How To Use passwd Command on Linux with Examples

Learn how to use Linux's passwd command to change, remove, or disable passwords, enhancing security management.

How to Set, Change, or Disable User Password in Linux
Table of Contents
[Open][Close]

Among the plethora of commands available in Linux, the passwd command stands out as a fundamental tool. Its primary function is to change the password associated with a user account, which is crucial for maintaining security and user authentication in a Linux environment.

Moreover, the passwd command also provides additional advanced features essential in every Linux system administrator’s toolkit. Here’s a brief overview of its capabilities:

  • Changing Passwords: The most common use of the passwd command is to change the password of the user’s account. Users can change their password, and root users (administrators) can change the password for any account.
  • Setting Password Policies: It can also be used to set password aging policies, determining how often passwords must be changed and when they expire.
  • Locking and Unlocking User Accounts: The passwd command can lock and unlock user accounts. Locking an account prevents the user from logging in, which can be helpful for administrative purposes or security measures.
  • Displaying Password Information: It can display information about the user’s password, such as the last time it was changed and the password expiration date.

From basic password changes to more advanced features like password aging and locking accounts, this guide aims to equip you with the knowledge and skills to manage user passwords effectively, enhancing your system’s security.

Necessary clarification before we start! Remember, you can only manage your password as a regular user. At the same time, the root user and users with sudo privileges can manage other users’ passwords and define how the password can be used.

For information on how to add your user to the “sudo” group, consult our guide here.

In addition, if you have forgotten the root password, our easy-to-follow guide “How to Reset a Forgotten Root Password in Linux” provides simple and quick steps to help you easily change it.

Tips for a Strong Password

Creating a strong password is crucial for protecting your account and personal information. Here are some general tips to help you create effective, secure passwords:

  • Length Matters: Aim for at least 12 characters. Longer passwords are harder for hackers to crack.
  • Mix It Up: Use a mix of uppercase and lowercase letters, numbers, and symbols.
  • Avoid Common Words: Avoid using easily guessable information like birthdays or common words.
  • Use Passphrases: Consider a passphrase – a sequence of words or a sentence. It can be easier to remember and harder to crack.

How to Change Your Password

In Linux, any user can change their password at any time. To change your own user’s account password, run the passwd command without any arguments:

passwd
Change Your User Password

Upon entering this command, the system will prompt you to verify your current password. Then, if your password is correct, the command will prompt you to enter and confirm your new password. This step ensures that you haven’t made any typing errors.

Once you’ve successfully entered your new password twice, the system will update your password, and you’ll see a confirmation message indicating that the password has been successfully changed.

How to Change Another User’s Password

While it’s commonly used for changing one’s password, the passwd command also allows administrators to change other users’ passwords.

So, if you are a system administrator with many users, there will come a time when a user forgets their password, and you or someone with sudo privileges will be required to reset their password.

For example, to change the password of a user named “james,” type passwd followed by the username of the account whose password you want to change, in our case, “james.”

sudo passwd james
How to Change Another User’s Password

As you have probably noticed, when changing your password, you are prompted for the current one. However, in this case, we are only required to enter and verify the new password for the user without needing the existing one.

In other words, the passwd command will not ask you for the old password since you perform as the user with sudo privileges. So, you can change any user’s passwords without knowing the old ones.

How to Force User to Change Password in Linux

By default, in Linux, passwords are set never to expire. So, aside from setting or changing a user’s password, the passwd command can force the user to change their password the next time they log in.

For this to happen, the password must first be marked as expired. This can be achieved by using the -e (--expire) option with the passwd command, followed by the username for which we want to mark the password as expired.

For example, to change the password as expired for a user named “james“, use the following command:

sudo passwd -e james
How to Set User's Password Expired in Linux

Next, with the help of the chage command, we can verify the user james’ password expiration. Finally, the chage command views and changes the user password expiry information.

sudo chage -l james
Check password expiration using the chage command

As you can see from the above output, the user password needs to be changed. Therefore, when user “james” tries to log in again, he will be prompted to change his password before he can access a shell, as shown in the following screen:

Force User to Change Password in Linux

How to Remove User Password in Linux

To make a user account passwordless, use the -d (--delete) option with the passwd command. This is a quick way to disable a password for an account.

For example, type the following command to remove the user password of a user called “james“:

sudo passwd -d james
Disable User Password in Linux

The command above deletes a user’s password (make it empty). Although this is possible, and you can have an account without a password, it’s not advised because anyone can only type in the account username to access the system.

Login without password in Linux

As you can see, the system no longer requires a password for authentication for the user “james.”

How to Disable User Password in Linux

You can stop users from logging in by locking the account’s password. Use the passwd command with the -l (--lock) option added, followed by the username.

sudo passwd -l james
Lock user account in Linux by disabling a password

The -l option disables a password by changing it to a value that matches no possible encrypted value. As a result, the user will be unable to log in.

So, when the user “james” next tries to log in, their password is rejected, and they receive an authentication error.

Lock user account in Linux by disabling a password

Of course, if the user “james” authenticates through a passwordless SSH connection based on public/private key exchange, disabling the password will not stop his access to the system.

So it’s also a good idea, in addition, to set the user shell to “nologin” to avoid security issues:

sudo usermod -s /usr/sbin/nologin james

You can use the -u (--unlock) switch to unlock the user “james” account.

sudo passwd -u james
Unlock user account in Linux by enabling a password

Then reset its login shell back to “/bin/bash“.

sudo usermod -s /bin/bash james

Check the Status of a User’s Password

When it comes to audits and housekeeping, checking the status of a user’s password is a valuable tool for system administrators.

So let’s check the status of a user’s password for the user “james.” First, open a terminal and run the passwd command with the -S (--status) switch.

sudo passwd -S james
Cheking user's password status

As you can see, the status information consists of seven fields. So, let’s break them down one by one.

  1. The first field is the user’s login name.
  2. The second field indicates if the user account has a locked password (L), no password (NP), or a usable password (P).
  3. The third field gives the date of the last password change.
  4. The fourth field is the minimum password lifetime days before it may be changed.
  5. The fifth field is the maximum password lifetime days before it must be changed.
  6. The sixth field is the number of days before the password lifetime expires when the user will start receiving warnings.
  7. The seventh field is the days after the password lifetime expires when the user is disabled.

Additionally, the -Sa switch is helpful if you want to list the password status for all users.

sudo passwd -Sa
Cheking all the users password status

We can see all of the users on our Linux machine here, but the three real users are “root,” “linuxiac,” and “james.”

Conclusion

The passwd command in Linux is an indispensable tool for effective security management. Through this article, we have explored its various functionalities and demonstrated how to use them effectively.

You’ve learned how to change, remove, or disable a user’s password in Linux. Moreover, now you know how to check the status of a user’s password. The guidance given here should work with any Linux distro.

You can head to the command’s man page for more detailed information about the passwd command in Linux.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Related Posts