How to Set, Change, or Disable User Password in Linux

How to Change, Remove, or Disable User Password in Linux

This article will go over the passwd command in Linux and learn how to change, remove, or disable user passwords.

Table of Contents

Managing passwords via the terminal is relatively simple. In Linux, you can manage the user passwords using the passwd utility, a command designed to manage passwords. 

In this guide, we’ll also learn a few advanced arguments for the passwd command, which will help you use it more effectively and make your life easier.

Remember, you can only manage your password as a regular user. However, the root user and users with sudo privileges can manage other users’ passwords and define how the password can be used.

How to Change Your User Password

In Linux, any user can change their password at any time. To change your own user’s account password, run the passwd command without any arguments:

passwd
Change Your User Password

You will be asked for your current password. Then, if your password is correct, the command will prompt you to enter and confirm your new password.

How to Change Another User’s Password

If you are a system administrator with a many users, there will come a time when a user forgets their password, and you or someone with sudo privileges will be required to reset their password.

Once again, as we stated in the introduction, only the root user and users with sudo access can change the password of another user account.

So, the example below assumes you are logged in as a user with sudo privileges.

Run the passwd command, followed by the username, to change the password of another user’s account.

For example, to change the password of a user named james, use the following command:

sudo passwd james
How to Change Another User’s Password

You’ll be asked only to enter and confirm the new user’s password.

The passwd command will not ask you for the old password since you perform as the user with sudo privileges. Therefore, you can change the passwords of any user without needing to know the old password.

How to Force User to Change Password in Linux

By default, in Linux, passwords are set never to expire. So, aside from setting or changing a user’s password, the passwd command can be used to force the user to change their password the next time they log in.

For this to happen, the password must first be marked as expired. This can be achieved by using the -e (--expire) option with the passwd command, followed by the username for which we want to mark the password as expired.

For example, to change the password as expired for a user named james, use the following command:

sudo passwd -e james
How to Set User's Password Expired in Linux

Next, with the help of the chage command, we can verify the user james’ password expiration. Finally, the chage command is used to view and change the user password expiry information.

sudo chage -l james
Check password expiration using the chage command

As you can see from the above output, the user’s password needs to be changed. Therefore, when user james tries to log in again, he will be prompted to change his password before he can access a shell, as shown in the following screen:

Force User to Change Password in Linux

How to Remove User Password in Linux

If you want to make a user account passwordless, you can use the -d (--delete) option with the passwd command. This is a quick way to disable a password for an account.

For example, type the following command to remove the user password of a user called james:

sudo passwd -d james
Disable User Password in Linux

The command above deletes a user’s password (make it empty). Although this is possible, and you can have an account without a password, it is not advised because anyone will only be able to type in the account username to access the system.

Login without password in Linux

As you can see, the system no longer requires a password for authentication for the user james.

How to Disable User Password in Linux

You can stop users from logging in by locking the account’s password. Use the passwd command with the -l (--lock) option added, followed by the username.

sudo passwd -l james
Lock user account in Linux by disabling a password

The -l option disables a password by changing it to a value that matches no possible encrypted value. As a result, the user will be unable to log in.

So, when the user james next tries to log in, their password is rejected, and they receive an authentication error.

Lock user account in Linux by disabling a password

Of course, if the user james authenticates through a passwordless SSH connection based on public/private key exchange, disabling the password will not stop his access to the system.

So it’s also a good idea, in addition, to set the user shell to nologin to avoid security issues:

sudo usermod -s /usr/sbin/nologin james

You can use the -u (--unlock) switch to unlock the user james account.

sudo passwd -u james
Unlock user account in Linux by enabling a password

Then reset its login shell back to /bin/bash.

sudo usermod -s /bin/bash james

Check the Status of a User’s Password

When it comes to audits and housekeeping, checking the status of a user’s password is a valuable tool for system administrators.

So let’s check the status of a user’s password for the user james. First, open a terminal and run the passwd command with the -S (--status) switch.

sudo passwd -S james
Cheking user's password status

As you can see, the status information consists of seven fields. So let’s break them down one by one.

  1. The first field is the user’s login name.
  2. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P).
  3. The third field gives the date of the last password change.
  4. The fourth field is the minimum password lifetime days before it may be changed.
  5. The fifth field is the maximum password lifetime days before it must be changed.
  6. The sixth field is the number of days before the password lifetime expires when the user will start receiving warnings.
  7. The seventh field is the number of days after the password lifetime expires when the user is disabled.

Additionally, the -Sa switch is helpful if you want to list the password status for all users.

sudo passwd -Sa
Cheking all the users password status

We can see all of the users on our Linux machine here, but the three real users are root, linuxiac, and james.

Conclusion

In this guide, you’ve learned how to change, remove, or disable a user’s passwords in Linux. Moreover, now you know how to check the status of a user’s password. The guidance given in this quick guide should work with any Linux distro.

For more detailed information about the passwd command in Linux, you can head to the command’s man page.

Leave a Reply

Your email address will not be published.