Linux user password information

How do I view my current user/password in bash?

I’m currently installing Bash on Ubuntu on Windows. I installed Bash and set up the user on normally. Everything worked fine, but I didn’t want to keep doing sudo with every command. I uninstalled then reinstalled ‘Bash on Ubuntu on Wwindows’ with

It saved the username, but not the previous password. I’m trying to view the current password for the user that I am using. How do I view the password to my user in Bash?

I don’t know if you can view the password. You can run sudo passwd yourusername to change it. If you don’t have sudo access, you can run as root with lxrun /setdefaultuser root

You can’t view your password, but why would you want to do that? What are you actually trying to accomplish? If you want to configure sudo not to ask for a password, that’s a different matter, it doesn’t require storing any password anywhere, you just configure it not to ask for the password. If that’s something specific to Linux-on-Windows then it’s probably something similar but I wouldn’t know.

3 Answers 3

You can’t actually, your password is hashed and is only a 1-way decoded.

To summarize it, just imagine each time you try to login, it will do something like

if hash('password') == currentHash; do grantAccess(); 

and each time you save a password, will do

hashedPass = hash('password'); writeOnShadowFile('hashedPass') 

This is by security standards of hashing avoid storing a real password, but instead storing the result of a function, and evaluating it on that way. Hashing functions are intended to do lot of the original value conversion with data loss, and due the data loss it will make almost impossible to know your original password.

You can easily change your password with usermod -p , or just passwd .

Источник

Linux – Reset password expiration, age and history

User management is an important part of Linux administration, so it’s essential to know about all the user accounts on a Linux system. Some common user administration tasks are to list users, disable a user account, or create and modify user accounts.

In this guide, we will be focusing on managing user passwords. It’s good security practice to force users to change their password every once in a while by setting passwords to expire. In the examples below, you’ll see how to reset a user’s password, set their password to expire (either instantly or in the future), and see the age of a user’s password. We’ll also see how password changes can be seen in log files, giving us some insight into user’s password change history.

In this tutorial you will learn:

• How to set a user’s password to expire
• How to see the age of a user’s password
• How to see password changes in log files

Software Requirements and Linux Command Line Conventions

Category	Requirements, Conventions or Software Version Used
System	Any Linux distro
Software	N/A
Other	Privileged access to your Linux system as root or via the sudo command.
Conventions	# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command $ – requires given linux commands to be executed as a regular non-privileged user

Set a user’s password to expire

As the root user, you can set a user’s password to expire by executing the passwd -e command. The following example will expire the password for user “linuxconfig”. Doing this will prompt the user to change their password the next time they try to login to the system.

$ sudo passwd -e linuxconfig

This will force the user to choose a new password. When we try to go back to our old password, you can see the “Password unchanged” error that we receive in the screenshot below.

If you don’t want the user’s password to expire right away (that is, as soon as the command above is executed), then we can use the chage command. Notice this command looks a lot like the word “change,” but be aware it’s not a typo and it really is chage without the “n.”

Add the -M option to your command, and specify the length of time, in days, when a user’s password should expire. The following example will make user “linuxconfig” password expire 30 days from now.

$ sudo chage -M 30 linuxconfig

We can also choose a day for the password to expire by using the -E option and specifying the date in a YYYY-MM-DD format. This command will force a user’s password to expire on January 15, 2023.

$ sudo chage -E 2023-01-15 linuxconfig

Use the -W option to warn a user that their password will soon expire. For example, this command will warn a user 7 days in advance that their password is going to expire.

$ sudo chage -W 7 linuxconfig

See the age of a user’s password

We can once again turn to the chage command when we wish to see information about the age of a user’s password. The -l option will list when a user’s password was last change, and when their password is set to expire.

See password changes in log files

Linux logs a lot of data, and password changes are no exception. Debian based systems such as Ubuntu will store password changes in the /var/log/auth.log file, and Red Hat based systems store this information in /var/log/secure . Use the following grep command to take a peek into the appropriate file.

$ grep -R -i passwd /var/log/auth.log

As you can see in the screenshot above, the log shows us when our “linuxconfig” user account had their password set to expire, and it also shows when the user’s password was changed.

Closing Thoughts

In this guide, we saw how to manage user account passwords on Linux by forcing a password to expire, setting it to expire in the future, seeing when the password was last changed, and viewing logs to see password changes. These should be all the commands you need to know in order to manage user account passwords and keep your system secure through regularly expiring passwords.

Related Linux Tutorials:

Comments and Discussions

Источник

Where to find password for users created in Ubuntu (16.04)

I’m new to Ubuntu. I have made two ordinary users on my Ubuntu and provided them with the same password. Now I want to check if the passwords are similar but I don’t know where to look for or what command to write in a terminal. Where do I find /etc/password ?.

