passwd command tutorial in linux/unix with examples and use cases
November 22, 2019
linux passwd command — modify a user’s password
A normal user may only change the password for his/her own account, while the superuser may change the password for any account.
passwd [options] [LOGIN]
- -d, –delete
Delete a user’s password (make it empty). This is a quick way to disable a password for an account. It will set the named account passwordless.
- -k, –keep-tokens
Indicate password change should be performed only for expired authentication tokens (passwords). The user wishes to keep their non-expired tokens as before.
- -l, –lock
Lock the password of the named account.
- -u, –unlock
Unlock the password of the named account.
- -i, –inactive INACTIVE
This option is used to disable an account after the password has been expired for a number of days. After a user account has had an expired password for INACTIVE days, the user may no longer sign on to the account.
- -S, –status
Display account status information.
- -n, –mindays MIN_DAYS
Set the minimum number of days between password changes to MIN_DAYS.
- -x, –maxdays MAX_DAYS
Set the maximum number of days a password remains valid. After MAX_DAYS, the password is required to be changed.
As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets:
- lower case alphabetics
- digits 0 thru 9
- punctuation marks
User account information.
Secure user account information.
PAM configuration for passwd.
The passwd command exits with the following values:
1 permission denied
2 invalid combination of options
3 unexpected failure, nothing done
4 unexpected failure, passwd file missing
5 passwd file busy, try again
6 invalid argument to option
1. Create a user and set a password
➜ ~ sudo useradd testUser [sudo] password for ylspirit: ➜ ~ passwd testUser passwd: You may not view or modify password information for testUser. ➜ ~ sudo passwd testUser New password: Retype new password: passwd: password updated successfully
2. Switch users and display user status information
➜ ~ su testUser Password: $ passwd -S testUser testUser P 11/13/2019 0 99999 7 -1 $
3. Change user password
passwd testUser Changing password for testUser. Current password:
4. Lock user
➜ ~ sudo passwd -l testUser passwd: password expiry information changed. ➜ ~ su testUser Password: su: Authentication failure
5. Unlock user
➜ ~ sudo passwd -u testUser passwd: password expiry information changed. ➜ ~ su testUser Password: $
6. Delete user password
➜ ~ sudo cat /etc/shadow | grep test testUser:!$6$aNt2OgYyWHwVx27j$RIBsPbABNLLV8eQc0sT4E7dJEvmuHR7b/r.es4ExKjc6Un2GOJBZU.w9omJa/vvzuG8eKYGg6940Xe0eK93i90:18213:0:99999:7::: ➜ ~ sudo passwd -d testUser passwd: password expiry information changed. ➜ ~ sudo cat /etc/shadow | grep test testUser::18213:0:99999:7:::