May 14, 2024 6 min read

passwd command in Linux with Examples

In this tutorial, we will explain how to use the passwd command in Linux, which is used to update the existing password.

passwd command on Linux
passwd command in Linux
Table of Contents

Introduction

Before we discuss passwd command in Linux, let's briefly understand - What is passwd command ?

The passwd command on Linux is used to change a user's password. It allows users to update or reset their existing passwords on the system. By using this command, users can enhance the security of their accounts by regularly changing passwords.

This command requires users to enter their current password for verification before setting a new one. Understanding how to use the passwd command is essential for managing user accounts securely in a Linux environment.

In this tutorial, you will understand passwd command in Linux. We will also address a few FAQs on passwd command in Linux.

Basic Syntax of passwd in Linux

passwd [options] [username]

Here,

[options] = to personalize the password-changing procedure, add different parameters.

[username] = the intended user account, for which a password change is desired.

Options Available in passwd Command in Linux

  • -d, --delete: Deletes the password from the user, leaving the account password-free.
  • -e, --expire: The password for the account expires instantly, requiring the user to change it when they log in again.
  • -h, --help: Shows information about the `passwd` command.
  • -i, --inactive: Determines how many days must pass after a password expires for the account to be closed.
  • -k, --keep-tokens: Keeps the authentication tokens when the password isn't expired and only modifies it otherwise.
  • -l, --lock: Locks the user's password, making it impossible to log in using one. SSH keys and other authentication techniques are still functional.
  • -n, --mindays: Modifies the number of days that must pass between password changes, prohibiting the user from changing their password for a predetermined amount of time.
  • -q, --quiet: Activates silent mode, which mutes the usual 'Changing password for $user' notification when a password is changed.
  • -r, --repository: Modifies the password for the given repository.
  • -R, --root: Utilizes configuration files from the designated directory and applies changes made there. This modifies the passwd process's root directory for a short time.
  • -S, --status: Displays a user's password status along with the last change date, age minimum, age maximum, warning period, and inactivity period.
  • -a, --all: Shows each user's password status. Needs the -S option to be used.
  • -u, --unlock: Opens an account's password, making it possible to log in using the password.
  • -w, --warndays: Modifies the count of days until a password expires in order to show a warning.
  • -x, --maxdays: Determines the longest period of time a password can be used. The user is required to update the password after MAX_DAYS.

1. How to Change User Password in Linux

Use the passwd command to modify a user's password by doing the following steps:

Step 1: Access the Linux system by opening a terminal.

Step 2: Enter the command below and hit Enter:

passwd
  • You will be required to enter your current password in order to continue if you are not the root user.
  • After that, a prompt to enter the new password will appear. After entering the new password, hit Enter.
  • When asked to confirm, type the new password again.
  • The password has been modified for the given user account.
💡
Note: For security purposes, Linux does not show any characters on the screen when you type the password.

2. How to Change Another User’s Password on Linux

You can use the following procedures to modify the password for a user who is not currently logged in:

Step 1: Access the Linux system by opening a terminal.

Step 2: Enter the command below and hit Enter:

passwd user1
  • You might be asked to enter your current password in order to continue if you are not the root user.
  • After that, a prompt to enter the new password will appear. After entering the new password, hit Enter. For security purposes, Linux does not show any characters on the screen while you type the password.
  • When asked to confirm, type the new password again.
  • The user 'john' now has a new password.
💡
Note: Regular users can use sudo to change the root password and to invoke root privileges. This is especially useful if the root password is left unset, as it often is in many popular Linux distributions, and the user is a member of the admin group (i.e., has a position in the sudoers list (/etc/sudoers) and can use commands with sudo).
sudo passwd root

3. How to Change the User Password forcefully

Use the following command to make the user change their password when they log in again:

passed -e user1

The user's password will instantly expire as a result, so they will need to change it when they log in again.

4. How to Lock and Unlock User Account on Linux

To lock or unlock an account for a user, utilize the subsequent commands:

To lock the account:

passwd -l user2

The user 'user2' cannot log in because their password is currently locked.

To unlock the account:

passwd -u user2

Now that the password for user 'user2' has been unlocked, login is possible once more.

5. How to Set Password Expiry

You can specify the maximum number of days that a password is valid with the -x option. For instance:

passwd -x 30 user3

This establishes a 30-day maximum password age for user 'user3'.

6. How to expire a password

The -e option expires a password for an account,

passwd -e user3

The user 'user3' will be required to update their password at the next login.

7. How to Display Status of User Account Password Setting

The -S option displays the status of the user account password settings.

passwd -S user3

The output will display the creation date of the account 'user3' and the type of encryption used for the password.

8. How to Delete Password

This option -d is used to delete a password for an account.

passwd -d user3

Processing in passwd command:

  • Verify current user password :When a user executes the passwd command, they are prompted to enter their current password, which is then verified against the password stored in the /etc/shadow file for that user. However, the root user can circumvent this step and directly change the password, which is useful for resetting forgotten passwords.
  • Verify password aging information : In Linux, password aging details, such as expiration time and restrictions on password changes, are stored in the /etc/shadow file. This allows for setting password expiration and change restrictions for users, enhancing system security.
  • Change the password : Following authentication, a prompt asks the user to reset their password and confirm it by typing it again.
  • /etc/shadow file: The 9 fields in the shadow file are a list of values separated by colons, as seen below:
user1:$6$x8wAJRpP$EWC97sXW5tqac10Q2TQyXkR.1l1jdK4VLK1pkZKmA2mbA6UnSGyo94Pis074viWBA3sVbkCptSZzuP2K.y.an/:17887:0:99999:7:::
  • field 1: username.
  • field 2: Encrypted Password.
  • field 3: Days that have passed since the password was last changed, starting on January 1, 1970.
  • field 4: Days that must pass before a password can be changed. (A value of 0 indicates that it is always flexible).
  • field 5: Days that pass before a password needs to be changed. (A password with a value of, 99999 never expires).
  • field 6: Number of Days before the user's password expires.
  • field 7: The number of days that an account is disabled after its password expires.
  • field 8: The number of days between January 1, 1970 and the date an account was disabled.
  • field 9: This field has been set aside for potential future use.

FAQs on passwd command in Linux

What happens if I forget my current password?

If you forget your current password, you may need to contact your system administrator to reset it for you.

Is it mandatory to change my password regularly using the passwd command?

It is a good security practice to change your password regularly to enhance the security of your account, but it is not mandatory.

Can I view the password policy settings using the passwd command?

No, the passwd command itself does not display password policy settings. These are typically managed through external tools or configurations.

What should I do if I receive an "Authentication token manipulation error" when using passwd?

This error often indicates a permission issue. Try running the command with superuser privileges using sudo passwd.

Can I change the expiry date of my password using the passwd command?

Yes, you can set a password expiry date with the chage command, which is separate from the passwd command.

Does the passwd command send any notification when a password is changed?

No, the passwd command does not send any notifications upon changing passwords. Users are responsible for remembering their new passwords.

Can the "passwd" command be used in scripts or automated processes to manage user password changes?

Yes, the "passwd" command can be included in scripts for automating password change processes, provided security considerations are taken into account.

Conclusion

We hope this tutorial helped you understand how to use passwd command in Linux.

If you have any queries, please leave a comment below, and we’ll be happy to respond to them for sure.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to DevOps Blog - VegaStack.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.