How to change passwords in Linux via the CLI (Terminal)

The passwords for user accounts often need to be changed. This is mostly done by the users themselves, but often, they have to be overridden by the administrator to control any illegitimate activity by any of the users. Because of these reasons, Linux provides a wide range of options for user account password management. We have discussed some of these useful options below:

Self password change:

The password of the user itself can be changed using the passwd command provided by Linux. This is how you can change the password of the user you’re logged in with. Just open up the command line, and type in:

passwd

This will open up a prompt asking for the current password, and then the new password, and its repeated confirmation. The passwords aren’t shown in the terminal, so that they are not visible to any person that might be around the system.

Sample output:

pulkit@hostname:~$ passwd
Changing password for pulkit.
(current) UNIX password: 
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
pulkit@hostname:~$

Changing the password of another user

This requires root access, as only the root can add, remove or change the password of any other user on the system. You will need to know the administrator password. Therefore, the command becomes:

sudo passwd <username>

Sample output:

pulkit@hostname:~$ sudo passwd testuser
[sudo] password for pulkit: 
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
pulkit@hostname:~$

Or if you’re logged in with the “root” user you can just use the command without “sudo”.

Checking password status

Seeing the status of a password is also made easy in Linux. There are a lot of criteria and properties that a password may have, and these are the commands that can be used to view those:

passwd -S <username>

Sample output:

pulkit@hostname:~$ passwd -S pulkit
pulkit P 04/15/2019 0 99999 7 -1
pulkit@hostname:~$

The displayed properties are as follows:

  • pulkit : User name
  • P : Password status:
    • P : Active password
    • L : Locked password
    • NP : No password
  • 04/15/2019 : Date of last password change
  • 0 : Password expiry minimum age
  • 99999 : Password expiry maximum age (99999 basically means never)
  • 7 : Password expiry warning period
  • -1 : Inactivity period (-1 means never)

This output is a bit cryptic. There is another command that displays this information in a better way. The syntax is as follows:

chage -l <username>

Sample output:

pulkit@hostname:~$ chage -l pulkit
Last password change : Apr 15, 2019
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
pulkit@hostname:~$

Deleting a password

This option sets an account essentially password-less, so that anyone can log into it. This is not useful in most personal computers, but for a home PC, that’s what most people use, or for a system that needs to be open to anyone who attempts to use it, this option is essential. This command also requires root access. To delete the password of a user, use the following syntax:

sudo passwd -d <username>

Sample output:

pulkit@hostname:~$ sudo passwd -d testuser
[sudo] password for pulkit: 
passwd: password expiry information changed.
pulkit@hostname:~$

Force a user to change their password

This is a very useful feature, especially for Linux administrators. What this command basically does is expire the password of the mentioned user, so that the user has to forcefully change the existing password at their next login. This obviously requires root access as well. The command to be entered is this:

sudo passwd --expire <username>

Sample output:

pulkit@hostname:~$ sudo passwd --expire testuser
passwd: password expiry information changed.

su allows you to log in as another user.

pulkit@hostname:~$ su testuser
Password: 
You are required to change your password immediately (root enforced)
Changing password for testuser.
(current) UNIX password: 
Enter new UNIX password: 
Retype new UNIX password: 
testuser@hostname:/home/pulkit$

You can test these commands out on a Linux server at Vultr.

Conclusion

That is all for the major operations regarding changing user passwords in Linux. Some of these options are exclusively for the root user, but that makes sense even for personal systems, as user management is often required in case of password loss, or something else of the sort. The root user is allowed to overpower any other user. The root account is not something to be played around with. You must always use the root account carefully.

Another common use-case is in servers. The upside to using a server is that in some cases you can still access the server via a web console, even if you locked yourself out of the server.

These instructions work for any Linux distro, including Ubuntu, CentOS, Debian, Fedora, etc.

Let us know if you have any questions in the comments below.

This post was last modified on April 23, 2019 2:59 am

Categories: Knowledgebase
Related Post