Beginners Guide for Passwd Command in Linux

Linux TLDR
Last Updated:
Reading time: 4 minutes

The passwd command is used to modify the user’s password and its properties, like deleting the password, expiring the password, deactivating the account, and many more.

Also Read: Change user account password information using chage command

The owner of an account only has permission to modify its password properties, except for the root user, who can easily modify any user account password.

If you are a sudo user, you are also able to modify other users’ password properties by placing sudo in front of each command.

Tutorial Details

DescriptionPasswd
Difficulty LevelModerate
Root or Sudo PrivilegesYes
Host System and ArchitectureUbuntu 22.10 (x64)
OS Compatibility Ubuntu, Manjaro, Fedora, etc.
Prerequisitespasswd
Internet RequiredNo
Discussed Tools in this Article

Syntax of the Passwd Command

The passwd command takes two arguments: one is the option (optional), and the other is the username (if you want to modify the password information for the current user, you do not need to specify this).

$ passwd [OPTION] [USERNAME]

The following is the list of valid options for the passwd command.

OptionsDescription
-a, –allIt is used with the “-S” flag to show status for all users
-d, –deleteIt will remove the password from the user’s account (empty password)
-e, –expireImmediately expire the specified user password. On their next login, the user must be forced to change their password
-i, –inactiveIt will disable the user account after the password has expired for a number of days
-l, –lockIt will lock the user account, making it inaccessible
-u, –unlockIt will unlock the user account, making it accessible
-n, –mindaysSet the password change days (the default is 0)
-q, –quietQuiet mode
-r, –repositoryChange the password in the repository
-R, –rootApply changes to the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory
-s, –statusDisplay account status information
-w, –warndaysIt will show a warning on the number of days prior to the password expiring
-x, –maxdaysSet the maximum number of days the password remains valid; after that, the password is required to be changed

Changing the Current Logged-in User Password

The following command will change the current user password (if you are already using a password, you would need to specify your current password).

$ passwd
Changing password for linuxtldr.
Current password: 
New password: 
Retype new password: 
passwd: password updated successfully

To maintain privacy, the typed password will not be visible on screen.

Changing the Other User Account Password

To change another user’s account password, you must be a root or sudo user; in this example, I will use the sudo user to change the account password for the newly created userpt1“.

$ sudo passwd pt1
New password: 
Retype new password: 
passwd: password updated successfully

From now on, we will only use the “pt1” user account to show examples of the passwd command.

Display the Current Status of the User

The “-S” flag is used to display the “pt1” user account status as shown.

$ sudo passwd -S pt1
pt1 P 11/24/2022 0 99999 7 -1

The following is a list of user account information.

UsernameStatusLast Changed PasswordMinimum AgeMaximum AgeWarning PeriodPassword Inactivity Period
pt1P11/24/20220999997-1

There are 3 types of status, as shown:

StatusDescription
PPassword is set
LAccount is locked
NPNo password

The special numbers are reserved for setting parameters for password rules.

Special Numbers for AgeDescription
0Never expires
99999Can be changed at anytime
1Not active

Deleting the Account Password

The following command will remove the target account password, making it less meaningful (an empty password).

$ sudo passwd -d pt1
passwd: password expiry information changed.

Now anyone can easily switch to the “pt1” user account without requiring any password (unsafe).

Also Read: How to Force User to Change Their Password on Next Login in Linux

Expire the Account Password

The following command will expire the password before its expiration date, requiring the target to set up a new password on their next login.

$ sudo passwd -e pt1
passwd: password expiry information changed.

If you check the user account information, the password expiry date is set to 1970, and the status is “NP” (no password).

$ sudo passwd -S pt1
pt1 NP 01/01/1970 0 99999 7 -1

If “pt1” logs in again, he will be forced to set up a new password.

You are required to change your password immediately (administrator enforced).
New password: 
Retype new password:

Disable Account After Password Expires

The following command will disable access to the target account after the password has expired for a certain number of days (ex: 6 days).

$ sudo passwd -i 6 pt1
passwd: password expiry information changed.

Minimum Days to Force Users to Update Their Passwords

The following command is used to specify the minimum number of days between password changes to the specified days (ex: 16 days), after which the user will be required to change their password again.

$ sudo passwd -n 16 pt1
passwd: password expiry information changed.

After 16 days, the user will be forced to change their password again.

$ sudo passwd -S pt1
pt1 P 11/24/2022 16 99999 7 -1

Maximum Days for Password Validation

The following command will set the maximum number of days before your account password is valid. After the specified number of days (ex: 26 days) has passed, the password is required to be changed.

$ sudo passwd -x 26 pt1
passwd: password expiry information changed.

Check the user account information to verify the status.

$ sudo passwd -S pt1
pt1 P 11/24/2022 0 26 7 -1

Setup Warning Message Before Password Change is Required

The following command will prompt the user with a warning message the specified number of days (ex: 10 days) prior to their password expiring.

$ sudo passwd -w 10 pt1
passwd: password expiry information changed.

Check the account status using the following command.

$ sudo passwd -S pt1
pt1 P 11/24/2022 0 99999 10 -1

Lock or Unlock the User Account

The following command will lock the user account, and no one will be able to login to that particular user account via password.

$ sudo passwd -l pt1
passwd: password expiry information changed.

It will change the account status from “P” (for password) to “L” (locked account), as shown.

$ passwd -S pt1
pt1 L 11/24/2022 0 99999 7 -1

Use the “-u” flag to unlock the target user account.

$ sudo passwd -u pt1
passwd: password expiry information changed.

Verify the user status using the following command.

$ passwd -S pt1
pt1 P 11/24/2022 0 99999 7 -1

And that was the end of the passwd command examples.

If you have a query regarding this topic, feel free to ask in the comment section.

Join The Conversation

Users are always welcome to leave comments about the articles, whether they are questions, comments, constructive criticism, old information, or notices of typos. Please keep in mind that all comments are moderated according to our comment policy.