Skip to content
Linux Academy by Uirá Ribeiro

Passwd command on Linux (password management)

The passwd command on Linux enters the password for a given user account. If the user account is not provided as a parameter, passwd changes the password of the account currently used. For security reasons, it is not possible to pass the password on the command line.

The available option is:

  • -l: This option locks the user’s account by adding the “!” sign in Debian, or the “!!” sign in Redhat, in the password field of the /etc/shadow file, so that the password string is no longer accepted. It is important to say that, if the user uses another authentication method that does not require a password, such as an SSH key, he will still log in to the system. To permanently lock a user, it is recommended to use the command “usermod —e” to indicate that your account has expired.
  • -u: This option reverses the “-l” option, removing the exclamation “!” and unlocking the password.
  • -d: This option erases the account password, leaving the account without a password.
  • -e: This option forces the password to expire, forcing the user to change their password the next time they log in.
  • -n z: This option sets a minimum of Z days to live for a password.
  • -x z: This option sets a maximum of Z days to live for a password.
  • -w z: This option configures the number of Z days to live for a password.
  • -i z: This option configures the number Z days between the password is expired and the account is inactive.
  • -S: This option shows account status information.

Only root can change the password of other users. An ordinary user can run passwd to change their own password.

To change the Uira user’s password:

# passwd uira Enter new password for 'uira':

To view a user’s password status:

# passwd -S jira <br></br>jira PS 2019-04-11 0 99999 7 -1 (Password set, SHA512 crypt.)

To block a user account:

# passwd -l uira <br></br>Locking password for user uira.

passwd: Success Notice that the status of the blocked account is changed to “LK”:

# password -W jira <br></br>jira OK 2019-04-11 0 99999 7 -1 (Password locked.)

Thus, the password in the /etc/shadow file got two asterisks “!!”

: ```

cat /etc/shadow |grep uira

uira:!! $6$mqpxvbfi$zikapiccjtbcvlrphut.zesmqvvlhszjmhtjwofhov.6esz3w8g.iw7fogumnb9240knkk8.5kpcqkqn/wsgm/: 17998:0:99999:7::

To unlock a password:

passwd -u uira

Unlocking password for user uira.

passwd: Success Now the status is back to “PS”:

passwd -S jira

jira PS 2019-04-11 0 99999 7 -1 (Password set, SHA512 crypt.)

To set a password to expire in 30 days:

passwd -x 30 hours

Adjusting aging data for user uira.

passwd: Success Notice that the password has expired to 30 days:

passwd -S jira

jira PS 2019-04-11 0 30 7 -1 (Password set, SHA512 crypt.)

Learn much more about Linux in our online course. You can register here. If you already have an account, or want to create one, just log in or create your user here.


Did you like it?
-----------------


Share