How to Change Password in Linux

In this article, I will explain how a user can change password for his/her account on Linux. Passwd command will work all Linux distros like Redhat, Centos, Ubuntu, Debian, Fedora etc.

Let's discuss Linux version of passwd command with some practical examples.

Linux Changing password

If the passwd command is executed by a non-root user then it will ask for the current password and then set the new password of that user. Super user or root can reset the password for any user including root without knowing the current password.

If the command passwd is invoked by a non root user you must first provide your existing password before you proceed to changing the password. The password must be typed twice and it is not echoed on the screen as you type it.

$ passwd 
Changing password for vagrant.
(current) UNIX password: 
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

You also cannot provide simple words as your passwords. passwd will check for how long and complex your password is. In the following output, a simple, dictionary based password is tried.

$ passwd 
Changing password for vagrant.
(current) UNIX password: 
Enter new UNIX password: 
Retype new UNIX password: 
You must choose a longer password
Enter new UNIX password: 
Retype new UNIX password: 
Bad: new password is too simple
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Changing password as Super-User

Any system user can change his/her password only. The passwd command does not take any argument when it's run as a normal user.
But as root you can change and reset password of any user in the system.
Usage is as follows:

# passwd [options] [user_name]

Different options which can be used are:

Options:
  -a, --all                     report password status on all accounts
  -d, --delete                  delete the password for the named account
  -e, --expire                  force expire the password for the named account
  -h, --help                    display this help message and exit
  -k, --keep-tokens             change password only if expired
  -i, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --lock                    lock the password of the named account
  -n, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -q, --quiet                   quiet mode
  -r, --repository REPOSITORY   change password in REPOSITORY repository
  -R, --root CHROOT_DIR         directory to chroot into
  -S, --status                  report password status on the named account
  -u, --unlock                  unlock the password of the named account
  -w, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
  -x, --maxdays MAX_DAYS        set maximum number of days before password
                                change to MAX_DAYS

When root runs passwd command it will reset the root password by default, and if you specify the username after passwd command then it will change the password of that user.

# passwd vagrant
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
# 

Root user can even provide simple passwords. Although a warning is displayed, the password is still changed successfully.
System user’s password is stored in an encrypted form in /etc/shadow file.

Display Password Status Information

To display password status information of a desired user, use -S option in passwd command.

# passwd -S vagrant
vagrant P 07/02/2019 0 99999 7 -1
# 

First field shows the username, second field shows password status ( PS = Password Set , LK = Password locked , NP = No Password ), third field shows when the password was last changed and last and fourth field shows minimum age, maximum age, warning period, and inactivity period for the password.

To list statuses of all user passwords in the system we will use -Sa parameter:

# passwd -Sa
root P 05/14/2019 0 99999 7 -1
daemon L 05/14/2019 0 99999 7 -1
bin L 05/14/2019 0 99999 7 -1
sys L 05/14/2019 0 99999 7 -1
sync L 05/14/2019 0 99999 7 -1
games L 05/14/2019 0 99999 7 -1
man L 05/14/2019 0 99999 7 -1
lp L 05/14/2019 0 99999 7 -1
mail L 05/14/2019 0 99999 7 -1
news L 05/14/2019 0 99999 7 -1
uucp L 05/14/2019 0 99999 7 -1
proxy L 05/14/2019 0 99999 7 -1
www-data L 05/14/2019 0 99999 7 -1
backup L 05/14/2019 0 99999 7 -1
# 

Changing the group password

Passwords to groups can be added with gpasswd command. In the following example we will create password for a group called project1.

# groupadd project1
# gpasswd project1
Changing the password for group project1
New Password: 
Re-enter new password: 
# 

Removing Password of a User

To remove a password of a desired user we will use -d command option:

# passwd -d test
passwd: password expiry information changed.
# passwd -S test
test NP 07/02/2019 0 99999 7 -1

NOTE: -d option will make user’s password empty and will disable the user’s account.

Set Password Expiry

To make user's password expired and force that user to change the password on a next login, use ‘-e’ option in passwd command.

# passwd -e test
passwd: password expiry information changed.
# passwd -S test
test NP 01/01/1970 0 99999 7 -1

Lock and Unlock the password of a System User

To lock a user's password use ‘-l‘ option in passwd command. It will add “!” at the start of user’s password. User can’t change it’s password when his/her password is locked.

# passwd -l test
passwd: password expiry information changed.
# passwd -S test
test L 07/03/2019 0 99999 7 -1

To unlock user's password use ‘-u‘ option:

# passwd -u test
passwd: password expiry information changed.
# passwd -S test
test P 07/03/2019 0 99999 7 -1

Setting inactive days using -i option

This will be activated when password of a selected user expired and user didn’t change it's password in ‘n‘ number of days (i.e 10 days). After that user will not able to login.

# passwd -i 10 test
passwd: password expiry information changed.
# passwd -S test
test P 07/03/2019 0 99999 7 10

Set Warning days before password expire

‘-w’ option in passwd command is used to set warning days before a user is reminded to change the password. It means a user will be warned n number of days before his/her password is going to expire.

# passwd -w 5 test
passwd: password expiry information changed.
# passwd -S test
test P 07/03/2019 0 99999 5 10

Set Minimum Days to Change Password

In the below, example test user has to change the password in 30 days. A value of zero shows that user can change it’s password in any time.

# passwd -n 30 test
passwd: password expiry information changed.
# passwd -S test
test P 07/03/2019 30 99999 5 10

Conclusion

In this article, we learned how to change user password in Linux. For more information take a look at passwd command man pages. Thanks for reading this article and let me know if you have any questions.

Read Also:

• How to Find/Change Ubuntu Default Root Password
• How to Add User to Sudoers in Linux