How to Manage Account Password in Linux
There are a few Linux commands you should be familiar with in order to manage account passwords effectively. Knowing how to set a password for a user, enforce expiration policies, and obtain information on user accounts is an important part of securing your multi-user Linux system. In this article, we'll cover some of the handiest password management commands.
How to change your password
The most essential command you'll need to know is the passwd command. Even if you don't have root privileges on a Linux system, you can still change your own account's password with the passwd command - unless, of course, you are locked out of the account because you forgot your password.
You'll be required to enter your new password twice.
How to change an account's password
If you have root privileges, you can use the passwd command to change any account's password on the system. This is a common task for Linux administrators, as you need to run the passwd command whenever you add a new user to the system. Until you do, the user isn't able to login.
To add a new user to your system:
$ sudo useradd newuser
After adding a user to the system, or whenever you need to reset a user's password, run the passwd command followed by the username of the account you wish to edit.
$ sudo passwd newuser
How to change root account's password
The root password is changed in the same manner as a normal account's password. You can either login to the root account and run the passwd command:
Or use sudo but specify root as the user you wish to change:
$ sudo passwd root
Force a user to change their password
You can force a user to change their password the next time they login with the -e option of the passwd command.
# passwd -e newuser
When the user (newuser in our example) logs in again, the system will ask them to create a new password before allowing them to continue.
How to lock and unlock an account
If a time comes when you need to lock a user's account - whether temporarily or permanently - you can use the -l (lock) option of the passwd command to achieve this.
# passwd -l newuser
Locking an account will disable it entirely, even if someone tries to login with the correct password. To restore functionality to the account, simply issue the same command with a -u (unlock) flag instead:
# passwd -u newuser
See account information with finger
The finger command provides a handy way (pun intended) to see account info. However, it may not be installed by default on your system. To install it on Ubuntu, run the following command:
$ sudo apt install finger
Use the utility by simply typing finger and the account you wish to see information on:
# finger newuser
The output from finger can tell you a user's name, the path to their home directory, and their default shell, among other information.
Use chage to manage password expiration settings
The chage command can be used to see the last time a user's account password was changed and when it's set to expire. Use the -l option to see this information:
# chage -l newuser
You can also set a date for a password to expire. There are a few options for doing this, but one such way is with the -M flag. For example, to make a password expire in 90 days:
# chage -M 90 newuser