file is used to cross-reference group IDs to group names.

supplementary members

The username of each user in this group, except users who have this group as their primary group (field 4 in /etc/passwd ).

The /etc/gshadow file contains the actual passwords, plus group administrator information:

root:::root
bin:::root,bin,daemon
daemon:::root,bin,daemon
sys:::root,bin,adm
adm:::root,adm,daemon
...(Lines snipped)...
fax:x::
nut:x::
privoxy:x::
chris:!:500::fen
diane:!:501::
jane:!:502::
richard:!:503::
audit:!:504:jane:jane,richard,audrey,matthew
soccer:!:505:richard,jake:richard,jake,wilson,audrey,shem,mike,olgovie,newton
toronto:!:506:ed:matthew,jake,wilson,richard,audrey,shem,mike,olgovie,newton,ed
...(Lines snipped)...