Linux passwd Command Tutorial for Beginners (8 Examples)
On this page
- Linux passwd command
- Q1. How to use passwd?
- Q2. How to make an account password-less?
- Q3. How to forcibly expire a password?
- Q4. How to disable an account if password remains expired?
- Q5. How to set a time gap between password changes?
- Q6. How to make passwd display account status info?
- Q7. How to set password validity period?
- Q8. How to make passwd warn users about due password change?
- Conclusion
As a Linux command line user, you should be aware of utilities that help you with user-account management. Once such tool is passwd, which lets you change your account password. In this tutorial, we will discuss the basics of this command using some easy to understand examples.
But before we do that, it's worth mentioning that all examples in this tutorial have been tested on an Ubuntu 16.04 LTS machine.
Linux passwd command
As already mentioned in the beginning, the passwd command lets users change their account password. Following is its syntax:
passwd [options] [LOGIN]
And here's how the man page describes it:
The passwd command changes passwords for user accounts. A normal user
may only change the password for his/her own account, while the
superuser may change the password for any account. passwd also changes
the account or associated password validity period.
Following are some Q&A-styled examples that should give you a good idea on how this command works.
Q1. How to use passwd?
Basic usage is simple - just execute the passwd command sans any option/input.
passwd
Following is some useful information that you need to know about passwd's operation:
The user is first prompted for his/her old password, if one is present.
This password is then encrypted and compared against the stored
password. The user has only one chance to enter the correct password.
The superuser is permitted to bypass this step so that forgotten
passwords may be changed.
After the password has been entered, password aging information is
checked to see if the user is permitted to change the password at this
time. If not, passwd refuses to change the password and exits.
The user is then prompted twice for a replacement password. The second
entry is compared against the first and both are required to match in
order for the password to be changed.
Then, the password is tested for complexity. As a general guideline,
passwords should consist of 6 to 8 characters including one or more
characters from each of the following sets:
· lower case alphabetics
· digits 0 thru 9
· punctuation marks
Care must be taken not to include the system default erase or kill
characters. passwd will reject any password which is not suitably
complex.
For example, in my case, here's how I changed the passwd:
Please note that in case you have superuser privileges (or are a system admin), you can change any account's password by just mentioning the username of the account. For example:
passwd himanshu
Q2. How to make an account password-less?
The passwd command also lets you delete a password associated with a user account. For this, you need to use the -d command line option.
passwd -d
So this is basically a quick way to disable password for an account, essentially making it password-less.
Q3. How to forcibly expire a password?
Sometimes the system admin may want a user to change their password immediately. So in that case, they may use the -e command line option which results in immediate expiry of the password, forcing user to change their password on the very next login.
passwd -e
Q4. How to disable an account if password remains expired?
The passwd command also lets you deal with situations where-in user doesn't take any action even after their password is expired. Basically, the tool lets you disable the account altogether in case password remains expired for a set number of days. This you can do using the -i command line option, which requires a number as input.
For example:
passwd -i 5
So this command will make sure the account is disabled if the password remains expired for 5 days.
Q5. How to set a time gap between password changes?
The passwd command also allows you to set a minimum time gap between password changes. This is made possible through the -n command line option, which requires a numeric value that's treated as number of days.
For example:
passwd -n 10
This command makes sure there's a gap of 10 days between any two password changes. It's worth mentioning that a value of 0 indicates that the user may change his/her password at any time.
Q6. How to make passwd display account status info?
This you can do using the -S command line option.
Here's how the official documentation explains these fields:
Display account status information. The status information consists
of 7 fields. The first field is the user's login name. The second
field indicates if the user account has a locked password (L), has
no password (NP), or has a usable password (P). The third field
gives the date of the last password change. The next four fields
are the minimum age, maximum age, warning period, and inactivity
period for the password. These ages are expressed in days.
Q7. How to set password validity period?
The passwd command allows you to do this through its -x option, which requires a number representing the maximum number of days a password remains valid.
For example:
passwd -x 100
Q8. How to make passwd warn users about due password change?
This can be done using the -w command line option, which requires a number as input, which is nothing but number of days prior to the password expiring that a user will be warned that his/her password is about to expire.
For example:
passwd -w 7
Conclusion
So you can see passwd is a very important tool that you should be aware of regardless of the type of user you are (newbie or pro). Here, in this tutorial, we have discussed several key features of passwd. Practice these, and once you're done, head to the tool's man page to know more about it.