How to Manage Your User Password from the Terminal in Linux

Manage Passwords Linux Command Line

Like with so many things in the Linux world, passwords are most easily managed directly from the command line. The passwd utility was designed to allow you quick and easy access to all of the password-related commands on your system. You can use it to change and manage your own password as well as the passwords of other users on your system. You can also use it to disable password authentication for a user, lock a user’s account, and set mandatory expiration dates, all to keep your system secure.

Let’s take a look at the passwd utility and how you can use it to manage your password in Linux.

Chang your password passwd

First, the easiest thing you can do with the passwd utility is change your own password. Just use the passwd command with nothing else.

It’ll ask you to supply your current password followed by your new one.

Change a user's password passwd

With root privileges or sudo, you can change someone else’s password, too. Just give passwd the account username for the password you want to change.

This time it won’t ask for their current password. It will only ask for you to set a new one.

You can just as easily lock a user’s account by locking their password. This will make them unable to sign in using a password. Other methods, like SSH keys, will still work. In order to lock an account, you’ll need sudo and the -l flag.

You can unlock an account, too, with the -u flag.

Locking Root

If, for security reasons, you want to lock all access to the root account, leaving sudo the only way to manage the system, you can do that, too.

It works the same as with any other user.

You can also choose to set a user with an empty password. This is a really bad idea for security, but it can save you a lot of hassle on things like multimedia PCs that you don’t necessarily need to secure that way. Once again, passwd has a simple flag to remove a user’s password, making it blank.

It’s fairly common to set passwords to expire every so often. It’s a good security measure that prevents stale user passwords from compromising a system. If you’re running a system in a business situation, it’s hard to control what your customers use as their passwords and whether they get compromised. Forcing them to change their password after a set time frame will force your users to keep fresh passwords and reduce the risk of a breach.

Set Password expiration length

Use the -x flag followed by the number of days you want the user’s password to be valid.

That will set the user’s password to expire after thirty days.

Remind the user about password expiration

You can also set up a system to warn the user that their password will expire soon. Use the -w flag with the amount of days before expiration to automatically warn the user to change their password.

If you know there has already been an issue with a user’s password, you can automatically make their password expire. This will force them to set a new one immediately.

That’s all you really need to get started with passwd. If you’d like to see more of what it can do, check out the utility’s man page.

It’ll tell you everything that you can do with passwd. Passwd is an invaluable tool for Linux administrators. Even if you’re not running a big business server, you can still take advantage of passwd to keep your desktop more secure.

2 comments

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.

Sponsored Stories