- How to Change or Set User Password in Linux
- Changing a User Password in Linux
- Managing Linux Users with the passwd Command
- Remove User Password in Linux
- Lock User Password in Linux
- Unlock User Password in Linux
- Force User to Change Password in Linux
- Managing Linux users with the passwd command
- Linux security
- The passwd command
- Options
- Wrap up
- How To Change Passwords in Linux
- How to Change your Password in Linux
- Change Another User’s Password
- Force a Password Reset
- Exploring the passwd Command
- Stay on the Cutting Edge
How to Change or Set User Password in Linux
As a regular user, you have a password that safeguards your account, and this account contains all your personal settings and files and therefore requires important protection.
Hence, it is a good practice to change your password consistently to decrease the possibility that someone else gets to recognize your password and can use your credentials to authenticate.
When changing a user password, make sure it meets the following minimal requirements:
- A password must be strong: at least six or eight characters or more is better.
- Make sure to use complex passwords by mixing letters, numbers, and other characters to make the password as hard to guess as possible.
- Use upper and lowercase letters to make the password harder to crack by an attacker.
- Make sure to avoid using any dictionary word as a password, because attackers use a brute-force password cracker to scan the whole contents of a dictionary, and if your password is in the dictionary, they can easily crack it.
Changing a User Password in Linux
Changing a user password is not that hard, just use the passwd command to change the password of your own account (it could be a root user or regular user).
Now, you need to enter your old password, as this is to prevent others from changing your password. Next, you need to enter the new password twice and make sure that your password meets the complexity rules as explained above; else, it will not be changed.
If you are logged in as a root user, you can change the password of other system users by typing the passwd command followed by the name of the user whose password you want to change.
It won’t prompt you for the old password, since you are logged in as a root user, you should be able to change the user’s passwords without knowing the old password.
Managing Linux Users with the passwd Command
There are other useful options that you can use while changing a user’s password and they are:
Remove User Password in Linux
Use the -d argument to remove the password for the specified user account.
Lock User Password in Linux
Use the -l argument to lock the password for a user account if it is not used for a given period of time.
Unlock User Password in Linux
Use the -u argument to unlock the user password that has been locked with -l option.
Force User to Change Password in Linux
Use the -e argument to force the user to change the password during the next login attempt.
The passwd command is pretty useful to manage system users on your Linux system. It manipulates the user entries in the /etc/passwd file, and the system administrator must have this as a toolkit.
Managing Linux users with the passwd command
Linux authentication is primarily handled with passwords and public keys. Find out how the passwd command fits into the user management process.
Unix-like operating systems. including Linux, were developed right from the start as preemptive multitasking and multi-user systems.
Multitasking refers to an operating system in which multiple processes, also called tasks, can execute (i.e., run) on a single computer seemingly simultaneously and without interfering with each other. Each process has the illusion that it is the only process on the computer and that it has exclusive access to all the services of the operating system.
Linux is multi-user because it allows multiple people to use a computer and not affect each other’s files, processes, preferences, etc.
Because there could be multiple users on the system, it is, therefore, necessary to manage their authentication. Authentication is primarily handled with passwords and public keys. One of the many tools available we use to set up passwords is the passwd command.
Linux security
The passwd command
The passwd command changes passwords for user accounts. A normal user may only change the password for their own account, while the superuser may change the password for any account. passwd also changes the account or associated password validity period. This task is achieved through calls to the Linux-PAM and libuser API.
In this article, I am assuming there are already users created on the system with useradd or some other command.
We can see users created on the system with this command:
[root@server ~]# cat /etc/passwd
Use the man page as a reference for passwd . As with all Linux commands, there is a synopsis, which details how the command is used. The man page synopsis for passwd is as below:
passwd [options] [LOGIN] Running the passwd command without any argument will ask for a change of password for the user logged in.
Options
Here is an explanation of some of the options for the passwd command:
The -S option displays the status of user account password settings.
# passwd -S evans evans PS 2020-09-07 0 99999 7 -1 (Password set, SHA512 crypt.)
The output above shows the account evans was created on 7th September 2020 and has a password set with SHA512 encryption.
The -l option is used to lock the password of a specified account, and it is available to root only. The result is that the user cannot use the password to log in to the system but can use other means such as SSH public key authentication.
This option will unlock the password. This option works for an account that already has the password locked.
This is a quick way to delete a password for an account.
This is a quick way to expire a password for an account. The user will be forced to change the password during the next login attempt.
This sets the number of days before a password can be changed. By default, a value of zero is set, which indicates that the user may change their password at any time.
This means user2 cannot change its own password until 10 days have passed.
To confirm the password setting made with the -n option above, run the following command:
# passwd -S user1 user1 PS 2020-12-04 10 99999 7 -1 (Password set, SHA512 crypt.)
The value of 10 after the date indicates the minimum number of days until the password can be changed.
