In this tutorial, I will explain how a user or super user (root) can change the password in Linux. Passwd is the command used in Linux (Redhat, Centos, Ubuntu, Debian, Fedora) and UNIX-like operating systems to change password.
When we run passwd
command the user's encrypted password is stored in /etc/shadow file.
A normal user (non root) user will be allowed only to change his/her password. While root or sudo users can change password for any accounts.
For security reasons its always advisable to use a strong password and change it regularly.
Changing your password
If the passwd
command is executed by a non-root user then it will ask for the current password and then set the new password of that user. Super user or root can reset the password for any user including root without knowing the current password.
If the command passwd
is invoked by a non root user you must first provide your existing password before you proceed to changing the password. The password must be typed twice and it is not echoed on the screen as you type it.
$ passwd Changing password for vagrant. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
You also cannot provide simple words as your passwords. Passwd command will check for how long and complex your password is. In the following output, a simple, dictionary based password is tried.
$ passwd Changing password for vagrant. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: You must choose a longer password Enter new UNIX password: Retype new UNIX password: Bad: new password is too simple Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Changing password as Super-User (root)
Any system user can change his/her password only. The passwd
command does not take any argument when it's run as a normal user.
But as root you can change and reset password of any user in the system.
Usage is as follows:
# passwd [options] [user_name]
Different options which can be used are:
Options: -a, --all report password status on all accounts -d, --delete delete the password for the named account -e, --expire force expire the password for the named account -h, --help display this help message and exit -k, --keep-tokens change password only if expired -i, --inactive INACTIVE set password inactive after expiration to INACTIVE -l, --lock lock the password of the named account -n, --mindays MIN_DAYS set minimum number of days before password change to MIN_DAYS -q, --quiet quiet mode -r, --repository REPOSITORY change password in REPOSITORY repository -R, --root CHROOT_DIR directory to chroot into -S, --status report password status on the named account -u, --unlock unlock the password of the named account -w, --warndays WARN_DAYS set expiration warning days to WARN_DAYS -x, --maxdays MAX_DAYS set maximum number of days before password change to MAX_DAYS
When root runs passwd
command it will reset the root password by default, and if you specify the username after passwd
command then it will change the password of that user.
# passwd vagrant Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully #
Root user can even provide simple passwords. Although a warning is displayed, the password is still changed successfully. System user’s password is stored in an encrypted form in /etc/shadow file.
Display Password Status Information
To display password status information of a desired user, use -S
option in passwd command.
# passwd -S vagrant vagrant P 07/02/2019 0 99999 7 -1 #
First field shows the username, second field shows password status ( PS = Password Set , LK = Password locked , NP = No Password ), third field shows when the password was last changed and last and fourth field shows minimum age, maximum age, warning period, and inactivity period for the password.
To list status of all user passwords in the system we will use -Sa
parameter:
# passwd -Sa root P 05/14/2019 0 99999 7 -1 daemon L 05/14/2019 0 99999 7 -1 bin L 05/14/2019 0 99999 7 -1 sys L 05/14/2019 0 99999 7 -1 sync L 05/14/2019 0 99999 7 -1 games L 05/14/2019 0 99999 7 -1 man L 05/14/2019 0 99999 7 -1 lp L 05/14/2019 0 99999 7 -1 mail L 05/14/2019 0 99999 7 -1 news L 05/14/2019 0 99999 7 -1 uucp L 05/14/2019 0 99999 7 -1 proxy L 05/14/2019 0 99999 7 -1 www-data L 05/14/2019 0 99999 7 -1 backup L 05/14/2019 0 99999 7 -1
Removing Password of a User
To remove password of a desired user we will use -d
command option:
# passwd -d test passwd: password expiry information changed. # passwd -S test test NP 07/02/2019 0 99999 7 -1
Note: Option -d
will make user’s password empty and will disable the user’s account.
Set Password Expiry
To make user's password expired and force that user to change the password on a next login, use -e
option in passwd
command.
# passwd -e test passwd: password expiry information changed. # passwd -S test test NP 01/01/1970 0 99999 7 -1
Lock and Unlock the password of a System User
To lock a user's password use -l
option in passwd
command. It will add !
at the start of user’s password. User can’t change it’s password when his/her password is locked.
# passwd -l test passwd: password expiry information changed. # passwd -S test test L 07/03/2019 0 99999 7 -1
To unlock user's password use -u
option:
# passwd -u test passwd: password expiry information changed. # passwd -S test test P 07/03/2019 0 99999 7 -1
Setting inactive days using -i option
This will be activated when password of a selected user expired and user didn’t change it's password in ‘n‘ number of days (i.e 10 days). After that user will not able to login.
# passwd -i 10 test passwd: password expiry information changed. # passwd -S test test P 07/03/2019 0 99999 7 10
Set Warning days before password expire
Option -w
is used set warning days before a user is reminded to change the password. It means a user will be warned n number of days before his/her password is going to expire.
# passwd -w 5 test passwd: password expiry information changed. # passwd -S test test P 07/03/2019 0 99999 5 10
Set Minimum Days to Change Password
In the below, example test user has to change the password in 30 days. A value of zero shows that user can change it’s password in any time.
# passwd -n 30 test passwd: password expiry information changed. # passwd -S test test P 07/03/2019 30 99999 5 10
Conclusion
In this tutorial, we learned how to change user password in Linux. For more information take a look at passwd command man pages. Thanks for reading this article and let me know if you have any questions.