How do I put comments in my /etc/shadow file?
On Linux systems using GNU libc, lines starting with #
are ignored in /etc/shadow
. The parsing is done by __fgetspent_r()
, and its source code explicitly handles (and documents) this behaviour.
So on the vast majority of Linux systems you can comment lines in /etc/shadow
with #
without causing problems.
Unfortunately comments are dropped when /etc/shadow
is updated, e.g. by passwd
; so storing comments isn't actually safe (from the comments' point of view).
This means you need to find somewhere else to store your comments: two good suggestions are dr01's idea of using /etc/shadow.README
, or better yet Gilles' idea of using commit messages with etckeeper.
Every line of /etc/shadow
is considered as a user record. As written by Stephen Kitt who reviewed the parser's source code, you can put lines starting with #
as comments in the file or even empty lines and they will be ignored.
However, I have never seen a /etc/shadow
file with comments on it. It appears it is not common practice, and for a very good reason: editing it by hand is strongly discouraged. For this reason, I'd rather suggest you create a /etc/shadow.README
file instead to store your comments. Remember to chmod 000
the file to avoid non-root users snooping on it.
Of course you have changes to your /etc/shadow
. You don't want the account information in /etc/shadow
on your server - hashed passwords, account expirations, etc - to be a byte-for-byte copy of the upstream /etc/shadow
.
And I hope you're not overwriting your current /etc/shadow
with whatever you're getting from your upstream data source.