1. Overview
In Linux, the passwd command allows us to change and manage user passwords. Furthermore, it enables us to maintain security on our system by allowing administrators to manage user accounts and their corresponding passwords.
In this tutorial, we’ll discuss the passwd command along with some of its options.
2. Basic Usage
The passwd command uses a basic syntax:
$ passwd [options] [username]
Let’s break it down:
- [options] – represents optional flags used to change the behavior of the passwd command
- [username] – specifies the user whose password we want to change
To demonstrate, let’s explore the basic functions of this command.
2.1. Changing Our Password
To change our password, we run the passwd command without any additional arguments:
$ passwd
Changing password for samuel.
Current password:
New password:
Retype new password:
passwd: password updated successfully
Above, we change the password of the current user samuel. The command prompts us to enter our current password to verify our identity. Next, we enter the new password, and retype it for confirmation. Once the passwords match, we get a message confirming the password was updated successfully. For security reasons, when we type the password, it isn’t displayed on the screen.
2.2. Changing Another User’s Password
To change another user’s password, we need to have superuser privileges and ensure the user account already exists on our system:
$ sudo passwd daniel
[sudo] password for samuel:
New password:
Retype new password:
passwd: password updated successfully
In the example above, we use sudo to change the password of user daniel. First, we’re prompted to enter our password to authenticate the sudo command. Next, we enter the new password for user daniel, and retype the new password to confirm it. If the passwords match, we get a confirmation message indicating we’ve successfully updated the password.
3. Advanced Usage
Let’s discuss using the passwd command with various options to perform more complex tasks. Notably, we need to have superuser privileges to perform these tasks.
3.1. Locking and Unlocking User Accounts
We can lock a specific user’s account and prevent them from logging into the system:
$ sudo passwd -l daniel
[sudo] password for samuel:
passwd: password expiry information changed.
In the example above, we use the -l option to lock the password for the user daniel. To clarify, locking user accounts does not delete their data.
On the other hand, to unlock a user’s account, we use the -u option:
$ sudo passwd -u daniel
passwd: password expiry information changed.
Using the above command, we unlock the user account daniel, allowing the user to log into the system using their password.
3.2. Expiring a User’s Password
We can expire a user’s password and make them change their password the next time they log in:
$ sudo passwd -e daniel
[sudo] password for samuel:
passwd: password expiry information changed.
Here, we use the -e option to set the password expiration date for the user daniel to the current date. So, when the user tries to log into their account, the system detects their password has expired and prompts them to change it.
3.3. Deleting a User’s Password
Let’s delete a specific user’s password:
$ sudo passwd -d daniel
[sudo] password for samuel:
passwd: password expiry information changed.
Above, we use the -d option to delete the password for the user account daniel. This is a risky option because it allows anyone with access to the login interface to log in as that user.
3.4. Viewing Password Status Information
Using the -S option, we can view the current status of a user’s password:
$ passwd -S
samuel P 05/21/2024 0 88888 7 -1
Let’s understand the above output:
- P – specifies user samuel has a password set
- 05/21/2024 – represents the date the password was last changed
- 0 – specifies the minimum number of days required between password changes
- 88888 – indicates the maximum number of days the password is valid
- 7 – represents the number of days that the user begins receiving a warning to change their password before it expires
- -1 – specifies the number of days after the password expires that the account will be disabled
Above, we display the password status of the current user samuel.
Next, let’s display the password status of another user:
$ sudo passwd -S daniel
[sudo] password for samuel:
daniel P 05/30/2024 0 99999 7 -1
Here, we display the password status of user daniel.
3.5. Setting Password Expiry Information
By setting password expiry information, we maintain the security and integrity of a user account. In addition, there are several options we can use to set the password expiry information.
First, let’s set the maximum number of days a user can use a password before they change it. We’ll use the -x option:
$ sudo passwd -x 60 daniel
passwd: password expiry information changed.
The command above sets the password for user daniel to expire in 60 days, after which the user will need to change it.
Second, using the -n option, let’s set the minimum number of days that must pass before the user can change their password again:
$ sudo passwd -n 7 daniel
passwd: password expiry information changed.
Above, we set the minimum number of days between password changes for the user daniel to 7 days. So, after the user changes their password, they won’t be able to change it again for seven days.
Now, let’s set the number of days the user will be warned before their password expires by using the -w option:
$ sudo passwd -w 14 daniel
passwd: password expiry information changed.
Here, we set the user daniel to start receiving warnings 14 days before his password expires.
Next, using the -i option, we’ll set the number of days a user’s account will be locked due to inactivity after their password expires:
$ sudo passwd -i 18 daniel
passwd: password expiry information changed.
In the example above, we set the user daniel‘s account to be locked if his password is not changed within 18 days after it expires.
Finally, let’s combine the above options:
$ sudo passwd -x 60 -n 7 -w 14 -i 18 daniel
passwd: password expiry information changed.
Above, we combine the options in a single passwd command.
4. Conclusion
In this article, we explored how to manage and change user passwords using the passwd command. Furthermore, we looked at how to use different options to modify a user’s password information.