How to Manage Account Password in Linux

There are a few Linux commands you should be familiar with in order to manage account passwords effectively. Knowing how to set a password for a user, enforce expiration policies, and obtain information on user accounts is an important part of securing your multi-user Linux system. In this article, we'll cover some of the handiest password management commands.

How to change your password

The most essential command you'll need to know is the passwd command. Even if you don't have root privileges on a Linux system, you can still change your own account's password with the passwd command - unless, of course, you are locked out of the account because you forgot your password.

$ passwd

You'll be required to enter your new password twice.

How to change an account's password

If you have root privileges, you can use the passwd command to change any account's password on the system. This is a common task for Linux administrators, as you need to run the passwd command whenever you add a new user to the system. Until you do, the user isn't able to login.

To add a new user to your system:

$ sudo useradd newuser

After adding a user to the system, or whenever you need to reset a user's password, run the passwd command followed by the username of the account you wish to edit.

$ sudo passwd newuser

How to change root account's password

The root password is changed in the same manner as a normal account's password. You can either login to the root account and run the passwd command:

# passwd

Or use sudo but specify root as the user you wish to change:

$ sudo passwd root

Force a user to change their password

You can force a user to change their password the next time they login with the -e option of the passwd command.

# passwd -e newuser

When the user (newuser in our example) logs in again, the system will ask them to create a new password before allowing them to continue.

How to lock and unlock an account

If a time comes when you need to lock a user's account - whether temporarily or permanently - you can use the -l (lock) option of the passwd command to achieve this.

# passwd -l newuser

Locking an account will disable it entirely, even if someone tries to login with the correct password. To restore functionality to the account, simply issue the same command with a -u (unlock) flag instead:

# passwd -u newuser

See account information with finger

The finger command provides a handy way (pun intended) to see account info. However, it may not be installed by default on your system. To install it on Ubuntu, run the following command:

$ sudo apt install finger

Use the utility by simply typing finger and the account you wish to see information on:

# finger newuser

The output from finger can tell you a user's name, the path to their home directory, and their default shell, among other information.

Use chage to manage password expiration settings

The chage command can be used to see the last time a user's account password was changed and when it's set to expire. Use the -l option to see this information:

# chage -l newuser

You can also set a date for a password to expire. There are a few options for doing this, but one such way is with the -M flag. For example, to make a password expire in 90 days:

# chage -M 90 newuser
Share this page:

Suggested articles

0 Comment(s)

Add comment