pwck Command in Linux
The pwck command in Linux verifies the integrity of the password files. It checks for inconsistencies or errors that could affect user account management. This includes validating formatting, matching records between /etc/passwd and /etc/shadow, and checking for valid shells or existing home directories. If issues are found, prompts allow you to correct or remove problematic entries.
Table of Contents
Here is a comprehensive guide to the options available with the pwck command â
Syntax of pwck Command
The syntax of the pwck command in Linux is as follows −
pwck [options] [password_file [shadow_file]]
In the above syntax, the [options] field is used to specify the options to modify commandâs output. The [password_file [shadow_file]] field is used to specify the password file and corresponding shadow file.
Note that the password file refers to the file containing user account information, generally /etc/passwd. An alternative file path can also be provided if needed. If omitted, pwck defaults to /etc/passwd. The shadow file refers to the shadow file, usually /etc/shadow, which contains the hashed passwords and related information for accounts. Providing this file enables pwck to validate its consistency against the mentioned password file.
pwck Command Options
The options of the pwck command are listed below −
| Flags | Options | Description |
|---|---|---|
| -b | --badname | Allow names (containing special characters, exceeding length limits, or starting with a digit) that do not conform to standards. |
| -q | --quiet | Report errors only. Warnings that do not require any action are suppressed. |
| -r | --read-only | Execute the pwck command in read-only mode. |
| -R | --root CHROOT_DIR | Apply changes in the CHROOT_DIR directory and use the configuration files from that directory. Only absolute paths are supported. |
| -s | --sort | Sort entries in /etc/passwd and /etc/shadow by UID. |
| -h | --help | Display help message and exit. |
Note − The -r and -s options cannot be combined.
Examples of pwck Command in Linux
In this section, the usage of the pwck command in Linux will be discussed with examples −
- Checking the Integrity of Password Files in Linux
- Suppressing Warnings
- Executing the pwck Command in Read-Only Mode
- Sorting the Password Files
- Checking Password Files with Invalid Names
- Combining Options
- Displaying Usage Help
Checking the Integrity of Password Files in Linux
To check the integrity of the password file in Linux, use the pwck command −
sudo pwck
The above command runs a basic integrity check on the default /etc/passwd and /etc/shadow files. The command verifies −
- Proper formatting of entries.
- Matching records between the two files.
- Existence of home directories and valid shells for user accounts.
If errors or inconsistencies are found, it prompts to fix them. For example, in the following output image the pwck command prompts for adding a user to the shadow file.
Press y or n followed by the return key for file modifications.
Similarly, to check the integrity of custom password and shadow files in Linux, specify the paths of these files with the pwck command −
sudo pwck /path/to/password/file /path/to/shadow/file
Suppressing Warnings
To suppress the warnings and display only critical errors, use the -q or --quiet option −
sudo pwck -q
In the case of critical errors, the pwck command will prompt for action as shown in the image below −
Executing the pwck Command in Read-Only Mode
To perform a read-only check, use the -r or --read-only option.
sudo pwck -r
It identifies and reports errors but does not prompt corrections.
Sorting the Password Files
To sort the entries in the /etc/passwd and /etc/shadow files, use the -s or --sort option with the pwck command −
sudo pwck -s
Checking Password Files with Invalid Names
To check the integrity of files that contain invalid usernames that do not conform to naming standards, use the -b or --badname option with the pwck command −
sudo pwck -b
Combining Options
To identify critical errors without prompting for changes or displaying warnings, use the -q and -r options in the following way −
sudo pwck -q -r
Displaying Usage Help
To display the usage help of the pwck command, use the -h or --help option −
pwck -h
Conclusion
The pwck command in Linux ensures the integrity of password and shadow files by checking for inconsistencies or errors in entries that may affect account management. It validates proper formatting, matches records between files, and verifies the existence of home directories and valid shells for accounts.
Options like -q for suppressing warnings, -r for read-only checks, and -s for sorting entries provide flexibility in execution. If errors are found, the command may prompt for corrections or report issues depending on the chosen options.