A password(commonly knows as passwd in linux) is an unspaced sequence of characters used to determine that a computer user requesting access to a computer system is really that particular user. Typically, users of a multiuser or securely protected single-user system claim a unique name (called a user ID) that can be generally known. In order to verify that someone entering that user ID really is that person, a second identification, the password, known only to that person and to the system itself, is entered by the user. Most networks require that end users change their passwords on a periodic basis.
The passwd command is used to create and change the password of a user account. A normal user can run passwd to change their own password, and a system administrator (the superuser ROOT) can use passwd to change another user’s password, or define how that account’s password can be used or changed.
passwd [OPTION] [USER] Usage: passwd [OPTION...] <accountName> -k, --keep-tokens keep non-expired authentication tokens -d, --delete delete the password for the named account (root only) -l, --lock lock the named account (root only) -u, --unlock unlock the named account (root only) -f, --force force operation -x, --maximum=DAYS maximum password lifetime (root only) -n, --minimum=DAYS minimum password lifetime (root only) -w, --warning=DAYS number of days warning users receives before password expiration (root only) -i, --inactive=DAYS number of days after password expiration when an account becomes disabled (root only) -S, --status report password status on the named account (root only) --stdin read new tokens from stdin (root only)
Change the password for Normal user
When you logged in as non-root user like user1 in my case and run passwd command then it will reset password of logged in user.
[[email protected] ~]$ passwd Changing password for user user1. Changing password for user1. (current) UNIX password: New password: Retype new password: passwd: all authentication tokens updated successfully.
When you logged in as root user and run passwd command then it will reset the root password by default and if you specify the user-name after passwd command then it will change the password of that particular user.
Display Password Status Information
To display password status information of a user , use -S option in passwd command.
[[email protected] ~]# passwd -S user1 user1 PS 2016-04-21 0 99999 7 -1 (Password set, SHA512 crypt.)
In the above output first field shows the user name and second field shows Password status ( PS = Password Set , LK = Password locked , NP = No Password ), third field shows when the password was changed and last & fourth field shows minimum age, maximum age, warning period, and inactivity period for the password.
we can display password status information for all users at a time by using the option –Sa
[email protected]:~# passwd -Sa
Removing Password of a User
we can remove the password for particular user by using option -d
[[email protected] ~]# passwd -d user1 Removing password for user user1. passwd: Success [[email protected] ~]#
Lock the password of System User
Use ‘-l‘ option in passwd command to lock a user’s password, it will add “!” at starting of user’s password. A User can’t Change it’s password when his/her password is locked.
[[email protected] ~]# passwd -l user1 Locking password for user user1. passwd: Success
Unlock User’s Password using -u option
use -u option to unlock the user accounts locked by passwd -l option
[[email protected] ~]# passwd -u user1 Unlocking password for user user1. passwd: Success
Setting inactive days using -i option
use -i option along with passwd command to set inactive days for a system user. This will come into the picture when password of user expired and user didn’t change its password in ‘n‘ number of days ( i.e 7 days in my case) then after that user will not able to login.
[[email protected] ~]# passwd -i 7 user1 Adjusting aging data for user user1. passwd: Success [[email protected] ~]# passwd -S user1 user1 PS 2016-04-21 0 99999 7 7 (Password set, SHA512 crypt.) [[email protected] ~]#
Setting Minimum No.of Days to Change Password using passwd -n option
Using the option -n along with passwd command we can set the minimum number of days to change the password. A value of zero shows that user can change it’s password in any time.
[[email protected] ~]# passwd -n 90 user1 Adjusting aging data for user user1. passwd: Success [[email protected] ~]# passwd -S user1 user1 PS 2016-04-21 90 99999 7 7 (Password set, SHA512 crypt.) [[email protected] ~]#
Setting the Warning days before password expire using passwd -w option
Using the option -w along with passwd can be used to set the warning days before the password expires.
[[email protected] ~]# passwd -w 30 user1 Adjusting aging data for user user1. passwd: Success [[email protected] ~]# chage -l user1 Last password change : Apr 21, 2016 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 90 Maximum number of days between password change : 99999 Number of days of warning before password expires : 30 [[email protected] ~]#
In the next artical we discuss about password management by using the chage command
Read also How to reset the forgotten root password