passwd command in linux is used to change the user password.
passwd [OPTIONS] [LOGIN]
where LOGIN means the user’s login name. Giving the LOGIN is optional which means that a normal user can change only his/her password whereas the Super user or the admin can change any user’s password by specifying his/her LOGIN. Hence, the Admin can control any users account.
Example to use passwd command in Linux
Changing password for xxxx.
(current) UNIX password: <type current password. It will not be visible>
Enter new UNIX password: <type new password>
Retype new UNIX password: <type new password again>
As a general guideline, passwords should consist of 6 to 8 characters including one or more characters from each of the following sets:
- lower case alphabets
- digits 0-9
- punctuation marks
Changing password of any other user
we can change the Password of any user in two different ways by using passwd command in linux.
- By the administrator – the admin can change the password of any user by passing the user name as an argument to passwd command
For Example: Lets change password of user u1.
2. By using sudo command – this is possible if the current user belongs to the sudoers group.
For Example: In the example below, a user baljit is changing password for another user u1.
Explanation: after using $sudo passwd u1 command enter the password for the current user. In the above example baljit and then the new password for user u1.
Using Options with passwd command in linux
1. Deleting the password of a user
-d : option deletes the password for the user i.e. the user will be able to login without the need of password. So, this is helpful when the user forgets his/her password.
For Example: Before using –d, the user is required to enter password for login
Then we use –d to delete the password for the user u1
After using –d, when the user u1 tries to login again, now the system do not ask for any password.
2. Locking a user password
-l : option lock’s the user password.
Thus, once the password is locked the user will not be able to login.
The output shows “Login incorrect” even when correct password was used for user u1.
3. Unlocking the user password
-u : option unlocks the password which was locked using –l. Thus, Continuing from the previous example where the password of user u1 was locked, we use –u to unlock it.
Now, after unlocking the user will be able to login again using the same password as earlier.
4. Expire user password
-e : is used to expire the user password. In other words it forces the user to change the password in the next login attempt.
Now when the user u1 tries to login again he gets a prompt to change the password as shown below.
5. To set minimum password life time
-n : option sets the minimum password lifetime in days i.e. the minimum number of days the user has to wait until the password can be changed again. By default this limit is ‘0’ days i.e., the password can be changed whenever the user wants. The figure below shows that the user u1 logs in and is able to reset the password multiple times (twice in this example) because the lower limit is set.
Next we use –n option to set the minimum limit before password change as shown below.
Here, -n 5 means that the user will not be able to change the password for next 5 days. Now, if the user tries to change the password, he will not be allowed to do so.
6. To set maximum password life time
-x : option sets the maximum password lifetime in days i.e. the maximum number of days after which the user has to change the password. By default this limit is ‘99999’ days.
This means that the user u1 will have to change the password after every 30 days.
7. To set password expiry warning time
-w : will set the number of days in advance the user will begin receiving warnings that his/her password will expire, if the user’s account supports password lifetimes. By default the value is 7.
The above example will change the limit to 2 days.
Now, if you set the maximum limit of password expire to be 1 day with –x option ( doing this just to demonstrate the use of –w J). Hence, When the user logs in next time the output will be as below
8. To set inactive days limit
-i : option sets the limit on number of days after a password expires and the account is considered as inactive and finally disabled automatically.
This mean that if the password of the user u1 expires on October 1, 2019 and the user does not reset it till October 6, 2019, the account for user u1 will be automatically disabled.
Sample questions for passwd command in linux
Q1. User Chris has not changed his password for one year. As an admin you want that Chris should change his password immediately on next login, what are your options?
Q2. Which file’s content can be directly modified to change the UID of a user by the admin?