Linux Crash Course Series – Using the passwd Command

The passwd command is what you use to change your password on your Linux system, but did you know you can also use it to change the password of other users, lock accounts, and view statistics? In this video, you’ll learn about the passwd command – and there may even be a new thing or two to learn even if you’re already familiar with the command.

YouTube player

Introduction

It’s time to learn the passwd command! This is the command you can use to change your password – or even the password of another user! It’s a simple command and it’s easy to learn so let’s do it!

Thanks to Akamai for sponsoring this video! Check out their awesome cloud platform to set up your very own Linux server!

Basic usage

The basic usage of the passwd command is fairly simple. We type passwd, short for password, and if we enter that command then we’ll be able to change the password for the user we’re currently logged in as.

passwd

After you enter the command, you’ll enter your current password, and then your desired password. If you type everything correctly, then your password will be changed.

Another trick we can do with the passwd command is display some useful information regarding a user account.

passwd -S username

You’ll see output similar to what we see in the above screenshot. From left to right, let’s go over the fields here so we can understand what they mean.

The first field is my username, no surprise there.

After that, I have the letter P shown, which means I have a usable password. If I didn’t I’d have NP here. In addition, if you have L for this field, then that means the password is locked.

Moving on, the third field is the date of the last password change for the user.

Continuing, the fourth field, which is a zero in my case, refers to the number of days that must pass before I can change my password again. A value of 0 means that I can change my password whenever I want to.

For the fifth field, we have 99999. This refers to when my password will next need to be changed again, and is expressed in days. If you see all 9’s here like I do, then that means the password never expires.

The sixth field, 7 in my case, refers to the number of days prior to a password expiring in which the user will start to see password expiration warnings

And finally, the last field, -1 in my case, refers to how many days after password expiration that the account will become locked out.

In addition, since the root user has permission to modify anything on the system, if we use sudo with passwd that gives us the ability to change the password of other users.

sudo passwd

With this variaton, we can change the password of any user on the system. It won’t even ask us for the user’s current password, because with the root account, that doesn’t matter. The root account doesn’t need to provide a password in order to do something.

And then, we’ll check the status of the user, we can see that the user account is currently unlocked. It has P in this field right here.

Let’s look at locking the user:

sudo passwd -l

If we check the status again:

sudo passwd -S

You can see that the password is now locked, hence the L in the field where the P was located earlier.

When it comes to reversing that and unlocking an account, we can use the -u option for that:

sudo passwd -u

And that simply reverses what we did with the -l option, and unlocks the account.

Now, let’s take a look at the -n option, which allows us to configure how many days the current password must exist before it can be changed again. That’s the fourth field in the output of the passwd command.

sudo passwd -n 5

And now, this user must wait five days until they’re allowed to change their password again.

But you might be wondering, why limit this at all? Why not let a user change their password anytime they want to?

But how do you configure when the user’s password expires anyway?

For that, we have the -x option:

sudo passwd -x 30

With this example, we set the user’s password expiry to 30 days from now. If we were in a hurry for whatever reason and wanted to expire the password right now, we can use the -e option:

sudo passwd -e

If you want to force password changes across the server, you can run that command against your user accounts to immediately require a password change.

Finally, another option I’ll give you is the -d option:

sudo passwd -d

And what that does, is deletes the users password. This will cause the user to be unable to log in, similar to locking the account with -l. The difference is that by deleting the password, you’re preventing the account from being logged in to, but the account can still be used otherwise. For example, if you had a user retire from the company and they ran an important script, you can delete the password to prevent someone logging in to the account, but since you didn’t lock it, you can switch to that user and run commands as that user – you just won’t be able to log in as that user.

And there we go, now we know the passwd command!