Passwd Command in Linux with Examples

In this article, let us take a look at the passwd command in Linux. First, we will look at what the command is about, why it is used, and understand the output of it by looking at the syntax of the passwd command, and the options used along with it.

In the end, we will also look at some crazy practical examples of the passwd command by pairing it with various options to understand its working.

What is the passwd command?

Passwd is a command-line-based utility in Linux-based operating systems that helps modify user account passwords and manage the password validity period. This command is frequently used by systems administrators.

Since we are dealing with high-profile cases (changing user’s password), we always use the passwd command with the sudo command for elevated privileges. On the other hand, if you are the root user, you don’t need to worry about it.

However, don’t be misguided to think you need higher privileges to change your password. To do that, you can use the passwd command followed by your username, and you don’t have to use the prefix ‘sudo’ or be the root user.

Syntax of the passwd command

The syntax of the command is shown below:

passwd <options> <username>

Let us look at the fields in the syntax of this command:

1. <options>

This field takes in a range of options that specify how the command functions, formats, and prints the output. You can also specify multiple options in this field.

2. <username>

This field takes in the user’s name on whose password you want to perform actions.

Options used with the passwd command

In typical Linux fashion, the passwd command has a considerably long list of options. Let us look at each of the options:

1. -a This option displays the password status of all of the users. This option must always be used with the option “-S”, or else it will not work. This option can also be written as “–all.”

2. -d This option deletes the password of the specified user. It is an easy way to disable login privileges for an account without disabling the account itself. You can also write this option as “–delete.”

3. -e This option immediately expires an account’s password. However, doing this forces the users to change their password in their next login. You can also write this option as “–expire.”

4. -i  This option disables an account after the previously specified number of days after setting the password has expired. You can also write this option as “–inacti`ve.”

5. -k This option keeps the password tokens, meaning a password can only be changed if it expires. You can also write this option as “–keep-tokens.”

6. -l This option locks the password of the specified account. It disables a password by changing it to a value that does not match any possible encrypted value. This option can also be written as “–lock.”

7. -n This option sets the minimum number of days between the password changes. You can also write this option as

“–mindays.”

8. -q This option makes the command operate without displaying any output. You can also write this option as “–quiet.”

9. -R This option makes changes in the chroot directory and uses the configuration files from the directory specified by the user. This option can also be written as “–root.”

10. -h This option will print the help menu of the command, as shown below:

11. -S This option displays the status information of the user’s password. You can also write this option as “–status.”

12. -u This option re-enables a password by modifying it to its original value before the -l option locates it. You can also write this option as “–unlock.”

13. -w This option sets the number of warning days before a password change is required. You can also write this option as “–warndays.”

14. -x This option sets the maximum number of days a password can remain valid. This option can also be written as “–maxdays.”

Understanding the output of the “passwd -S” command

When we run the passwd command along with the option “-S”, it will show us the following output:

username  P  12/24/2021  0  99999  7  -1

The output shown above consists of 7 fields of valuable information. Let us look at what each column is for and what it contains.

Field 1
This field contains the username of whose status you asked the command to show.

Field 2
This field represents if a user has a locked password or not. If the user has a locked password, it is represented with an “L”. If a user has no password, it is represented by an “NP”; if they have a regular password, it is represented by a “P”.

Field 3
This option shows the date when the password was last changed.

Field 4
This field displays the minimum age of the password.

Field 5
This field shows the warning period for the password change.

Field 6
This field shows the inactivity period for the password change.

Let us now understand how the command and its options work by looking at some practical examples of it in the terminal of Ubuntu 20.04.

Seeing password status for all the accounts

We have already seen how to display the password status of a specific user, but if you want to print the password status for all of the users on your system, use the option “-S” followed by the option “-a” as shown:

passwd -S -a

Changing a user’s password

To change the password of a specific user, run the command along with the user’s username. If you are changing the password of some other user, make sure you use the prefix sudo as shown:

sudo passwd <username>

Changing your password using the passwd command

To change your personal password using the command, use the passwd command followed by your username. Since you are changing your own password, you don’t need to use the sudo command. Syntax is as below:

passwd username

Deleting a user’s password

If you want to delete a user’s password, use the command with the option “-d” and the username as shown:

passwd -d <username>

Expire an account’s password

If you want to force expire the password of a user, combine the command with the option “-e” followed by the username as shown:

sudo passwd -e <username>

Setting the number of days for password expiration

We discussed earlier that an account could automatically deactivate after its password has expired and not changed for a certain number of days. We can set these days by pairing the command with the option “-i” followed by the number of days. Use the syntax shown below:

sudo passwd -i <number of days> <username>

Setting the minimum number of days before password changes

If you want to set the minimum number of days a user should wait to change the password, combine the command with the option “-n” followed by the number of days as shown:

sudo passwd -n <number of days> <username>

Setting the maximum number of days before password changes

To set the maximum number of days between the times u change your password, combine the command with the option “-n” followed by the number of days as:

sudo passwd -x <number of days> <username>

Changing the expired password

If your password has expired, a prompt appears during the next login to change the password. The system will prompt you first to enter the old and new passwords.

Displaying the warning for an expiring password

We can change the warning period message displays for expiring passwords by pairing the command with the option “-w” followed by the number of days as shown:

sudo passwd -w <number of days> <username>

Locking a password

If we lock a password, the user will be unable to log in using the same password. To lock the password of a user, use the option “-l” as shown:

sudo passwd -l <username>

Unlocking a password

We can unlock a locked password using the option “-u” with the passwd command shown:

sudo passwd -u <username>

Using quiet mode

In quiet, the command operates without printing any output. To enable quiet mode, use the option “-q” as shown:

passwd -q

Changing the password for a repository

We can use the passwd command for many advanced tasks too, here is an example. By default, the “/etc/nsswitch.conf” file specifies the repositories where the password changes happen. However, we can specify the repository by using the command shown:

sudo passwd -r <repository> <username>

Changing the root directory for the passwd command process

Even Though the passwd command process runs from the default root directory, we can modify the root directory by running the command with the option “-R” followed by the directory’s path as shown:

sudo passwd -R <directory path>

Summary

As you have seen, the passwd is a simple yet slightly advanced tool that helps modify passwords for user accounts and manage the password validity period. You have now understood the passwd command as we discussed what it is used for, the syntax, and the options used along with it, and also understood the output. We have also seen many practical examples of the passwd command by pairing the options available with it.