Back to Commands

passwd

userLinux/Unix

The passwd command is one of the most frequently used commands in Linux/Unix-like operating systems. passwd Change user password

See Examples View Syntax

Quick Reference

Command Name:

passwd

Category:

user

Platform:

Linux/Unix

Basic Usage:

passwd [options] [arguments]

Common Use Cases

Syntax

passwd [options] [username]

Options

Option	Description
`-a, --algorithm ALGORITHM`	Specify the encryption algorithm (DES, MD5, SHA256, SHA512)
`-d, --delete`	Delete a user's password (make it empty)
`-e, --expire`	Force password change on next login
`-h, --help`	Display help message and exit
`-i, --inactive DAYS`	Set password inactive after expiration (disable account)
`-k, --keep-tokens`	Keep non-expired authentication tokens
`-l, --lock`	Lock the password of the named account
`-n, --minimum DAYS`	Set minimum number of days before password change
`-q, --quiet`	Quiet mode
`-r, --repository REPOSITORY`	Change password in repository REPOSITORY
`-R, --root CHROOT_DIR`	Apply changes in the CHROOT_DIR directory
`-S, --status`	Report password status on the named account
`-u, --unlock`	Unlock the password of the named account
`-w, --warn DAYS`	Set number of days of warning before password expires
`-x, --maximum DAYS`	Set maximum number of days before password change

Examples

How to Use These Examples

The examples below show common ways to use the passwd command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

# Basic Examples Basic

passwd

Change your own password.

sudo passwd username

Change the password for a specific user.

# Advanced Examples Advanced

sudo passwd -l username Lock a user's password, preventing the user from logging in. sudo passwd -u username Unlock a previously locked password. sudo passwd -e username Expire a user's password, forcing them to change it on next login. sudo passwd -S username Display password status information for a user. sudo passwd -d username Delete a user's password (make it empty). passwd -a sha512 Set password encryption algorithm to SHA512. sudo passwd -x 90 -n 7 -w 7 username Set password to expire in 90 days, with minimum age of 7 days and a warning 7 days before expiry.

Try It Yourself

Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

Understanding Syntax

Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

Notes

The passwd command is a fundamental tool in Unix and Linux operating systems used to change user account passwords. Originally designed as a simple utility to modify the password for the current user, it has evolved into a comprehensive tool with multiple features for password and account management. Passwd works by modifying the /etc/passwd and /etc/shadow files (or equivalent database in systems using alternative authentication mechanisms), which store user account information including encrypted passwords. When invoked without arguments, passwd prompts the current user to change their password, requiring both the old password (for verification) and the new password (entered twice for confirmation). Key features of the passwd command: 1. Password Management: Beyond basic password changes, passwd provides options for setting password aging policies, including expiration dates, minimum and maximum lifetimes, and warning periods. 2. Account Control: System administrators can use passwd to lock or unlock accounts, effectively enabling or disabling login capabilities without deleting the account or changing its password. 3. Password Quality Enforcement: Modern implementations of passwd integrate with PAM (Pluggable Authentication Modules) to enforce password complexity requirements, preventing users from choosing weak or previously used passwords. 4. Security Algorithms: Passwd supports multiple password encryption algorithms, with modern systems typically using strong hashing methods like SHA-512 with salting to protect stored passwords. 5. Status Reporting: The command can display information about a user's password status, including when it was last changed, whether it's expired, and details about aging policies. 6. System Integration: Passwd works with various system authentication mechanisms, including local password files, LDAP directories, and other centralized authentication systems. Common use cases for passwd include: - Regular password changes for security maintenance - Administrative password resets when users forget their passwords - Implementing password policies such as expiration and complexity requirements - Temporarily disabling accounts by locking passwords - Forcing users to change initial or reset passwords on their next login - Configuring password-less accounts for specific system purposes While passwd remains a critical system administration tool, modern enterprise environments often supplement or replace direct passwd usage with centralized identity management systems that provide additional features for password policy enforcement, synchronization across multiple systems, and self-service password recovery. The security implications of passwd are significant, as it directly affects system access control. Proper configuration of passwd-related settings, especially in the PAM system and /etc/login.defs file, is essential for maintaining system security. This includes setting appropriate password complexity requirements, aging policies, and account lockout parameters to protect against brute force attacks and password guessing.

Related Commands

These commands are frequently used alongside passwd or serve similar purposes:

Explore All Commands

Use Cases

Learn By Doing

The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the passwd command works in different scenarios.

See Examples Try Lab Exercises

$ passwd

View All Commands