Scribd Logo
Upload

Welcome to Scribd!

  • Passwd Command

    Uploaded by

    Darko
    60 views6 pages
    Unix Passwd Command

    Copyright

    © © All Rights Reserved

    Available Formats

    ODT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Unix Passwd Command

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    60 views6 pages

    Passwd Command

    Uploaded by

    Darko
    Unix Passwd Command

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Linux passwd command

    Updated: 12/29/2017 by Computer Hope

    • Overview
    • passwd syntax
    • Quick Examples
    • Description
    • passwd examples
    • Related commands
    • Linux and Unix commands help

    Overview
    The passwd command is used to change the password of a user account. A normal user can run passwd
    to change their own password, and a system administrator (the superuser) can use passwd to change
    another user's password, or define how that account's password can be used or changed.

    passwd syntax
    passwd [OPTION] [USER]

    Quick Examples
    Change your password
    passwd
    Running passwd with no options will change the password of the account running the command. You
    will first be prompted to enter the account's current password:
    (current) UNIX password:

    If it is correct, you will then be asked to enter a new password:


    Enter new UNIX password:

    ...and to enter the same password again, to verify it:


    Retype new UNIX password:

    If the passwords match, the password will be changed.

    Change another user's password


    sudo passwd jeff

    If you have superuser privileges, you can change another user's password. Here, we prefix the
    command with sudo to run it as the superuser. This command will change the password for user jeff.
    You will not be prompted for jeff's current password.

    Change your password without knowing your current password


    If you need to change your password because you forgot it, you will need to log in to the root account.
    To do this, you will need to know the password for user root.
    Let's say your username is sally, and you can't remember your password. However, you have
    administrator access to the system: you can log in as root, using the password for that account. Log in
    as root, and then from the command line, run:
    passwd sally

    But what if you forgot the password for root as well? In this case, you will need to log in to the
    machine in single-user mode, also known as Runlevel 1. This cannot be done over the network, so you
    will need physical access to the machine to boot into this runlevel.
    Reboot the machine. When it is booting up, you should be presented with a bootloader menu. On many
    systems, such as Debian or Ubuntu, the boot menu will include an option for "Recovery Mode" or
    "Single User Mode" (as in the image below). Select this boot option.
    This option will boot you into a text-only mode, and log you in as root.
    If you need to mount /, do so:
    mount -rw -o remount /

    Now change sally's password:


    passwd sally

    Or root's:
    passwd

    When you're done, reboot your system:


    shutdown -r now

    Start the system normally, and you should be able to log in as sally with the new password.
    Now that we've gone over the most common scenarios for using passwd, let's look at the command in
    more detail. The following sections will describe how the command works, how it can be used, and
    what options can be specified to make use of its different functions.

    Description
    The passwd command changes passwords for user accounts. A normal user can only change the
    password for their own account, but the superuser can change the password for any account. passwd
    can also change or reset the account's validity period — how much time can pass before the password
    expires and must be changed.
    Before a normal user can change their own password, they must first enter their current password for
    verification. (The superuser can bypass this step when changing another user's password.)
    After the current password has been verified, passwd checks to see if the user is allowed to change
    their password at this time. If not, passwd refuses to continue, and exits.
    Otherwise, the user is then prompted twice for a replacement password. Both entries must match for
    passwd to continue.
    Next, the password is tested for complexity. As a general guideline, passwords should consist of at least
    6 characters, including one or more of each of the following:
    • lower case letters
    • digits 0 through 9
    • punctuation marks

    Options
    The following options will change the way passwd operates:

    When used with -S (see below), this option will show the password status for all
    -a, --all
    users. This option will not work if used without -S.
    Delete a user's password (make it empty). This option is a quick way to disable
    -d, --delete
    logins for an account, without disabling the account itself.
    Immediately expire an account's password. This forces a user to change their
    -e, --expire
    password the next time they log in.
    -h, --help Display information about how to use the passwd command.
    This option is used to disable an account after the password has been expired for a
    -i, --inactive
    number of days. After a user account has had an expired password for integer
    INACTIVE
    INACTIVE days, the user may no longer sign on to the account.
    Keep password tokens. Indicates that this user's password should only be changed if
    -k, --keep-tokens
    it has expired.
    Lock the password of the named account. This option disables a password by
    changing it to a value which matches no possible encrypted value. It does this by
    adding a character at the beginning of the encrypted password.

    Note that this does not disable the account. The user may still be able to log in using
    -l, --lock another authentication method (an SSH key, for example). To disable the account,
    the superuser can use the usermod command with the option --expiredate 1. This
    option will set the account's expiration date to a date in the past — namely Jan 2,
    1970.

    Users with a locked password are not allowed to change their password.
    -n, --mindays Set the minimum number of days between password changes to MIN_DAYS. A
    value of zero for this field indicates that the user may change his/her password at
    MIN_DAYS
    any time.
    -q, --quiet Quiet mode; passwd will operate without displaying any output.
    -R, --root For advanced users: this option will apply changes in the chroot directory
    CHROOT_DIR CHROOT_DIR and use the configuration files from the CHROOT_DIR directory.
    Display account status information. The status information consists of 7 fields:

    1. The user's login name


    2. password usability: L if the account has a locked password, NP if the
    account has no password, or P if the account has a usable password
    3. date of the last password change
    4. minimum password age
    -S, --status 5. maximum password age
    6. password warning period
    7. password inactivity period

    In fields 4 through 7, password ages are expressed in days.

    Specifying -a in addition to -S will display password status for all users.


    Unlock the password of the named account. This option re-enables a password by
    -u, --unlock
    changing the password back to its value before the -l option was used to lock it.
    Set the number of days of warning before a password change is required.
    -w, --warndays
    WARN_DAYS is the number of days prior to the password expiring that a user will
    WARN_DAYS
    be warned that their password is about to expire.
    -x, --maxdays Set the maximum number of days a password remains valid. After MAX_DAYS, the
    MAX_DAYS password must be changed.

    Notes
    Password complexity will vary depending on the system. Consult your operating system documentation
    for default complexity rules and how to change them.
    On systems that use NIS (Network Information Services), users may not be able to change their
    password if they are not logged into the NIS server.

    System Files Used By Passwd


    /etc/passwd User account information.
    /etc/shadow Secure user account information.
    /etc/pam.d/passwd PAM configuration for passwd.

    passwd examples
    passwd

    Change your password.


    sudo passwd username

    Change the password for the user named username.


    sudo passwd -S ted

    Check the status of the password for the user named ted. Output will resemble the following:
    ted P 05/13/2014 2 365 7 28

    Here, we see the user's name (ted), followed by a P, indicating that his password is currently valid and
    usable. The password will expire on May 5, 2014. Ted cannot change his password more often than
    every 2 days, and must change the password every 365 days. He will be warned 7 days before a
    required password change, and if he allows his password to expire, his account will be disabled 28 days
    later.
    sudo passwd -S -a

    Similar to the above command, but checks the password status for all user accounts, system-wide.
    sudo passwd -l jane

    Lock the password for user jane. She will be unable to log in until a system administrator unlocks it.
    sudo passwd -u jane

    Unlock jane's password. It will automatically be reset to whatever it was before it was locked, and she
    will be able to log in again.
    sudo passwd -e alan

    Expire alan's password. The next time he logs in, he will be required to set a new password.

    You might also like