linux passwd command — modify a user’s password
A normal user may only change the password for his/her own account, while the superuser may change the password for any account.
Syntax
passwd [options] [LOGIN]Options
- -d, –delete
Delete a user’s password (make it empty). This is a quick way to disable a password for an account. It will set the named account passwordless. - -k, –keep-tokens
Indicate password change should be performed only for expired authentication tokens (passwords). The user wishes to keep their non-expired tokens as before. - -l, –lock
Lock the password of the named account. - -u, –unlock
Unlock the password of the named account. - -i, –inactive INACTIVE
This option is used to disable an account after the password has been expired for a number of days. After a user account has had an expired password for INACTIVE days, the user may no longer sign on to the account. - -S, –status
Display account status information. - -n, –mindays MIN_DAYS
Set the minimum number of days between password changes to MIN_DAYS. - -x, –maxdays MAX_DAYS
Set the maximum number of days a password remains valid. After MAX_DAYS, the password is required to be changed.
Password rule
As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets:
- lower case alphabetics
- digits 0 thru 9
- punctuation marks
File
- /etc/passwd
User account information. - /etc/shadow
Secure user account information. - /etc/pam.d/passwd
PAM configuration for passwd.
Exit values
The passwd command exits with the following values:
0 success
1 permission denied
2 invalid combination of options
3 unexpected failure, nothing done
4 unexpected failure, passwd file missing
5 passwd file busy, try again
6 invalid argument to option
Examples
1. Create a user and set a password
➜ ~ sudo useradd testUser
[sudo] password for ylspirit:
➜ ~ passwd testUser
passwd: You may not view or modify password information for testUser.
➜ ~ sudo passwd testUser
New password:
Retype new password:
passwd: password updated successfully
2. Switch users and display user status information
➜ ~ su testUser
Password:
$ passwd -S testUser
testUser P 11/13/2019 0 99999 7 -1
$ 
3. Change user password
passwd testUser
Changing password for testUser.
Current password: 4. Lock user
➜ ~ sudo passwd -l testUser
passwd: password expiry information changed.
➜ ~ su testUser
Password:
su: Authentication failure
5. Unlock user
➜ ~ sudo passwd -u testUser
passwd: password expiry information changed.
➜ ~ su testUser
Password:
$
6. Delete user password
➜ ~ sudo cat /etc/shadow | grep test
testUser:!$6$aNt2OgYyWHwVx27j$RIBsPbABNLLV8eQc0sT4E7dJEvmuHR7b/r.es4ExKjc6Un2GOJBZU.w9omJa/vvzuG8eKYGg6940Xe0eK93i90:18213:0:99999:7:::
➜ ~ sudo passwd -d testUser
passwd: password expiry information changed.
➜ ~ sudo cat /etc/shadow | grep test
testUser::18213:0:99999:7:::
