HxHippy

passwd

Update user`s authentication tokens (passwords)

Overview

The passwd command changes passwords for user accounts. A normal user may only change the password for their own account, while the superuser may change the password for any account. It can also be used to manage password policies like expiry, warning periods, etc.

Syntax

passwd [OPTION]... [LOGIN]

Common Options

-d, --delete

Delete a user’s password (make it empty). Only root can do this. This is a quick way to disable a password for an account.

-e, --expire

Immediately expire an account’s password. This forces a user to change their password at their next login. Only root can do this.

-l, --lock

Lock the named account. This option disables a password by changing it to a value that matches no possible encrypted value (it prepends a '!' to the password). Only root can do this.

-u, --unlock

Unlock the named account. This option re-enables a password by changing it back to its previous value (the value before using the -l option). Only root can do this.

-S, --status

Display account status information. The status information includes login name, password status (L=locked, NP=no password, P=usable password), date of last password change, min/max age, warning, and inactivity period.

-n days, --minimum days

Set minimum number of days between password changes to `days`. (Root only)

-x days, --maximum days

Set maximum number of days that password is valid to `days`. (Root only)

-w days, --warning days

Set number of days warning user receives before password expires to `days`. (Root only)

-i days, --inactive days

Set number of days after password expires that account is disabled to `days`. (Root only)

--stdin

Read new password from standard input (use with caution, especially in scripts).

Examples

$ passwd

Allows the current logged-in user to change their own password.

$ sudo passwd someuser

Allows the superuser to change the password for someuser.

$ sudo passwd -l user_to_lock

Locks the account password for user_to_lock.

$ sudo passwd -u user_to_unlock

Unlocks the account password for user_to_unlock.

$ sudo passwd -d user_with_no_pass

Deletes the password for user_with_no_pass, allowing login without a password (generally not recommended).

$ sudo passwd -e user_force_change

Forces user_force_change to set a new password upon their next login.

$ sudo passwd -S anotheruser

Shows detailed password status information for anotheruser.

$ sudo passwd -x 90 -n 7 -w 14 some_user

Sets password policies for some_user: expires in 90 days, min 7 days between changes, 14-day warning.

$ echo "NewPa$$w0rd" | sudo passwd --stdin an_account

Sets the password for an_account using stdin (be extremely cautious with this method).

passwordchangeuseraccountsecuritypolicylockunlockexpirepasswd