Like with so many things in the Linux world, passwords are most easily managed directly from the command line. The
passwd utility was designed to allow you quick and easy access to all of the password-related commands on your system. You can use it to change and manage your own password as well as the passwords of other users on your system. You can also use it to disable password authentication for a user, lock a user’s account, and set mandatory expiration dates, all to keep your system secure.
Let’s take a look at the
passwd utility and how you can use it to manage your password in Linux.
Change Your Password
First, the easiest thing you can do with the passwd utility is change your own password. Just use the
passwd command with nothing else.
It’ll ask you to supply your current password followed by your new one.
Change Someone Else’s Password
With root privileges or sudo, you can change someone else’s password, too. Just give passwd the account username for the password you want to change.
sudo passwd username
This time it won’t ask for their current password. It will only ask for you to set a new one.
Locking a Password
You can just as easily lock a user’s account by locking their password. This will make them unable to sign in using a password. Other methods, like SSH keys, will still work. In order to lock an account, you’ll need sudo and the
sudo passwd -l username
You can unlock an account, too, with the
sudo passwd -u username
If, for security reasons, you want to lock all access to the root account, leaving sudo the only way to manage the system, you can do that, too.
sudo passwd -l root
It works the same as with any other user.
Using an Empty Password
You can also choose to set a user with an empty password. This is a really bad idea for security, but it can save you a lot of hassle on things like multimedia PCs that you don’t necessarily need to secure that way. Once again, passwd has a simple flag to remove a user’s password, making it blank.
sudo passwd -d username
It’s fairly common to set passwords to expire every so often. It’s a good security measure that prevents stale user passwords from compromising a system. If you’re running a system in a business situation, it’s hard to control what your customers use as their passwords and whether they get compromised. Forcing them to change their password after a set time frame will force your users to keep fresh passwords and reduce the risk of a breach.
-x flag followed by the number of days you want the user’s password to be valid.
sudo passwd -x 30 username
That will set the user’s password to expire after thirty days.
You can also set up a system to warn the user that their password will expire soon. Use the
-w flag with the amount of days before expiration to automatically warn the user to change their password.
sudo passwd -w 5 username
If you know there has already been an issue with a user’s password, you can automatically make their password expire. This will force them to set a new one immediately.
sudo passwd -e username
That’s all you really need to get started with passwd. If you’d like to see more of what it can do, check out the utility’s man page.
It’ll tell you everything that you can do with passwd. Passwd is an invaluable tool for Linux administrators. Even if you’re not running a big business server, you can still take advantage of passwd to keep your desktop more secure.
Our latest tutorials delivered straight to your inbox