UNIX account security: Which system file contains the password aging fields (such as last change, minimum/maximum days, and warning periods) associated with user accounts?

Introduction / Context:
Password aging enforces security by requiring users to change passwords periodically and by controlling minimum days between changes. On UNIX and Linux systems with shadow password support, sensitive password hashes and aging metadata are stored separately from world-readable user information.

Given Data / Assumptions:

• The system uses shadow passwords (common in modern UNIX/Linux).
• You seek the file specifically holding password hashes and aging metadata.
• Typical files include /etc/passwd, /etc/shadow, and shell profiles (e.g., ~/.profile).

Concept / Approach:
/etc/shadow stores secure password hashes and aging fields (for example: last change date, minimum days, maximum days, warning and inactivity periods). /etc/passwd (sometimes referenced colloquially as the “password” file) holds public account data like username, UID/GID, shell, and home directory, but not the hash when shadowing is enabled. Profile files configure shell environments and are unrelated to password aging.

Step-by-Step Solution:

Verification / Alternative check:
Consult “man 5 shadow” for field formats; compare with “man 5 passwd” to see the separation of concerns. Use chage to view or modify a user’s password aging settings, which reads/writes /etc/shadow.

Why Other Options Are Wrong:
password (/etc/passwd): lacks aging data when shadowing is used. profile: per-user shell initialization, unrelated. All the three: incorrect because only the shadow file contains password aging fields.

Common Pitfalls:
Confusing “passwd” (the command) with /etc/passwd; assuming you can read /etc/shadow as a regular user; overlooking PAM and chage tools that manage these fields.

Final Answer:
Shadow