This article will go over the passwd command in Linux and learn how to change, remove, or disable user passwords.
Table of Contents
- How to Change Your User Password
- How to Change Another User’s Password
- How to Force User to Change Password in Linux
- How to Remove User Password in Linux
- How to Disable User Password in Linux
- Check the Status of a User’s Password
Managing passwords via the terminal is relatively simple. In Linux, you can manage the user passwords using the
passwd utility, a command designed to manage passwords.
In this guide, we’ll also learn a few advanced arguments for the
passwd command, which will help you use it more effectively and make your life easier.
Remember, you can only manage your password as a regular user. However, the root user and users with sudo privileges can manage other users’ passwords and define how the password can be used.
How to Change Your User Password
In Linux, any user can change their password at any time. To change your own user’s account password, run the
passwd command without any arguments:
You will be asked for your current password. Then, if your password is correct, the command will prompt you to enter and confirm your new password.
How to Change Another User’s Password
If you are a system administrator with a many users, there will come a time when a user forgets their password, and you or someone with sudo privileges will be required to reset their password.
Once again, as we stated in the introduction, only the root user and users with sudo access can change the password of another user account.
So, the example below assumes you are logged in as a user with sudo privileges.
passwd command, followed by the username, to change the password of another user’s account.
For example, to change the password of a user named
james, use the following command:
sudo passwd james
You’ll be asked only to enter and confirm the new user’s password.
passwd command will not ask you for the old password since you perform as the user with sudo privileges. Therefore, you can change the passwords of any user without needing to know the old password.
How to Force User to Change Password in Linux
By default, in Linux, passwords are set never to expire. So, aside from setting or changing a user’s password, the
passwd command can be used to force the user to change their password the next time they log in.
For this to happen, the password must first be marked as expired. This can be achieved by using the
--expire) option with the
passwd command, followed by the username for which we want to mark the password as expired.
For example, to change the password as expired for a user named
james, use the following command:
sudo passwd -e james
Next, with the help of the
chage command, we can verify the user james’ password expiration. Finally, the
chage command is used to view and change the user password expiry information.
sudo chage -l james
As you can see from the above output, the user’s password needs to be changed. Therefore, when user
james tries to log in again, he will be prompted to change his password before he can access a shell, as shown in the following screen:
How to Remove User Password in Linux
If you want to make a user account passwordless, you can use the
--delete) option with the
passwd command. This is a quick way to disable a password for an account.
For example, type the following command to remove the user password of a user called
sudo passwd -d james
The command above deletes a user’s password (make it empty). Although this is possible, and you can have an account without a password, it is not advised because anyone will only be able to type in the account username to access the system.
As you can see, the system no longer requires a password for authentication for the user
How to Disable User Password in Linux
You can stop users from logging in by locking the account’s password. Use the
passwd command with the
--lock) option added, followed by the username.
sudo passwd -l james
-l option disables a password by changing it to a value that matches no possible encrypted value. As a result, the user will be unable to log in.
So, when the user
james next tries to log in, their password is rejected, and they receive an authentication error.
So it’s also a good idea, in addition, to set the user shell to
nologin to avoid security issues:
sudo usermod -s /usr/sbin/nologin james
You can use the
--unlock) switch to unlock the user
sudo passwd -u james
Then reset its login shell back to
sudo usermod -s /bin/bash james
Check the Status of a User’s Password
When it comes to audits and housekeeping, checking the status of a user’s password is a valuable tool for system administrators.
So let’s check the status of a user’s password for the user
james. First, open a terminal and run the
passwd command with the
sudo passwd -S james
As you can see, the status information consists of seven fields. So let’s break them down one by one.
- The first field is the user’s login name.
- The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P).
- The third field gives the date of the last password change.
- The fourth field is the minimum password lifetime days before it may be changed.
- The fifth field is the maximum password lifetime days before it must be changed.
- The sixth field is the number of days before the password lifetime expires when the user will start receiving warnings.
- The seventh field is the number of days after the password lifetime expires when the user is disabled.
-Sa switch is helpful if you want to list the password status for all users.
sudo passwd -Sa
We can see all of the users on our Linux machine here, but the three real users are
In this guide, you’ve learned how to change, remove, or disable a user’s passwords in Linux. Moreover, now you know how to check the status of a user’s password. The guidance given in this quick guide should work with any Linux distro.
For more detailed information about the
passwd command in Linux, you can head to the command’s man page.