The passwords for user accounts often need to be changed. This is mostly done by the users themselves, but often, they have to be overridden by the administrator to control any illegitimate activity by any of the users. Because of these reasons, Linux provides a wide range of options for user account password management. We have discussed some of these useful options below:
Self password change:
The password of the user itself can be changed using the passwd command provided by Linux. This is how you can change the password of the user you’re logged in with. Just open up the command line, and type in:
passwd
This will open up a prompt asking for the current password, and then the new password, and its repeated confirmation. The passwords aren’t shown in the terminal, so that they are not visible to any person that might be around the system.
Sample output:
pulkit@hostname:~$ passwd Changing password for pulkit. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully pulkit@hostname:~$
Changing the password of another user
This requires root access, as only the root can add, remove or change the password of any other user on the system. You will need to know the administrator password. Therefore, the command becomes:
sudo passwd <username>
Sample output:
pulkit@hostname:~$ sudo passwd testuser [sudo] password for pulkit: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully pulkit@hostname:~$
Or if you’re logged in with the “root” user you can just use the command without “sudo”.
Checking password status
Seeing the status of a password is also made easy in Linux. There are a lot of criteria and properties that a password may have, and these are the commands that can be used to view those:
passwd -S <username>
Sample output:
pulkit@hostname:~$ passwd -S pulkit pulkit P 04/15/2019 0 99999 7 -1 pulkit@hostname:~$
The displayed properties are as follows:
- pulkit : User name
- P : Password status:
- P : Active password
- L : Locked password
- NP : No password
- 04/15/2019 : Date of last password change
- 0 : Password expiry minimum age
- 99999 : Password expiry maximum age (99999 basically means never)
- 7 : Password expiry warning period
- -1 : Inactivity period (-1 means never)
This output is a bit cryptic. There is another command that displays this information in a better way. The syntax is as follows:
chage -l <username>
Sample output:
pulkit@hostname:~$ chage -l pulkit Last password change : Apr 15, 2019 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 pulkit@hostname:~$
Deleting a password
This option sets an account essentially password-less, so that anyone can log into it. This is not useful in most personal computers, but for a home PC, that’s what most people use, or for a system that needs to be open to anyone who attempts to use it, this option is essential. This command also requires root access. To delete the password of a user, use the following syntax:
sudo passwd -d <username>
Sample output:
pulkit@hostname:~$ sudo passwd -d testuser [sudo] password for pulkit: passwd: password expiry information changed. pulkit@hostname:~$
Force a user to change their password
This is a very useful feature, especially for Linux administrators. What this command basically does is expire the password of the mentioned user, so that the user has to forcefully change the existing password at their next login. This obviously requires root access as well. The command to be entered is this:
sudo passwd --expire <username>
Sample output:
pulkit@hostname:~$ sudo passwd --expire testuser passwd: password expiry information changed.
su allows you to log in as another user.
pulkit@hostname:~$ su testuser Password: You are required to change your password immediately (root enforced) Changing password for testuser. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: testuser@hostname:/home/pulkit$
You can test these commands out on a Linux server at Vultr.
Conclusion
That is all for the major operations regarding changing user passwords in Linux. Some of these options are exclusively for the root user, but that makes sense even for personal systems, as user management is often required in case of password loss, or something else of the sort. The root user is allowed to overpower any other user. The root account is not something to be played around with. You must always use the root account carefully.
Another common use-case is in servers. The upside to using a server is that in some cases you can still access the server via a web console, even if you locked yourself out of the server.
These instructions work for any Linux distro, including Ubuntu, CentOS, Debian, Fedora, etc.
Let us know if you have any questions in the comments below.
