passwd Command in Linux
The passwd command in Linux manages the user account passwords. It is used to set or update the account password. The system administrators can use it to manage passwords for other accounts. It can also set the validity of the passwords.
Table of Contents
Here is a comprehensive guide to the options available with the passwd command −
Syntax of passwd Command
The syntax of the Linux passwd command is as follows −
passwd [options] [username]
In the above syntax, the [options] field is used to specify various options to modify the command's behavior. The [username] is used to specify the username whose password needs to be changed.
passwd Command Options
The options of the passwd command are listed below −
| Flags | Options | Description |
|---|---|---|
| -a | --all | Show status for all users (only with -S). |
| -d | --delete | Delete a user's password (make it empty). This disables the password for the account, making it passwordless. |
| -e | --expire | Immediately expire an account's password, forcing a change at the next login. |
| -h | --help | Display help message and exit. |
| -i INACTIVE | --inactive INACTIVE | Disable an account after the password has been expired for a number of days. |
| -k | --keep-tokens | Only change expired authentication tokens, keeping non-expired ones. |
| -l | --lock | Lock the account's password, disabling login with it while retaining other authentication methods like SSH keys. |
| -n MIN_DAYS | --mindays MIN_DAYS | Set the minimum number of days between password changes. |
| -q | --quiet | Enable quiet mode. |
| -r REPOSITORY | --repository REPOSITORY | Change the password in the specified repository. |
| -R CHROOT_DIR | --root CHROOT_DIR | Apply changes in the specified CHROOT_DIR directory. |
| -P PREFIX_DIR | --prefix PREFIX_DIR | Apply changes to configuration files in the specified PREFIX_DIR, mainly for cross-compilation targets. |
| -S | --status | Display account status information, including lock status, last change date, and password age limits. |
| -u | --unlock | Unlock the account's password, restoring its previous value before being locked. |
| -w WARN_DAYS | --warndays WARN_DAYS | Set the number of days before expiration to warn about a password change. |
| -x MAX_DAYS | --maxdays MAX_DAYS | Set the maximum number of days a password remains valid before requiring a change. |
| -s | --stdin | Read the new password from standard input, allowing usage in pipes. |
Examples of passwd Command in Linux
This section demonstrates the usage of the passwd command in Linux with examples −
Changing the Password of the Current User
To reset your password in Linux, use the passwd command without any option −
passwd
First, the command prompts to enter the current password and then asks to type and re-type the new password.
Changing the Password of Another User
To change the password of another user, use the passwd command with the username. For example, to change the password of user alex, use the command given below −
sudo passwd alex
Note that only system administrators can modify the password of other users or users will sudo permissions.
Deleting the Password of a User
To delete the password of a user, use the -d or --delete option and the name of the user −
sudo passwd -d alex
The above command essentially makes the account password-less.
Locking an Account
The passwd command can also be used to lock an account. To lock an account, use the -l or --lock option with the user's name whose account needs to be locked −
sudo passwd -l alex
Unlocking an Account
To unlock an account, use the -u or --unlock option with the passwd command −
sudo passwd -u alex
Expiring Password of an Account Immediately
To force expire password of an account, use the -e or --expire option −
sudo passwd -e alex
In the next login, the user will be asked to change the password.
Setting Password Validity
To set the password validity, there are different options.
The -n or --mindays option is used to set the minimum number of days that must pass before a user can change their password. For example, if -n is set to 7, the user cannot change the password until 7 days have passed since the last change.
sudo passwd -n 7 alex
Similarly, the -x or --maxdays option is used to set the maximum number of days a password can remain valid before the user is forced to change it. For instance, setting -x 30 means the user must change the password within 30 days of the last password change −
sudo passwd -x 30 alex
To set the warning period of password expiration, use the -w or --warndays option with the number of days −
sudo passwd -w 10 alex
The above command will warn the user to change the password before 10 days of expiration.
Checking Password Status
To check the password status of a user, use the -S or --status option −
sudo passwd -S alex
The output shows the user's name, password status, the date of last password change, minimum age, maximum age, warning period, and inactivity period.
The password status can be L, NP, or P.
| Status | Description |
|---|---|
| L | Locked account (password is disabled) |
| NP | No password is set for the account |
| P | Password is set and active |
To check the password status of all users, use the -a or --all option −
sudo passwd -S -a
The above command will list the password details of all users including system users.
Disabling an Account after Inactivity
The -i or --inactive option is used to set the number of days after a password expires before the account is disabled −
sudo passwd -i 30 alex
Displaying Help
To display help related to the passwd command, use the -h or --help option −
passwd -h
Conclusion
The passwd command in Linux is a handy tool that helps in managing user account passwords. It allows system administrators to change passwords, manage other users' passwords, and set policies like expiration and inactivity periods. It can effectively be used to maintain account security and manage password-related tasks in Linux.
In this tutorial, we explained the passwd command, its syntax, options, and usage in Linux with examples.