Skip to main content

passwd command

passwd - change user password

The passwd command in Linux is a utility used to change user passwords or manage password-related settings for user accounts. It’s essential for securing accounts and enforcing password policies.

Note: Regular users can change their own passwords, but changing another user’s password or locking accounts requires root privileges (sudo).

Usage: passwd [options] [LOGIN]

  • LOGIN: The user whose password to change (optional; defaults to current user).
  • options: Flags to modify behavior (e.g., lock, expire).

Common Options Summary

OptionDescription
-lLock the account
-uUnlock the account
-eExpire the password (force change)
-SShow password status
-dDelete the password (no login)
-nSet minimum days before change
-xSet maximum days before expiration

Examples

  • Changing Your Own Password

    Run passwd without arguments to update your own password.

    passwd
    • Prompts: 
      Enter current password:
      Enter new password:
      Retype new password:
    • Updates your password if the current one is correct and the new one meets policy (e.g., length).

  • Changing Another User’s Password

    As root, specify a username to change their password.

    sudo passwd alice
    • Prompts for a new password for alice.
    • Useful for admins setting initial passwords.

  • Locking an Account

    Use -l to lock a user’s account, preventing login.

    sudo passwd -l bob
    • Adds ! to the password field in /etc/shadow, disabling login.
    • Check: grep bob /etc/shadow (shows ! before hash).

  • Unlocking an Account

    Use -u to unlock a locked account.

    sudo passwd -u bob
    • Removes the !, restoring login ability.

  • Forcing Password Change

    Use -e to expire a password, forcing the user to change it at next login.

    sudo passwd -e alice
    • Sets the password’s last change date to 0 in /etc/shadow.
    • Next login: alice must set a new password.

  • Checking Password Status

    Use -S to see a user’s password status.

    sudo passwd -S alice
    • Output: alice P 04/01/2025 0 99999 7 -1
    • Explanation:
      • P: Password set (or L for locked, NP for no password).
      • 04/01/2025: Last change.
      • 0 99999 7 -1: Policy settings (min days, max days, warning, inactivity).

To get help related to the passwd command use --help option

$ passwd --help
Usage: passwd [options] [LOGIN]

Options:
  -a, --all                     report password status on all accounts
  -d, --delete                  delete the password for the named account
  -e, --expire                  force expire the password for the named account
  -h, --help                    display this help message and exit
  -k, --keep-tokens             change password only if expired
  -i, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --lock                    lock the password of the named account
  -n, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -q, --quiet                   quiet mode
  -r, --repository REPOSITORY   change password in REPOSITORY repository
  -R, --root CHROOT_DIR         directory to chroot into
  -S, --status                  report password status on the named account
  -u, --unlock                  unlock the password of the named account
  -w, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS
  -x, --maxdays MAX_DAYS        set maximum number of days before password
                                change to MAX_DAYS

For more details, check the manual with man passwd

Last updated on by AB