Linux user password command

Linux passwd command

On Unix-like operating systems, the passwd command is used to change the password of a user account. A normal user can run passwd to change their password, and a system administrator (the superuser) can use passwd to change another user’s password, or define how that account’s password can be used or changed.

This page covers the Linux version of passwd.

Description

The passwd command changes passwords for user accounts. A normal user can only change the password for their account, but the superuser can change the password for any account. passwd can also change or reset the account’s validity period — how much time can pass before the password expires and must be changed.

Before a normal user can change their password, they must first enter their current password for verification. (The superuser can bypass this step when changing another user’s password.)

After the current password is verified, passwd checks to see if the user is allowed to change their password at this time. If not, passwd refuses to continue, and exits.

Otherwise, the user is then prompted twice for a replacement password. Both entries must match for passwd to continue.

Next, the password is tested for complexity. As a general guideline, passwords should consist of at least 6 characters, including one or more of each of the following:

Syntax

passwd [OPTION] [USER]

Options

The following options change the way passwd operates:

Note that this does not disable the account. The user may still be able to log in using another authentication method (an SSH key, for example). To disable the account, the superuser can use the usermod command with the option —expiredate 1. This option sets the account’s expiration date to a date in the past — namely Jan 2, 1970.

1. The user’s login name
2. password usability: L if the account has a locked password, NP if the account has no password, or P if the account has a usable password
3. date of the last password change
4. minimum password age
5. maximum password age
6. password warning period
7. password inactivity period

Notes

Password complexity varies depending on the system. Consult your operating system documentation for default complexity rules and how to change them.

On systems that use NIS (Network Information Services), users may not be able to change their password if they are not logged in to the NIS server.

Files used by passwd

/etc/passwd	User account information.
/etc/shadow	Secure user account information.
/etc/pam.d/passwd	PAM configuration for passwd.

Examples

Change your password

Running passwd with no options changes the password of the account running the command. You will first be prompted to enter the account’s current password:

If it is correct, you’ll be asked to enter a new password:

. and to enter the same password again, to verify it:

If the passwords match, the password will be changed.

Change another user’s password

If you have superuser privileges, you can change another user’s password. Here, we prefix the command with sudo to run as the superuser. This command changes the password for user jeff. You are not prompted for jeff‘s current password.

Change your password without knowing your current password

If you need to change your password because you forgot it, you need to log in to the root account. To do this, you need to know the password for user root.

Let’s say your username is sally, and you can’t remember your password. However, you have administrator access to the system: you can log in as root, using the password for that account. Log in as root, and then from the command line, run:

But what if you forgot the password for root as well? In this case, you need to log in to the machine in single-user mode, also known as runlevel 1. This cannot be done over the network, so you need physical access to the machine to boot into this runlevel.

Reboot the machine. When it is booting up, you should be presented with a bootloader menu. On many systems, such as Debian or Ubuntu, the boot menu will include an option for «Recovery Mode» or «Single User Mode» (as in the image below). Select this boot option.

This option boots you into a text-only mode, and log you in as root.

If you need to mount /, do so:

Now change sally‘s password:

When you’re done, reboot your system:

Start the system normally, and you should be able to log in as sally with the new password.

Additional examples

Check the status of the password for the user named ted. Output resembles the following:

ted P 05/13/2014 2 365 7 28

Here, we see the user’s name (ted), followed by a P, indicating that his password is currently valid and usable. The password will expire on May 5, 2014. Ted cannot change his password more often than every 2 days, and must change the password every 365 days. He will be warned 7 days before a required password change, and if he allows his password to expire, his account will be disabled 28 days later.

Similar to the above command, but checks the password status for all user accounts, system-wide.

Lock the password for user jane. She cannot to log in until a system administrator unlocks it.

Unlock jane‘s password. It automatically resets to whatever it was before it was locked, and she can log in again.

Expire alan‘s password. The next time he logs in, he will be required to set a new password.

Related commands

chfn — Change a user’s finger information.
finger — List information about a user.
login — Begin a session on a system.
nispasswd — Change NIS+ password information.
nistbladm — Administer NIS+ tables.
useradd — Add a user to the system.
vipw — Safely edit the password file.
yppasswd — Change a network password in an NIS database.

Источник

How To Use The Passwd Command In Linux

The passwd command modifies passwords for user accounts and manages the password validity period. This is a must-know utility for user account administration.

This article shows examples of how to use the passwd command in Linux, along with all the available options.

