Categories: How-To

Passwd command on Linux (password management) [Basic Guide]

The passwd command on Linux enters the password for a given user account. If the user account is not provided as a parameter, passwd changes the password of the account currently used. For security reasons, it is not possible to pass the password on the command line.

The available option is:

-l: This option locks the user’s account by adding the “!” sign in Debian, or the “!!” sign in Redhat, in the password field of the /etc/shadow file, so that the password string is no longer accepted. It is important to say that, if the user uses another authentication method that does not require a password, such as an SSH key, he will still log in to the system. To permanently lock a user, it is recommended to use the command “usermod —e” to indicate that your account has expired.
-u: This option reverses the “-l” option, removing the exclamation “!” and unlocking the password.
-d: This option erases the account password, leaving the account without a password.
-e: This option forces the password to expire, forcing the user to change their password the next time they log in.
-n z: This option sets a minimum of Z days to live for a password.
-x z: This option sets a maximum of Z days to live for a password.
-w z: This option configures the number of Z days to live for a password.
-i z: This option configures the number Z days between the password is expired and the account is inactive.
-S: This option shows account status information.

Only root can change the password of other users. An ordinary user can run passwd to change their own password.

To change the Uira user’s password:

# passwd uira Enter new password for 'uira':

To view a user’s password status:

# passwd -S jira 
jira PS 2019-04-11 0 99999 7 -1 (Password set, SHA512 crypt.)

To block a user account:

# passwd -l uira 
Locking password for user uira.

passwd: Success

Notice that the status of the blocked account is changed to “LK”:

# password -W jira 
jira OK 2019-04-11 0 99999 7 -1 (Password locked.)

Thus, the password in the /etc/shadow file got two asterisks “!!”

# cat /etc/shadow |grep uira 
uira:!! $6$mqpxvbfi$zikapiccjtbcvlrphut.zesmqvvlhszjmhtjwofhov.6esz3w8g.iw7fogumnb9240knkk8.5kpcqkqn/wsgm/: 17998:0:99999:7::

To unlock a password:

# passwd -u uira 
Unlocking password for user uira.

passwd: Success

Now the status is back to “PS”:

# passwd -S jira 
jira PS 2019-04-11 0 99999 7 -1 (Password set, SHA512 crypt.)

To set a password to expire in 30 days:

# passwd -x 30 hours 
Adjusting aging data for user uira.

passwd: Success

Notice that the password has expired to 30 days:

# passwd -S jira 
jira PS 2019-04-11 0 30 7 -1 (Password set, SHA512 crypt.)

Learn much more about Linux in our online course. You can register here. If you already have an account, or want to create one, just log in or create your user here.

Did you like it?

Uirá Endy Ribeiro

Uirá Endy Ribeiro is a Software Developer and Cloud Computing Architect with a 23-year career. He has master's degrees in computer science and fifteen IT certifications and is the author of 11 books recognized in the IT world market. He is also Director at Universidade Salgado de Oliveira and Director of the Linux Professional Institute - LPI Director's Board.

Uirá Endy Ribeiro