Linux passwd Command Tutorial

Linux provides the passwd command in order to manage password and related configurations. The passwd can be used for the current user and other users. In order to use passwd command for other users, the root privileges should be provided by logging in to the root or using the sudo command.

passwd Command Syntax

The passwd command has the following syntax.

passwd OPTION USERNAME
  • OPTION used to list or set different options. This is optional.
  • USERNAME is the username which password information listed or set.

Display passwd Help

The passwd command help information can be displayed with the -h or –help option like below.

passwd -h

OR

passwd --help
Display passwd Help

Change Current User Password

The most popular use case for the passwd command is changing the current user password. The current user can change his/her own password without extra privilege just running the passwd command like below.

$ passwd
Changing password for ismail.
Current password: 
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.

During the password change with the passwd command, the security of the new password is checked in the background. If the password is not strong the new password not set and some warnings are provided to the user. If the password fails to pass password security check “BAD PASSWORD: The password fails the dictionary check – it is too simplistic/systematic” is displayed which simply means the password is too simple or includes systematic characters like “123456”, “abc” , “qaz” etc.

Change Another User Password

Another user password can be changed by using the passwd command. In order to change another user password, the current user should be the root user or provide the root privileges with the sudo command. Then the user we want to change the password should be provided after the passwd command. In the following example, we change the password of the user john.

sudo passwd john

Display Password Information

User password has some options or attributes like change date, minimum days before password etc. These password related information can be listed with the -S option like below.

passwd -S ismail
ismail P 11/02/2020 0 99999 7 -1

Display Password Information for All Users

The password information about all users can be also listed by using the -a and -S options like below. Each user password information is listed in a new line. But this requires root privileges which can be provided with the sudo like below.

sudo passwd -Sa
root P 12/04/2020 0 99999 7 -1
daemon L 10/22/2020 0 99999 7 -1
bin L 10/22/2020 0 99999 7 -1
...
gnome-initial-setup L 10/22/2020 0 99999 7 -1
gdm L 10/22/2020 0 99999 7 -1
ismail P 11/02/2020 0 99999 7 -1
systemd-coredump L 11/02/2020 -1 -1 -1 -1
lightdm L 11/02/2020 0 99999 7 -1
xrdp L 11/28/2020 0 99999 7 -1
ali P 11/28/2020 0 99999 7 -1
ahmet P 11/28/2020 0 99999 7 -1
mysql L 12/04/2020 0 99999 7 -1
sshd L 12/08/2020 0 99999 7 -1
sddm L 01/20/2021 0 99999 7 -1

Remove User Password

The passwd command can be used to remove user password. Removing the user password disables the user account automatically and the user can not login via SSH or GUI.

sudo passwd -d ismail

Expire User Password Immediately and Force Password Change

When the user password expired the user is forced to update password during first login via command line interface, SSH or GUI. The defualt password expire value is 99999 days which is not realistic. We can expire the user password and force user to update password immediately by using the passwd command with the -S option.

sudo passwd -S ismail

Lock User Password

The user password can be locked. Locking a user password prevents user from changing his/her password. The -l option is used with the passwd command to lock password.

sudo passwd -l ismail

Unlock User Password

The locked password can be unlocked with the -u option like below.

sudo passwd -u ismail

Set Inactive Days

When the user password expired the user should change his/her password. If we want to expire the user account if the user do not login after the password expire we can use the -i option and specify the day count. This is very useful for user accounts those do not actively used and should be locked.

sudo passwd -i 10 ismail

Set Minimum Days To Change Password

We can set the minimum days to change password. After specified days the user has to change passwords.

sudo passwd -n 90 ismail

Set Warning Days Before Password Expire

Before the password change day comes we can show warnings to the user to informat that the password will expire at the sepcified date. We can set the days to show warning before the password expire.

sudo passwd -w 12 ismail
READ  Linux /etc/passwd File

Leave a Comment