How do I put comments in my /etc/shadow file?

On Linux systems using GNU libc, lines starting with # are ignored in /etc/shadow. The parsing is done by __fgetspent_r(), and its source code explicitly handles (and documents) this behaviour.

So on the vast majority of Linux systems you can comment lines in /etc/shadow with # without causing problems.

Unfortunately comments are dropped when /etc/shadow is updated, e.g. by passwd; so storing comments isn't actually safe (from the comments' point of view).

This means you need to find somewhere else to store your comments: two good suggestions are dr01's idea of using /etc/shadow.README, or better yet Gilles' idea of using commit messages with etckeeper.


Every line of /etc/shadow is considered as a user record. As written by Stephen Kitt who reviewed the parser's source code, you can put lines starting with # as comments in the file or even empty lines and they will be ignored.

However, I have never seen a /etc/shadow file with comments on it. It appears it is not common practice, and for a very good reason: editing it by hand is strongly discouraged. For this reason, I'd rather suggest you create a /etc/shadow.README file instead to store your comments. Remember to chmod 000 the file to avoid non-root users snooping on it.


Of course you have changes to your /etc/shadow. You don't want the account information in /etc/shadow on your server - hashed passwords, account expirations, etc - to be a byte-for-byte copy of the upstream /etc/shadow.

And I hope you're not overwriting your current /etc/shadow with whatever you're getting from your upstream data source.

Tags:

Password