The /etc/gshadow File Explained

On a Linux system, every user must be a member of at least one group. There are two types of groups: primary and secondary. A primary group is the private group of the user. Primary groups are compulsory. When we add users, Linux automatically creates private groups for them. A secondary is a public group of the user. Secondary groups are optional. We manually create them as per requirements. After making a group, we add members. By default, only an administrator or group owner can add members. Users can join a group only when the administrator or group owner configures a group password. If a group has a password, any user who knows the password can join the group. If it has no password, users can not join it unless the administrator or group owner manually adds them. This restriction prevents unauthorized usage of group permission.

When a user joins a group, he gets the group's permission. It causes security risks. For example, a group owns a script. By default, a non-group user can not access this script. However, he can join the group. After joining the group, he gets permission to use the script. Group authentication prevents unauthorized users from joining the group. An administrator or group creator can create a group password. Only users knowing the password can join the group.

The /etc/gshadow file

The /etc/gshadow file saves group passwords. Each line in this file stores one group entry. Each line contains the following four fields separated by colons.

Group name : group password : Group admin : group members
Group name

This field stores the group name.

Group password

This field stores the group password in an encrypted format.

Group admin

This field saves the group admin name. Only the group admin can configure or change the group password.

Group members

This field stores the username of group members. A group can have many members.

the /etc/gshadow file feld explained

The /etc/gshadow file entry example

Linux automatically creates an entry at the end of the /etc/gshadow file when we configure a password for the group. The following command adds a new group.

#groupadd [group-name]

The above command adds a new entry at the end of this file. It creates an empty group. It does not add any group members. We must manually add group members. The following command adds a user to the group.

#usermod -G [secondary group name] [username]

Only group members can change their default group. The newgrp command allows users to change their default group in the current session. Without arguments, this command changes the new group to the default group. For example, the following command changes the default group to the given group.

$newgrp [new group name]

The following command reverts it to the default group.

$newgrp

If a non-group member changes his default group, the shell prompts him to enter the new group's password. If the new group has no password or the user does not know the password, the shell returns the following error.

newgrp: failed to crypt password with previous salt: Invalid argument

If the new group has a password and the user enters the correct password, the newgrp command allows the user to change the default group to the new group in the current session.

Example

  • Add two new users: user1 and user2.
  • List or view the last two entries of the /etc/passwd file.
  • List or view the last two entries of the /etc/group file.
  • Add a new group: usergroup.
  • List or view the last entry of the /etc/gshadow file.
  • Add the first user to the group.
  • Switch to the first user account and change the default group to usergroup.
  • Verify the user can change his default group.
  • Exit from the first user and switch to the second user account.
  • Change the default group to usergroup.
  • Verify the user cannot change his default group.
  • Exit from the second user account and set a group password.
  • Switch to the second user account again and change the default group to usergroup.
  • Verify the user can change his default group.
#useradd user1
#useradd user2
#tail -2 /etc/passwd
#tail -2 /etc/group
#groupadd usergroup
#usermod -G usergroup user1
#su user1
#tail -1 /etc/passwd
#tail -1 /etc/group

/etc/gshadow file explained

This tutorial is part of the tutorial series 'Linux User and Group Management Explained with Examples'. Other parts of this series are the following.

Chapter 01  Difference between the root user and super (sudo) user
Chapter 02  Linux User Management Explained with Examples
Chapter 03  Linux Group Management Explained with Examples
Chapter 04  Password aging policy Explained with chage command
Chapter 05  The /etc/group File Explained
Chapter 06  The /etc/gshadow File Explained
Chapter 07  The /etc/passwd file in Linux Explained with Examples
Chapter 08  The /etc/shadow file in Linux Explained with Examples
Chapter 09  The useradd command Explained
Chapter 10  The gpasswd command Explained
Chapter 11  The chage command Examples and Usages

Conclusion

The /etc/group file saves group information. Each line in this file represents a group entry. Linux automatically creates group entries for primary groups. Secondary groups are optional. We manually add them as per requirements.

By ComputerNetworkingNotes Updated on 2026-04-11

ComputerNetworkingNotes Linux Tutorials The /etc/gshadow File Explained

We do not accept any kind of Guest Post. Except Guest post submission, for any other query (such as adverting opportunity, product advertisement, feedback, suggestion, error reporting and technical issue) or simply just say to hello mail us ComputerNetworkingNotes@gmail.com