passwd command tutorial in linux/unix with examples and use cases

linux passwd command — modify a user’s password

A normal user may only change the password for his/her own account, while the superuser may change the password for any account.


passwd [options] [LOGIN]


  • -d, –delete
    Delete a user’s password (make it empty). This is a quick way to disable a password for an account. It will set the named account passwordless.
  • -k, –keep-tokens
    Indicate password change should be performed only for expired authentication tokens (passwords). The user wishes to keep their non-expired tokens as before.
  • -l, –lock
    Lock the password of the named account.
  • -u, –unlock
    Unlock the password of the named account.
  • -i, –inactive INACTIVE
    This option is used to disable an account after the password has been expired for a number of days. After a user account has had an expired password for INACTIVE days, the user may no longer sign on to the account.
  • -S, –status
    Display account status information.
  • -n, –mindays MIN_DAYS
    Set the minimum number of days between password changes to MIN_DAYS.
  • -x, –maxdays MAX_DAYS
    Set the maximum number of days a password remains valid. After MAX_DAYS, the password is required to be changed.

Password rule

As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets:

  • lower case alphabetics
  • digits 0 thru 9
  • punctuation marks


  • /etc/passwd
    User account information.
  • /etc/shadow
    Secure user account information.
  • /etc/pam.d/passwd
    PAM configuration for passwd.

Exit values

The passwd command exits with the following values:

0 success
1 permission denied
2 invalid combination of options
3 unexpected failure, nothing done
4 unexpected failure, passwd file missing
5 passwd file busy, try again
6 invalid argument to option


1. Create a user and set a password

➜  ~ sudo useradd testUser
[sudo] password for ylspirit: 
➜  ~ passwd testUser 
passwd: You may not view or modify password information for testUser.
➜  ~ sudo passwd testUser
New password: 
Retype new password: 
passwd: password updated successfully

2. Switch users and display user status information

➜  ~ su testUser 
$ passwd -S testUser     
testUser P 11/13/2019 0 99999 7 -1

3. Change user password

passwd testUser
Changing password for testUser.
Current password: 

4. Lock user

➜  ~ sudo passwd -l testUser
passwd: password expiry information changed.
➜  ~ su testUser
su: Authentication failure

5. Unlock user

➜  ~ sudo passwd -u testUser
passwd: password expiry information changed.
➜  ~ su testUser

6. Delete user password

➜  ~ sudo cat /etc/shadow | grep test

➜  ~ sudo passwd -d testUser
passwd: password expiry information changed.

➜  ~ sudo cat /etc/shadow | grep test

Add a Comment

Your email address will not be published. Required fields are marked *