The passwd command is used to modify the userβs password and its properties, like deleting the password, expiring the password, deactivating the account, and many more.
The owner of an account only has permission to modify its password properties, except for the root user, who can easily modify any user account password.
If you are a sudo user, you are also able to modify other usersβ password properties by placing sudo in front of each command.
Tutorial Details
| Description | Passwd |
| Difficulty Level | Moderate |
| Root or Sudo Privileges | Yes |
| OS Compatibility | Ubuntu, Manjaro, Fedora, etc. |
| Prerequisites | passwd |
| Internet Required | No |
Syntax of the Passwd Command
The passwd command takes two arguments: one is the option (optional), and the other is the username (if you want to modify the password information for the current user, you do not need to specify this).
$ passwd [OPTION] [USERNAME]The following is the list of valid options for the passwd command.
| Options | Description |
|---|---|
-a, --all | It is used with the β-Sβ flag to show status for all users |
-d, --delete | It will remove the password from the userβs account (empty password) |
-e, --expire | Immediately expire the specified user password. On their next login, the user must be forced to change their password |
-i, --inactive | It will disable the user account after the password has expired for a number of days |
-l, --lock | It will lock the user account, making it inaccessible |
-u, --unlock | It will unlock the user account, making it accessible |
-n, --mindays | Set the password change days (the default is 0) |
-q, --quiet | Quiet mode |
-r, --repository | Change the password in the repository |
-R, --root | Apply changes to the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory |
-s, --status | Display account status information |
-w, --warndays | It will show a warning on the number of days prior to the password expiring |
-x, --maxdays | Set the maximum number of days the password remains valid; after that, the password is required to be changed |
Changing the Current Logged-in User Password
The following command will change the current user password (if you are already using a password, you would need to specify your current password).
$ passwdOutput:
To maintain privacy, the typed password will not be visible on screen.
Changing the Other User Account Password
To change another userβs account password, you must be a root or sudo user; in this example, I will use the sudo user to change the account password for the newly created user βpt1β.
$ sudo passwd pt1Output:
From now on, we will only use the βpt1β user account to show examples of the passwd command.
Display the Current Status of the User
The β-Sβ flag is used to display the βpt1β user account status as shown.
$ sudo passwd -S pt1Output:
The following is a list of user account information.
| Username | Status | Last Changed Password | Minimum Age | Maximum Age | Warning Period | Password Inactivity Period |
|---|---|---|---|---|---|---|
pt1 | P | 09/11/2023 | 0 | 99999 | 7 | -1 |
There are 3 types of status, as shown:
| Status | Description |
|---|---|
P | Password is set |
L | Account is locked |
NP | No password |
The special numbers are reserved for setting parameters for password rules.
| Special Numbers for Age | Description |
|---|---|
0 | Never expires |
99999 | Can be changed at anytime |
1 | Not active |
Deleting the Account Password
The following command will remove the target account password, making it less meaningful (an empty password).
$ sudo passwd -d pt1Output:
Now anyone can easily switch to the βpt1β user account without requiring any password (unsafe).
Expire the Account Password
The following command will expire the password before its expiration date, requiring the target to set up a new password on their next login.
$ sudo passwd -e pt1Output:
If you check the user account information, the password expiry date is set to 1970, and the status is βNPβ (no password).
$ sudo passwd -S pt1Output:
If βpt1β logs in again, he will be forced to set up a new password.
Disable Account After Password Expires
The following command will disable access to the target account after the password has expired for a certain number of days (ex: β6 daysβ).
$ sudo passwd -i 6 pt1Output:
Minimum Days to Force Users to Update Their Passwords
The following command is used to specify the minimum number of days between password changes to the specified days (ex: 16 days), after which the user will be required to change their password again.
$ sudo passwd -n 16 pt1Output:
After 16 days, the user will be forced to change their password again.
$ sudo passwd -S pt1Output:
Maximum Days for Password Validation
The following command will set the maximum number of days before your account password is valid. After the specified number of days (ex: 26 days) has passed, the password is required to be changed.
$ sudo passwd -x 26 pt1Output:
Check the user account information to verify the status.
$ sudo passwd -S pt1Output:
Setup Warning Message Before Password Change is Required
The following command will prompt the user with a warning message the specified number of days (ex: 10 days) prior to their password expiring.
$ sudo passwd -w 10 pt1Output:
Check the account status using the following command.
$ sudo passwd -S pt1Output:
Lock or Unlock the User Account
The following command will lock the user account, and no one will be able to login to that particular user account via password.
$ sudo passwd -l pt1Output:
It will change the account status from βPβ (for password) to βLβ (locked account), as shown.
$ sudo passwd -S pt1Output:
Use the β-uβ flag to unlock the target user account.
$ sudo passwd -u pt1Output:
Verify the user status using the following command.
$ passwd -S pt1Output:
And that was the end of the passwd command examples.
If you have a query regarding this topic, feel free to ask in the comment section.
Join The Conversation
Users are always welcome to leave comments about the articles, whether they are questions, comments, constructive criticism, old information, or notices of typos. Please keep in mind that all comments are moderated according to our comment policy.