passwd command in Linux with Examples
Introduction
Before we discuss passwd
command in Linux, let's briefly understand - What is passwd
command ?
The passwd
command on Linux is used to change a user's password. It allows users to update or reset their existing passwords on the system. By using this command, users can enhance the security of their accounts by regularly changing passwords.
This command requires users to enter their current password for verification before setting a new one. Understanding how to use the passwd
command is essential for managing user accounts securely in a Linux environment.
In this tutorial, you will understand passwd
command in Linux. We will also address a few FAQs on passwd
command in Linux.
Basic Syntax of passwd
in Linux
passwd [options] [username]
Here,
[options]
= to personalize the password-changing procedure, add different parameters.
[username]
= the intended user account, for which a password change is desired.
Options Available in passwd
Command in Linux
- -d, --delete: Deletes the password from the user, leaving the account password-free.
- -e, --expire: The password for the account expires instantly, requiring the user to change it when they log in again.
- -h, --help: Shows information about the `passwd` command.
- -i, --inactive: Determines how many days must pass after a password expires for the account to be closed.
- -k, --keep-tokens: Keeps the authentication tokens when the password isn't expired and only modifies it otherwise.
- -l, --lock: Locks the user's password, making it impossible to log in using one. SSH keys and other authentication techniques are still functional.
- -n, --mindays: Modifies the number of days that must pass between password changes, prohibiting the user from changing their password for a predetermined amount of time.
- -q, --quiet: Activates silent mode, which mutes the usual 'Changing password for $user' notification when a password is changed.
- -r, --repository: Modifies the password for the given repository.
- -R, --root: Utilizes configuration files from the designated directory and applies changes made there. This modifies the
passwd
process's root directory for a short time. - -S, --status: Displays a user's password status along with the last change date, age minimum, age maximum, warning period, and inactivity period.
- -a, --all: Shows each user's password status. Needs the
-S
option to be used. - -u, --unlock: Opens an account's password, making it possible to log in using the password.
- -w, --warndays: Modifies the count of days until a password expires in order to show a warning.
- -x, --maxdays: Determines the longest period of time a password can be used. The user is required to update the password after MAX_DAYS.
1. How to Change User Password in Linux
Use the passwd
command to modify a user's password by doing the following steps:
Step 1: Access the Linux system by opening a terminal.
Step 2: Enter the command below and hit Enter:
sudo passwd
- You will be required to enter your current password in order to continue if you are not the root user.
- After that, a prompt to enter the new password will appear. After entering the new password, hit Enter.
- When asked to confirm, type the new password again.
- The password has been modified for the given user account.
2. How to Change Another User’s Password on Linux
You can use the following procedures to modify the password for a user who is not currently logged in:
Step 1: Access the Linux system by opening a terminal.
Step 2: Enter the command below and hit Enter:
sudo passwd user1
- You might be asked to enter your current password in order to continue if you are not the root user.
- After that, a prompt to enter the new password will appear. After entering the new password, hit Enter. For security purposes, Linux does not show any characters on the screen while you type the password.
- When asked to confirm, type the new password again.
- The user 'john' now has a new password.
sudo passwd root
3. How to Change the User Password forcefully
Use the following command to make the user change their password when they log in again:
sudo passwd -e user1
The user's password will instantly expire as a result, so they will need to change it when they log in again.
4. How to Lock and Unlock User Account on Linux
To lock or unlock an account for a user, utilize the subsequent commands:
To lock the account:
sudo passwd -l user2
The user 'user2' cannot log in because their password is currently locked.
To unlock the account:
sudo passwd -u user2
Now that the password for user 'user2' has been unlocked, login is possible once more.
5. How to Set Password Expiry
You can specify the maximum number of days that a password is valid with the -x
option. For instance:
sudo passwd -x 30 user3
This establishes a 30-day maximum password age for user 'user3'.
6. How to expire a password
The -e
option expires a password for an account,
sudo passwd -e user3
The user 'user3' will be required to update their password at the next login.
7. How to Display Status of User Account Password Setting
The -S
option displays the status of the user account password settings.
sudo passwd -S user3
The output will display the creation date of the account 'user3' and the type of encryption used for the password.
8. How to Delete Password
This option -d
is used to delete a password for an account.
sudo passwd -d user3
Processing in passwd command:
- Verify current user password :When a user executes the
passwd
command, they are prompted to enter their current password, which is then verified against the password stored in the/etc/shadow
file for that user. However, the root user can circumvent this step and directly change the password, which is useful for resetting forgotten passwords. - Verify password aging information : In Linux, password aging details, such as expiration time and restrictions on password changes, are stored in the
/etc/shadow
file. This allows for setting password expiration and change restrictions for users, enhancing system security. - Change the password : Following authentication, a prompt asks the user to reset their password and confirm it by typing it again.
/etc/shadow
file: The 9 fields in the shadow file are a list of values separated by colons, as seen below:
user1:$6$x8wAJRpP$EWC97sXW5tqac10Q2TQyXkR.1l1jdK4VLK1pkZKmA2mbA6UnSGyo94Pis074viWBA3sVbkCptSZzuP2K.y.an/:17887:0:99999:7:::
- field 1: username.
- field 2: Encrypted Password.
- field 3: Days that have passed since the password was last changed, starting on January 1, 1970.
- field 4: Days that must pass before a password can be changed. (A value of 0 indicates that it is always flexible).
- field 5: Days that pass before a password needs to be changed. (A password with a value of, 99999 never expires).
- field 6: Number of Days before the user's password expires.
- field 7: The number of days that an account is disabled after its password expires.
- field 8: The number of days between January 1, 1970 and the date an account was disabled.
- field 9: This field has been set aside for potential future use.
FAQs on passwd
command in Linux
What happens if I forget my current password?
If you forget your current password, you may need to contact your system administrator to reset it for you.
Is it mandatory to change my password regularly using the passwd command?
It is a good security practice to change your password regularly to enhance the security of your account, but it is not mandatory.
Can I view the password policy settings using the passwd command?
No, the passwd command itself does not display password policy settings. These are typically managed through external tools or configurations.
What should I do if I receive an "Authentication token manipulation error" when using passwd?
This error often indicates a permission issue. Try running the command with superuser privileges using sudo passwd
.
Can I change the expiry date of my password using the passwd command?
Yes, you can set a password expiry date with the chage
command, which is separate from the passwd command.
Does the passwd command send any notification when a password is changed?
No, the passwd command does not send any notifications upon changing passwords. Users are responsible for remembering their new passwords.
Can the "passwd" command be used in scripts or automated processes to manage user password changes?
Yes, the "passwd" command can be included in scripts for automating password change processes, provided security considerations are taken into account.
Conclusion
We hope this tutorial helped you understand how to use passwd
command in Linux.
If you have any queries, please leave a comment below, and we’ll be happy to respond to them for sure.