1 Answer 1

There are two main files related to system user authentication: /etc/passwd and /etc/shadow . The actual user’s passwords are stored as hashed version in the shadow file. They are hashed by the crypt function. It is not possible to «decrypt» any password from the shadow file, because hashing is one way mechanism.

Most simply: When the user enters а password, it is processed and compared to the hashed password stored in the shadow file. But when one try to «decrypt» a password from the shadow file — there are over than thousands possible results.

/etc/passwd contains one line for each user account, with seven fields delimited by colons ( : ).

These fields are: 1. login name; 2. optional encrypted password; 3. UID; 4. GID; 5. user name or comment field; 6. user home directory; 7. optional user command interpreter.

The encrypted password field may be blank, in which case no password is required. However, some applications which read the /etc/passwd file may decide not to permit any access at all if the password field is blank.

If the password field is a lower-case x , then the encrypted password is actually stored in the shadow file instead; there must be a corresponding line in the /etc/shadow file, or else the user account is invalid. If the password field is any other string, then it will be treated as an encrypted password, as specified by crypt . (source: man passwd )

/etc/shadow — shadowed password file — is a file which contains the password information for the system’s accounts and optional aging information. Each line of this file contains 9 fields, separated by colons ( : ).

The fields are: 1. login name; 2. encrypted password — refer to crypt for details on how this string is interpreted; 3. date of last password change; 4. min password age; 5. max password age; 6. password warning period; 7. password inactivity period; 8. account expiration date; 9. reserved field. (source: man shadow ).

Источник

Linux passwd Command Tutorial

Linux provides the passwd command in order to manage password and related configurations. The passwd can be used for the current user and other users. In order to use passwd command for other users, the root privileges should be provided by logging in to the root or using the sudo command.

passwd Command Syntax

The passwd command has the following syntax.

• OPTION used to list or set different options. This is optional.
• USERNAME is the username which password information listed or set.

Display passwd Help

The passwd command help information can be displayed with the -h or –help option like below.

Change Current User Password

The most popular use case for the passwd command is changing the current user password. The current user can change his/her own password without extra privilege just running the passwd command like below.

$ passwd Changing password for ismail. Current password: New password: Retype new password: passwd: all authentication tokens updated successfully. 

During the password change with the passwd command, the security of the new password is checked in the background. If the password is not strong the new password not set and some warnings are provided to the user. If the password fails to pass password security check “BAD PASSWORD: The password fails the dictionary check – it is too simplistic/systematic” is displayed which simply means the password is too simple or includes systematic characters like “123456”, “abc” , “qaz” etc.

Change Another User Password

Another user password can be changed by using the passwd command. In order to change another user password, the current user should be the root user or provide the root privileges with the sudo command. Then the user we want to change the password should be provided after the passwd command. In the following example, we change the password of the user john.

Display Password Information

User password has some options or attributes like change date, minimum days before password etc. These password related information can be listed with the -S option like below.

ismail P 11/02/2020 0 99999 7 -1

Display Password Information for All Users

The password information about all users can be also listed by using the -a and -S options like below. Each user password information is listed in a new line. But this requires root privileges which can be provided with the sudo like below.

root P 12/04/2020 0 99999 7 -1 daemon L 10/22/2020 0 99999 7 -1 bin L 10/22/2020 0 99999 7 -1 . gnome-initial-setup L 10/22/2020 0 99999 7 -1 gdm L 10/22/2020 0 99999 7 -1 ismail P 11/02/2020 0 99999 7 -1 systemd-coredump L 11/02/2020 -1 -1 -1 -1 lightdm L 11/02/2020 0 99999 7 -1 xrdp L 11/28/2020 0 99999 7 -1 ali P 11/28/2020 0 99999 7 -1 ahmet P 11/28/2020 0 99999 7 -1 mysql L 12/04/2020 0 99999 7 -1 sshd L 12/08/2020 0 99999 7 -1 sddm L 01/20/2021 0 99999 7 -1

Remove User Password

The passwd command can be used to remove user password. Removing the user password disables the user account automatically and the user can not login via SSH or GUI.

Expire User Password Immediately and Force Password Change

When the user password expired the user is forced to update password during first login via command line interface, SSH or GUI. The defualt password expire value is 99999 days which is not realistic. We can expire the user password and force user to update password immediately by using the passwd command with the -S option.

Lock User Password

The user password can be locked. Locking a user password prevents user from changing his/her password. The -l option is used with the passwd command to lock password.

Unlock User Password

The locked password can be unlocked with the -u option like below.

Set Inactive Days

When the user password expired the user should change his/her password. If we want to expire the user account if the user do not login after the password expire we can use the -i option and specify the day count. This is very useful for user accounts those do not actively used and should be locked.

Set Minimum Days To Change Password

We can set the minimum days to change password. After specified days the user has to change passwords.

Set Warning Days Before Password Expire

Before the password change day comes we can show warnings to the user to informat that the password will expire at the sepcified date. We can set the days to show warning before the password expire.

Источник