Unix-like operating systems. including Linux, were developed right from the start as preemptive multitasking and multi-user systems.
Multitasking refers to an operating system in which multiple processes, also called tasks, can execute (i.e., run) on a single computer seemingly simultaneously and without interfering with each other. Each process has the illusion that it is the only process on the computer and that it has exclusive access to all the services of the operating system.
[ You might also like: Sysadmin security: 8 Linux lockdown controls ]
Linux is multi-user because it allows multiple people to use a computer and not affect each other's files, processes, preferences, etc.
Because there could be multiple users on the system, it is, therefore, necessary to manage their authentication. Authentication is primarily handled with passwords and public keys. One of the many tools available we use to set up passwords is the passwd
command.
The passwd command
The passwd
command changes passwords for user accounts. A normal user may only change the password for their own account, while the superuser may change the password for any account. passwd
also changes the account or associated password validity period. This task is achieved through calls to the Linux-PAM and libuser API.
In this article, I am assuming there are already users created on the system with useradd
or some other command.
We can see users created on the system with this command:
[root@server ~]# cat /etc/passwd
Use the man page as a reference for passwd
. As with all Linux commands, there is a synopsis, which details how the command is used. The man page synopsis for passwd
is as below:
passwd [options] [LOGIN]
Running the passwd command without any argument will ask for a change of password for the user logged in.
Options
Here is an explanation of some of the options for the passwd
command:
passwd -S <username>
The -S
option displays the status of user account password settings.
For example:
# passwd -S evans
evans PS 2020-09-07 0 99999 7 -1 (Password set, SHA512 crypt.)
The output above shows the account evans was created on 7th September 2020 and has a password set with SHA512 encryption.
passwd -l <username>
The -l
option is used to lock the password of a specified account, and it is available to root only. The result is that the user cannot use the password to log in to the system but can use other means such as SSH public key authentication.
For example:
# passwd -l user1
passwd -u <username>
This option will unlock the password. This option works for an account that already has the password locked.
For example:
# passwd -u user2
passwd -d <username>
This is a quick way to delete a password for an account.
For example:
# passwd -d user1
passwd -e <username>
This is a quick way to expire a password for an account. The user will be forced to change the password during the next login attempt.
For example:
# passwd -e user2
passwd -n <no of days> <username>
This sets the number of days before a password can be changed. By default, a value of zero is set, which indicates that the user may change their password at any time.
For example:
# passwd -n 10 user2
This means user2 cannot change its own password until 10 days have passed.
To confirm the password setting made with the -n
option above, run the following command:
# passwd -S user1
user1 PS 2020-12-04 10 99999 7 -1 (Password set, SHA512 crypt.)
The value of 10 after the date indicates the minimum number of days until the password can be changed.
passwd -x <no of days> <username>
Set the maximum number of days a password remains valid. After MAX_DAYS, the password is required to be changed.
For example:
# passwd -x 90 user2
This means after 90 days, the password is required to be changed.
Confirm the setting with passwd -S user1
[root@server ~]# passwd -S user1
user1 PS 2020-12-04 10 90 7 -1 (Password set, SHA512 crypt.)
The value of 90 after 10 indicates the maximum password lifetime.
passwd -w <no of days> <username>
This will set the number of days in advance the user will begin receiving warnings that the password will expire.
For example:
# passwd -w 7 user2
This means the user will receive warnings that the password will expire 7 days before the expiration.
passwd -i <no of days> <username>
This option is used to disable an account after the password has been expired for a number of days. After a user account has had an expired password for INACTIVE days, the user may no longer sign on to the account.
For example:
# passwd -i 5 user2
This means after a user account has had an expired password for 5 days, the user may no longer sign on to the account.
passwd --stdin <username>
This option indicates that passwd
should read the new password from standard input, which can be a pipe.
For example:
# echo "userpasswd1"|passwd --stdin user1
This command will read from the echo
command and pass it to the passwd
command. So this will set the user1 password to userpasswd1.
[ Download now: A sysadmin's guide to Bash scripting. ]
Wrap up
The passwd
command is quite popular to manage user accounts on your Linux system. It manipulates some of the entries in the /etc/passwd
file, and the sysadmin should have this in his toolbox.
About the author
I work as Unix/Linux Administrator with a passion for high availability systems and clusters. I am a student of performance and optimization of systems and DevOps. I have passion for anything IT related and most importantly automation, high availability, and security.
More like this
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit