Test Preparation Checklist by Dr. Richard Felder
May 10, 2020
How to find if the windows server is in an Active Directory domain via PowerShell?
May 10, 2020

How to remove password from /etc/shadow


The /etc/shadow file stores actual password in encrypted format and other passwords related information such as user name, last password change date, password expiration values, etc,.

Historically, the /etc/passwd file used to store all login information in a standalone Linux system. Later, due to following reasons password information was moved in /etc/shadow file.

  • The /etc/shadow file has nine fields to store encrypted password and other password related information.
  • The /etc/shadow file supports all advanced algorithms and has plenty of room for further updates.
  • The /etc/shadow file is readable only by root user.

The fields in the shadow file are separated by colons(:) and contain the following information:

[--] [----] [--] - [---] ----
|      |      |   |   |   |||+-----------> 9. Unused
|      |      |   |   |   ||+------------> 8. Expiration date
|      |      |   |   |   |+-------------> 7. Inactivity period
|      |      |   |   |   +--------------> 6. Warning period
|      |      |   |   +------------------> 5. Maximum password age
|      |      |   +----------------------> 4. Minimum password age
|      |      +--------------------------> 3. Last password change
|      +---------------------------------> 2. Encrypted Password
+----------------------------------------> 1. Username

Two ways to remove the password from /etc/shadow file

1. Using command 
passwd -d <user_name>
Ex. For root
passwd -d root

That’s all, you are done. Try logging with that user and it should skip the logging.

2. Editing the /etc/shadow
You can also manually edit /etc/shadow.
(Take a backup copy first. Be sure that you can log even if you mess up, for example from a rescue system.)
Search for “root” and delete the second field (everything between the first and second colon):
Save the file, and try logging in as that user. It should skip the password prompt.

Good Option : Locking the password:
Rather than keeping blank password for user specially root, you can lock the password so that it will not match any passowrd.
passwd --lock root 
passwd -l root