passwd

userLinux/Unix
The passwd command is one of the most frequently used commands in Linux/Unix-like operating systems. passwd Change user password

Quick Reference

Command Name:

passwd

Category:

user

Platform:

Linux/Unix

Basic Usage:

passwd [options] [arguments]

Common Use Cases

    Syntax

    passwd [options] [username]

    Options

    Option Description
    -a, --algorithm ALGORITHM Specify the encryption algorithm (DES, MD5, SHA256, SHA512)
    -d, --delete Delete a user's password (make it empty)
    -e, --expire Force password change on next login
    -h, --help Display help message and exit
    -i, --inactive DAYS Set password inactive after expiration (disable account)
    -k, --keep-tokens Keep non-expired authentication tokens
    -l, --lock Lock the password of the named account
    -n, --minimum DAYS Set minimum number of days before password change
    -q, --quiet Quiet mode
    -r, --repository REPOSITORY Change password in repository REPOSITORY
    -R, --root CHROOT_DIR Apply changes in the CHROOT_DIR directory
    -S, --status Report password status on the named account
    -u, --unlock Unlock the password of the named account
    -w, --warn DAYS Set number of days of warning before password expires
    -x, --maximum DAYS Set maximum number of days before password change

    Examples

    How to Use These Examples

    The examples below show common ways to use the passwd command. Try them in your terminal to see the results. You can copy any example by clicking on the code block.

    # Basic Examples Basic
    passwd
    Change your own password.
    sudo passwd username
    Change the password for a specific user.
    # Advanced Examples Advanced
    sudo passwd -l username Lock a user's password, preventing the user from logging in. sudo passwd -u username Unlock a previously locked password. sudo passwd -e username Expire a user's password, forcing them to change it on next login. sudo passwd -S username Display password status information for a user. sudo passwd -d username Delete a user's password (make it empty). passwd -a sha512 Set password encryption algorithm to SHA512. sudo passwd -x 90 -n 7 -w 7 username Set password to expire in 90 days, with minimum age of 7 days and a warning 7 days before expiry.

    Try It Yourself

    Practice makes perfect! The best way to learn is by trying these examples on your own system with real files.

    Understanding Syntax

    Pay attention to the syntax coloring: commands, options, and file paths are highlighted differently.

    Notes

    The passwd command is a fundamental tool in Unix and Linux operating systems used to change user account passwords. Originally designed as a simple utility to modify the password for the current user, it has evolved into a comprehensive tool with multiple features for password and account management. Passwd works by modifying the /etc/passwd and /etc/shadow files (or equivalent database in systems using alternative authentication mechanisms), which store user account information including encrypted passwords. When invoked without arguments, passwd prompts the current user to change their password, requiring both the old password (for verification) and the new password (entered twice for confirmation). Key features of the passwd command: 1. Password Management: Beyond basic password changes, passwd provides options for setting password aging policies, including expiration dates, minimum and maximum lifetimes, and warning periods. 2. Account Control: System administrators can use passwd to lock or unlock accounts, effectively enabling or disabling login capabilities without deleting the account or changing its password. 3. Password Quality Enforcement: Modern implementations of passwd integrate with PAM (Pluggable Authentication Modules) to enforce password complexity requirements, preventing users from choosing weak or previously used passwords. 4. Security Algorithms: Passwd supports multiple password encryption algorithms, with modern systems typically using strong hashing methods like SHA-512 with salting to protect stored passwords. 5. Status Reporting: The command can display information about a user's password status, including when it was last changed, whether it's expired, and details about aging policies. 6. System Integration: Passwd works with various system authentication mechanisms, including local password files, LDAP directories, and other centralized authentication systems. Common use cases for passwd include: - Regular password changes for security maintenance - Administrative password resets when users forget their passwords - Implementing password policies such as expiration and complexity requirements - Temporarily disabling accounts by locking passwords - Forcing users to change initial or reset passwords on their next login - Configuring password-less accounts for specific system purposes While passwd remains a critical system administration tool, modern enterprise environments often supplement or replace direct passwd usage with centralized identity management systems that provide additional features for password policy enforcement, synchronization across multiple systems, and self-service password recovery. The security implications of passwd are significant, as it directly affects system access control. Proper configuration of passwd-related settings, especially in the PAM system and /etc/login.defs file, is essential for maintaining system security. This includes setting appropriate password complexity requirements, aging policies, and account lockout parameters to protect against brute force attacks and password guessing.

    Related Commands

    These commands are frequently used alongside passwd or serve similar purposes:

    Use Cases

    Learn By Doing

    The best way to learn Linux commands is by practicing. Try out these examples in your terminal to build muscle memory and understand how the passwd command works in different scenarios.

    $ passwd
    View All Commands