Linux Commands – passwd

Linux Commands – passwd

Linux Commands – passwd

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we have discussed useradd command in Linux which is used to create a new user in Linux.

https://cloudaffaire.com/linux-commands-useradd/

In this blog post, we will discuss passwd command in Linux. passwd command is used to add, update, or delete the user’s password. You can update your own password using passwd command but if you want to update or set other user passwords, you need to have root privileges.

Linux Commands – passwd:

You can use passwd command to set, update, or delete user password.

You can use passwd -S or –status options to output a short information about the status of the password for a given account. The status information consists of 7 fields. Below is the meaning of each field:

  1. User login name
  2. User account status (LK – locked password, NP – no password, PS – usable password)
  3. User last password change date
  4. Minimum password age in days.
  5. Maximum password age in days.
  6. Warning period in days.
  7. Inactivity period in days.

Note: The date of the last password change is stored as a number of days since epoch. Depending on the current time zone, the passwd -S username may show the date of the last password change that is different from the real date of the last password change by ±1 day.

You can use passwd -l or –lock options to lock the password of the specified account. The locking is performed by rendering the encrypted password into an invalid string (by prefixing the encrypted string with an !).

Note: The user can still log in by other means of authentication such as the ssh public key authentication. Use chage -E 0 user command instead for full account locking.

You can use passwd -u or –unlock options to unlock the account password by removing the ! prefix (reverse of the -l option). By default, passwd will refuse to create a passwordless account (it will not unlock an account that has only “!” as a password). The force option -f will override this protection.

You can use passwd -d or –delete options to delete a password for an account. It will set the named account passwordless.

You can use passwd -f or –force option to force the specified operation. For example, passwd will refuse to unlock a locked passwordless account. The force option -f can override this protection.

You can use passwd –stdin option to indicate that passwd should read the new password from standard input, which can be a pipe.

You can use passwd -e or –expire options to expire a password for an account. The user will be forced to change the password during the next login attempt.

You can use passwd -n or –minimum DAYS options to set the minimum password lifetime, in days, if the user’s account supports password lifetimes.

You can use passwd -x or –maximum DAYS options to set the maximum password lifetime, in days, if the user’s account supports password lifetimes.

You can use passwd -w or –warning DAYS options to set the number of days in advance the user will begin receiving warnings that her password will expire if the user’s account supports password lifetimes.

You can use passwd -i or –inactive DAYS options to set the number of days which will pass before an expired password for this account will be taken to mean that the account is inactive and should be disabled if the user’s account supports password lifetimes.

You can use passwd -k or –keep options to enable user to update his password only when it expired. If the password is still active then the user will not be able to update his password. But I am unable to repro this option in my RHEL based system. In some other blog, its mentioned that this option only works on Debian based system. If you have an idea, please write in the comment section.

Hope you have enjoyed this article. In the next blog post, we will discuss chage command in Linux.

 

Leave a Reply

Close Menu