passwd command tutorial in linux/unix with examples and use cases

linux passwd command — modify a user’s password

A normal user may only change the password for his/her own account, while the superuser may change the password for any account.

Syntax

passwd [options] [LOGIN]

Options

  • -d, –delete
    Delete a user’s password (make it empty). This is a quick way to disable a password for an account. It will set the named account passwordless.
  • -k, –keep-tokens
    Indicate password change should be performed only for expired authentication tokens (passwords). The user wishes to keep their non-expired tokens as before.
  • -l, –lock
    Lock the password of the named account.
  • -u, –unlock
    Unlock the password of the named account.
  • -i, –inactive INACTIVE
    This option is used to disable an account after the password has been expired for a number of days. After a user account has had an expired password for INACTIVE days, the user may no longer sign on to the account.
  • -S, –status
    Display account status information.
  • -n, –mindays MIN_DAYS
    Set the minimum number of days between password changes to MIN_DAYS.
  • -x, –maxdays MAX_DAYS
    Set the maximum number of days a password remains valid. After MAX_DAYS, the password is required to be changed.

Password rule

As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets:

  • lower case alphabetics
  • digits 0 thru 9
  • punctuation marks

File

  • /etc/passwd
    User account information.
  • /etc/shadow
    Secure user account information.
  • /etc/pam.d/passwd
    PAM configuration for passwd.

Exit values

The passwd command exits with the following values:

0 success
1 permission denied
2 invalid combination of options
3 unexpected failure, nothing done
4 unexpected failure, passwd file missing
5 passwd file busy, try again
6 invalid argument to option

Examples

1. Create a user and set a password

➜  ~ sudo useradd testUser
[sudo] password for ylspirit: 
➜  ~ passwd testUser 
passwd: You may not view or modify password information for testUser.
➜  ~ sudo passwd testUser
New password: 
Retype new password: 
passwd: password updated successfully

2. Switch users and display user status information

➜  ~ su testUser 
Password: 
$ passwd -S testUser     
testUser P 11/13/2019 0 99999 7 -1
$ 

3. Change user password

passwd testUser
Changing password for testUser.
Current password: 

4. Lock user

➜  ~ sudo passwd -l testUser
passwd: password expiry information changed.
➜  ~ su testUser
Password: 
su: Authentication failure

5. Unlock user

➜  ~ sudo passwd -u testUser
passwd: password expiry information changed.
➜  ~ su testUser
Password: 
$ 

6. Delete user password

➜  ~ sudo cat /etc/shadow | grep test
testUser:!$6$aNt2OgYyWHwVx27j$RIBsPbABNLLV8eQc0sT4E7dJEvmuHR7b/r.es4ExKjc6Un2GOJBZU.w9omJa/vvzuG8eKYGg6940Xe0eK93i90:18213:0:99999:7:::


➜  ~ sudo passwd -d testUser
passwd: password expiry information changed.


➜  ~ sudo cat /etc/shadow | grep test
testUser::18213:0:99999:7:::

Add a Comment

Your email address will not be published.