35.3. spwd — The shadow password database

This module provides access to the Unix shadow password database. It is available on various Unix versions.

You must have enough privileges to access the shadow password database (this usually means you have to be root).

Shadow password database entries are reported as a tuple-like object, whose attributes correspond to the members of the spwd structure (Attribute field below, see <shadow.h>):

Index Attribute Meaning
0 sp_namp Login name
1 sp_pwdp Encrypted password
2 sp_lstchg Date of last change
3 sp_min Minimal number of days between changes
4 sp_max Maximum number of days between changes
5 sp_warn Number of days before password expires to warn user about it
6 sp_inact Number of days after password expires until account is disabled
7 sp_expire Number of days since 1970-01-01 when account expires
8 sp_flag Reserved

The sp_namp and sp_pwdp items are strings, all others are integers. KeyError is raised if the entry asked for cannot be found.

The following functions are defined:


Return the shadow password database entry for the given user name.

Changed in version 3.6: Raises a PermissionError instead of KeyError if the user doesn’t have privileges.


Return a list of all available shadow password database entries, in arbitrary order.

See also

Module grp
An interface to the group database, similar to this.
Module pwd
An interface to the normal password database, similar to this.