Note: To check if you have sudo privileges, type sudo whoami in the terminal.

passwd Command in Linux With Examples

Using the passwd command, a superuser changes and modifies settings for any user. Regular users are only allowed to change their own password.

The terminal prints out what user you are changing the password for. Type your current password, and then define and confirm your new password.

Any password that does not meet basic requirements is rejected and a user must re-enter a new password. Using a strong password is an important security aspect, and it helps prevent brute force attacks.

See Password Status Info

Using passwd with the —status option displays all the information about a password and the validity periods. The shorter version is -S :

Check another user’s password status by entering:

The password status has seven fields:

1. A user’s login name.
2. Whether a user has a locked password (L), no password (NP), or a password (P).
3. Date of last password change.
4. Minimum password age.
5. Maximum password age.
6. Warning period for password change.
7. Inactivity period for the password change.

The last three fields are in days.

See Password Status Info for All the Accounts

Check the status info for all accounts using passwd with the sudo command with the -S and -a options, or the extended version —all :

Note: You can create a sudo user and assign elevated permissions. Make sure it’s a trusted user.

Change a User Password

To change a specific user’s password, run the passwd command with sudo privileges and the account you wish to update:

This option comes in handy if a user has forgotten their password.

Note: Reset or change the sudo or root password in case you forget it.

Delete User Password

If a user has a password and you need to remove it, use:

When you check the password status, it changes the second field from P to NP:

The passwd —delete and passwd -d commands are a quick way to disable a password for an account.

Expire Account Password

To force expire a password use the —expire or -e options with the passwd command:

When you check the status, the date of the last password change is now 01/01/1970. The next time this user logs in, they must change their password.

Set Number of Days After the Password Expires and the Account Deactivates

An account can automatically deactivate after its password has expired and not changed for a certain number of days. Use the -i or —inactive option and set the number of days as an integer:

The last number in the status changes to the number of days you set for that user.

Set the Minimum Number of Days Between Password Changes

To change the minimum number of days between password changes, use the —mindays or -n option with the number of days as an integer:

In the status report for that user, the set number appears after the date.

Set the Maximum Number of Days for Which the Password Remains Valid

To change the maximum number of days between password changes, use the —maxdays or -x option with the number of days as an integer:

The status of that user shows that maximum number of days for the password validity has changed.

Change the Expired Password

Once a password expires, a prompt appears during next login to change the password. Enter the old password and then a new one twice for confirmation. In this example, the expiry was root enforced:

Note: In this example, the su command switches to the user account, but use the sudo command if possible. Read about the difference between sudo and su.

Display the Warning for Expiring Password

The warning period message displays for expiring passwords. Use the option —warndays or -w to set how many days before the expiry the warning appears:

Lock the Password

Locking a password makes the user unable to log in using their password. However, they are still able to log in using other authentication methods. To lock a password, use:

The password status for that user changes to L. In the example below, it changes from P to L:

Unlock the Password of an Account

To unlock a password for a locked account (L), use the —unlock or -u option:

The password status changes from locked (L) to the previous state of the password for the account, allowing the user to log in regularly.

Use the Quiet Mode

Quiet mode hides the “Changing the password for ” message:

The password status changes from locked (L) to the previous state of the password for the account, allowing the user to log in regularly.

The passwd -q command is useful when you do not want to display the username you are changing the password for on your screen.

Note: When you need to update passwords of multiple users, use the chpasswd command.

Change Password for Repository Named “Repo”

For more advanced usage, the /etc/nsswitch.conf file specifies the repositories where the password changes happen. Specify the repository with the command:

Change the Root Directory for the passwd Command Process

The passwd command process runs from the default root directory. Modify the root directory by running the —root option:

Or the -R option:

You need to set a password for root for the information update.

See All passwd Commands

There are numerous commands to use with the passwd tool. List all the options if you forget any by running:

A list of all the options along with a short description prints out:

The passwd command is vital for managing account security, both for an individual user and a system administrator. Automating password validity periods is convenient and easily configurable.

If you find it hard to keep track of all the different passwords and changes, there are many enterprise solutions for password management.

Milica Dancuk is a technical writer at phoenixNAP who is passionate about programming. Her background in Electrical Engineering and Computing combined with her teaching experience give her the ability to easily explain complex technical concepts through her content.

Speed up connecting to remote servers by enabling passwordless SSH login via public key authentication.

Are you looking to change the root password in Ubuntu? Changing passwords is a good practice and should be.

In Linux, root privileges (or root access) refers to a user account that has full access to all files.

MySQL is a database management system. It’s operated under the Open Source software model and has become a.

Источник