Passwords are used to authenticate users or different entities in order to access some services, resources, or operating systems. As a secure and modern operating system, Linux provides passwords for a long time from its startup. Even though some Linux distributions provide passwordless login for a better and easy user experience it is not recommended for security reasons. Linux passwords can be managed with different actions like changing a user password, changing another user’s password, forcing a password reset, locking a password, unlocking a password, checking password security, etc.
Password File Location
Linux and Unix operating systems stores the passwords in the
/etc/shadow file in an encrypted way. The users and related information is stored in the
/etc/passwd file without any password information. The operating system looks at and checks the provided passwords via the /etc/shadow file.
Change User Password
One of the most used operations is changing the current user password. There are different ways like GUI, command-line interface, or 3rd party tools. In the following example, we use the
passwd . Just running the passwd command without any parameter or option changes the current user password. First, the current password is asked and then a new password is asked two times for confirmation and to prevent mistyping-related errors.
If the provided password is updated successfully the “passwd: password updated successfully” message is printed into the terminal like above.
During the password selection, the security of the password is very important. Well-known strings shouldn’t be used as passwords by merging different characters, terms, and words in an unpredictable way. Use at least 10 or 14 characters in the password with the following character types.
- Lower case
- Upper case
- Special punctuation characters
Change Another User Password
By default, the passwd command is used to change the current user password but can be also used to change another user’s password. In order to change another user’s password, we should provide root privileges by using the
sudo command and provide the username.
$ sudo passwd ahmet
Change Root Password
root is also a user with a password. We can use the passwd command in order to change the root password. If we are currently root users just running following comman changes root password.
Alternatively, if we are not root users currently we can use the
su command in order to become the root and then change the root password. Keep in mind that the su command requests the current root password to become root.
Another alternative to changing root password is using the sudo command with the passwd command by providing the root username. We can use the following command to change the root user password as another user.
$ sudo passwd root
Force User Password Reset
Linux password management provides a password change or resets function but it is generally not applied. We can force the user to the password reset. When the user is forced for the password reset the next time the user login he/she is asked to change the password. The
-e option is provided to the passwd command with the user we want to force to reset the password. Keep in mind that this commands requires the user to change the password immediately in the next login. There is no waiting period t change the password. Do not use this for service accounts as they try to authenticate periodically in a non-interactive way.
$ sudo passwd -e ahmet
A user account or password can be locked with the passwd command by providing the user name and
-l option. The user account is not removed or deleted and only becomes inactive unless unlocked.
$ sudo passwd -l ahmet
Already locked accounts can be unlocked via the passwd command. The
-u option is provided to the passwd command in order to unlock or activate an existing account.
$ sudo passwd -u ahmet