In Linux, password hashes are stored in a secure file to protect user authentication data. The

evolution of Linux security practices moved password storage from plaintext or weakly protected

files to a more secure location.

Why C is correct: The /etc/shadow file is the standard location for storing password hashes in modern

Linux systems. This file is readable only by the root user, enhancing security by restricting access. It

contains encrypted password hashes (typically using algorithms like SHA-512), along with user

details such as password expiration policies. CNSP documentation on Linux security emphasizes

/etc/shadow as the authoritative source for password hashes, replacing older methods.

Why other options are incorrect:

A . /etc/passwd: Historically, /etc/passwd stored passwords in plaintext or weakly hashed forms (e.g.,

using DES), but modern systems use it only for user account information (e.g., UID, GID, home

directory) and reference /etc/shadow for hashes.

B . /etc/password: This is not a valid file in the Linux file system; it appears to be a typographical error

or misunderstanding, with no recognized role in password storage.

D . /usr/bin/shadow: /usr/bin contains executable binaries, not configuration or data files like

password hashes. /etc/shadow is the correct path.

Reference: CNSP "Linux Authentication Mechanisms" (Section on Password Storage) details the

transition to /etc/shadow for enhanced security and contrasts it with /etc/passwd.