This article will go over the passwd command in Linux and learn how to change, remove, or disable user passwords.
Table of Contents
- How to Change Your User Password
- How to Change Another User’s Password
- How to Force User to Change Password in Linux
- How to Remove User Password in Linux
- How to Disable User Password in Linux
- Check the Status of a User’s Password
- Conclusion
Managing passwords via the terminal is relatively simple. In Linux, you can manage the user passwords using the passwd
utility, a command designed to manage passwords.
In this guide, we’ll also learn a few advanced arguments for the passwd
command, which will help you use it more effectively and make your life easier.
Remember, you can only manage your password as a regular user. However, the root user and users with sudo privileges can manage other users’ passwords and define how the password can be used.
How to Change Your User Password
In Linux, any user can change their password at any time. To change your own user’s account password, run the passwd
command without any arguments:
passwd
You will be asked for your current password. Then, if your password is correct, the command will prompt you to enter and confirm your new password.
How to Change Another User’s Password
If you are a system administrator with a many users, there will come a time when a user forgets their password, and you or someone with sudo privileges will be required to reset their password.
Once again, as we stated in the introduction, only the root user and users with sudo access can change the password of another user account.
So, the example below assumes you are logged in as a user with sudo privileges.
Run the passwd
command, followed by the username, to change the password of another user’s account.
For example, to change the password of a user named james
, use the following command:
sudo passwd james
You’ll be asked only to enter and confirm the new user’s password.
The passwd
command will not ask you for the old password since you perform as the user with sudo privileges. Therefore, you can change the passwords of any user without needing to know the old password.
How to Force User to Change Password in Linux
By default, in Linux, passwords are set never to expire. So, aside from setting or changing a user’s password, the passwd
command can be used to force the user to change their password the next time they log in.
For this to happen, the password must first be marked as expired. This can be achieved by using the -e
(--expire
) option with the passwd
command, followed by the username for which we want to mark the password as expired.
For example, to change the password as expired for a user named james
, use the following command:
sudo passwd -e james
Next, with the help of the chage
command, we can verify the user james’ password expiration. Finally, the chage
command is used to view and change the user password expiry information.
sudo chage -l james
As you can see from the above output, the user’s password needs to be changed. Therefore, when user james
tries to log in again, he will be prompted to change his password before he can access a shell, as shown in the following screen:
How to Remove User Password in Linux
If you want to make a user account passwordless, you can use the -d
(--delete
) option with the passwd
command. This is a quick way to disable a password for an account.
For example, type the following command to remove the user password of a user called james
:
sudo passwd -d james
The command above deletes a user’s password (make it empty). Although this is possible, and you can have an account without a password, it is not advised because anyone will only be able to type in the account username to access the system.
As you can see, the system no longer requires a password for authentication for the user james
.
How to Disable User Password in Linux
You can stop users from logging in by locking the account’s password. Use the passwd
command with the -l
(--lock
) option added, followed by the username.
sudo passwd -l james
The -l
option disables a password by changing it to a value that matches no possible encrypted value. As a result, the user will be unable to log in.
So, when the user james
next tries to log in, their password is rejected, and they receive an authentication error.
Of course, if the user james
authenticates through a passwordless SSH connection based on public/private key exchange, disabling the password will not stop his access to the system.
So it’s also a good idea, in addition, to set the user shell to nologin
to avoid security issues:
sudo usermod -s /usr/sbin/nologin james
You can use the -u
(--unlock
) switch to unlock the user james
account.
sudo passwd -u james
Then reset its login shell back to /bin/bash
.
sudo usermod -s /bin/bash james
Check the Status of a User’s Password
When it comes to audits and housekeeping, checking the status of a user’s password is a valuable tool for system administrators.
So let’s check the status of a user’s password for the user james
. First, open a terminal and run the passwd
command with the -S
(--status
) switch.
sudo passwd -S james
As you can see, the status information consists of seven fields. So let’s break them down one by one.
- The first field is the user’s login name.
- The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P).
- The third field gives the date of the last password change.
- The fourth field is the minimum password lifetime days before it may be changed.
- The fifth field is the maximum password lifetime days before it must be changed.
- The sixth field is the number of days before the password lifetime expires when the user will start receiving warnings.
- The seventh field is the number of days after the password lifetime expires when the user is disabled.
Additionally, the -Sa
switch is helpful if you want to list the password status for all users.
sudo passwd -Sa
We can see all of the users on our Linux machine here, but the three real users are root
, linuxiac
, and james
.
Conclusion
In this guide, you’ve learned how to change, remove, or disable a user’s passwords in Linux. Moreover, now you know how to check the status of a user’s password. The guidance given in this quick guide should work with any Linux distro.
For more detailed information about the passwd
command in Linux, you can head to the command’s man page.