Set the maximum number of days a password remains valid. After MAX_DAYS, the password is required to be changed.
This means after 90 days, the password is required to be changed.
Confirm the setting with passwd -S user1
[root@server ~]# passwd -S user1 user1 PS 2020-12-04 10 90 7 -1 (Password set, SHA512 crypt.)
The value of 90 after 10 indicates the maximum password lifetime.
This will set the number of days in advance the user will begin receiving warnings that the password will expire.
This means the user will receive warnings that the password will expire 7 days before the expiration.
This option is used to disable an account after the password has been expired for a number of days. After a user account has had an expired password for INACTIVE days, the user may no longer sign on to the account.
This means after a user account has had an expired password for 5 days, the user may no longer sign on to the account.
This option indicates that passwd should read the new password from standard input, which can be a pipe.
# echo "userpasswd1"|passwd --stdin user1
This command will read from the echo command and pass it to the passwd command. So this will set the user1 password to userpasswd1.
Wrap up
The passwd command is quite popular to manage user accounts on your Linux system. It manipulates some of the entries in the /etc/passwd file, and the sysadmin should have this in his toolbox.
How To Change Passwords in Linux
Passwords are one of the most important aspects of computing. They keep our bank accounts, user profiles and computers safe (as long as we don’t reuse passwords). Just to log into our computers, most of us need a password and, for Linux, this is even more important.
Managing passwords via the terminal is relatively simple. Users can change their own passwords and users belonging to the sudo (super user) account can administrate the passwords of other users.
In this how-to we’ll learn the basics of passwd, a command designed to manage passwords. We will also learn a few advanced arguments for this command, arguments which will enhance its use and make our lives easier.
These commands will work on most Linux machines. Our test PC ran Kubuntu 21.10 but you can also run through this how-to on a Raspberry Pi. All of the how-to is performed via the Terminal.
How to Change your Password in Linux
Any user can change their password at any time. It is good practice to frequently change your password, and to not reuse or rotate passwords.
1. Open a terminal.
2. Type in the passwd command to start the password change process. Passwd may look like a spelling mistake, but it is the command to work with passwords on the terminal.
3. Type in your current password and press Enter.
4. Type in your new password, press Enter. Then type it in again to confirm that it is correct. Note that Linux will not echo (print) the password to the screen, nor will it show any asterisk indicating password length.
Change Another User’s Password
If you are an administrator of many users, there will come a time where a user forgets their password and it will fall to you, or someone with sudo privileges to reset their password.
To change another user’s password we use the same command, but specify the user’s name.
1. Open a terminal.
2. Type in the passwd command along with the user name. To use this command you will either need to be root, or be part of the “sudo” group. In the code example we assume that you are in the sudo group.
3. Change the user’s password, and confirm the change.
Force a Password Reset
You’ve heard that one of your users has been reusing their passwords; this is bad. So let’s give them a chance to change their password. Using the -e argument we can enforce a password reset by expiring their password.
1. Open a terminal.
2. Type in the command and pass the -e argument to expire Tom’s password.
When Tom next logs in, the system will force Tom to change their password. Here we have simulated Tom logging in by using the “su” command to switch our user to Tom.
There may come a time when a user account will need to be temporarily locked, preventing them from logging in. For this we can use the -l argument to lock the account. Here we are locking Tom out of their account.
1. Open a terminal.
2. Use the command with the -l argument to lock Tom’s account.
When Tom next tries to login, their password is rejected and they receive an authentication error. Here we again simulate it using su to switch users.
3. To unlock Tom’s account we use the -u switch.
Exploring the passwd Command
The passwd command has a number of useful arguments (parameters) that we can pass when using the command. Here are some examples.
Checking the status of a user’s password is a useful tool for system administrators when it comes to audits and housekeeping. Here our test account, Tom, is audited.
Open a terminal and run the command with the -S switch. This will show the status of the account.
The output is formatted to show
The username
Password status Locked (L), No Password (NP), Password (P)
Date of last password change
Minimum password age
Maximum password age
Warning period (the number of days given to the user to change their password before it expires)
Inactivity period (number of days after a password expires before it is locked)
If we wanted to set the number of days for Tom’s warning period to 14 days, we would use this command.
If you want to list the password status for all users, then the -a switch is just the thing. This switch is used with -S to list the status of every user, even the users that you never knew existed. These extra users are used for specific tasks, such as printers and networking.
Here we can see all the users on our test machine, but the two “real” users are Les and Tom.
Stay on the Cutting Edge
Join the experts who read Tom’s Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We’ll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Les Pounder is an associate editor at Tom’s Hardware. He is a creative technologist and for seven years has created projects to educate and inspire minds both young and old. He has worked with the Raspberry Pi Foundation to write and deliver their teacher training program «Picademy».