Linux passwd Command
Learn Linux passwd Command with examples
Published
- Linux passwd Command
- passwd Command Syntax
- passwd Command Example
- Processing in passwd command
- passwd Command with sudo
- passwd options
Linux passwd Command
In Linux, we can use “passwd” command is used to change the user account passwords.
Note:
- The root user reserves the privilege to change the password for any user on the system.
- A normal user can only change the account password for his or her own account.
passwd Command Syntax
>> passwd [options] [username]
- A normal user can change their password, they must first enter their current password for verification.
- The superuser can bypass this step when changing another user’s password.
- After the current password is verified, passwd checks to see if the user is allowed to change their password at this time. If not, passwd refuses to continue, and exits.
- After verification, the user is then prompted twice for a replacement password. Both entries must match for passwd to continue.
- Next, the password is tested for complexity.
Hints for user passwords
- passwords should consist of at least 6 to 8 characters
- lower case letters
- digits 0 through 9
- punctuation marks
passwd Command Example
By running following a normal user can change his password.
>> passwd
Processing in passwd command
- Verify current user password
- Verify password aging information
- Change the password
passwd Command with sudo
sudo can be used to invoke root privileges by normal users, and can change the password for root itself.
>> sudo passwd root
This is particularly helpful when a user is member of admin group (holds a position in sudoers list (/etc/sudoers) and can use commands with sudo) and the root password is not set, which is case with many common distributions of linux.
passwd options
Options | Description |
-d –delete |
This option deletes the user password and makes the account password-less. |
-e –expire |
This option immediately expires the account password and forces the user to change password on their next login. |
-h –help |
Display help related to the passwd command. |
-i –inactive INACTIVE_DAYS |
This option is followed by an integer; INACTIVE_DAYS; which is the number of days after the password expires that the account will be deactivated. |
-k –keep-tokens |
This option is used when you only want to change the password if it is expired. It keeps the authentication tokens for the authentication if the password is not yet expired; even if you requested to change it. Note that if the expiry period for a user is set to 99999; then this option will not keep tokens and the password will be changed. |
-l –lock |
Lock the password of user. This appends the encrypted password of the user with a character '!' and thus making it unable to match with any of input password combinations. This does not disable the account but prevents the user from logging in using a password. Though other authentication methods like ssh keys can be used to login to the account. |
-n –mindays MIN_DAYS |
Change the minimum number of days between password changes to MIN_DAYS so that the user can’t change the password for MIN_DAYS. |
-q –quiet |
This option is used for quiet mode. While using this option to change a password; the message Changing password for $user which usually gets printed before changing a password; does not get echoed. |
-r –repository REPO |
This option is used to change password for repository named REPO. |
-R –root CHROOT_DIR |
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. This basically changes the root directory for the passwd process for once; and since CHROOT_DIR is a sub-directory of the root; it can not access the configuration files outside the CHROOT_DIR. |
-S –status |
Shows the password status (7 fields) of user in the following format |
-S [ –status] -a [ –all] | This combination of options shows password status for all users. Note that -a or –all cannot be used without -S option. |
-u –unlock |
Unlock the password of an account. |
-w –warndays WARN_DAYS |
This option is used to change the number of days before the password is to expire; to display the warning for expiring password. |
-x –maxdays MAX_DAYS |
Set the maximum number of days for which the password remains valid. After MAX_DAYS; the password will expire and the user will be forced to change password. |
passwd EXIT VALUES
The passwd command exits with the following values:
Exit_Values | Description |
0 | success |
1 | permission denied |
2 | invalid combination of options |
3 | unexpected failure nothing done |
4 | unexpected failure passwd file missing |
5 | passwd file busy try again |
6 | invalid argument to option |