LinuxCommandLibrary

chpasswd

Change passwords in batch for users

TLDR

Change the password for a specific user

$ printf "[username]:[new_password]" | sudo chpasswd
copy

Change the passwords for multiple users (The input text must not contain any spaces.)
$ printf "[username_1]:[new_password_1]\n[username_2]:[new_password_2]" | sudo chpasswd
copy

Change the password for a specific user, and specify it in encrypted form
$ printf "[username]:[new_encrypted_password]" | sudo chpasswd --encrypted
copy

Change the password for a specific user, and use a specific encryption for the stored password
$ printf "[username]:[new_password]" | sudo chpasswd --crypt-method [NONE|DES|MD5|SHA256|SHA512]
copy

SYNOPSIS

chpasswd [options]

PARAMETERS

-e
    chpasswd accepts encrypted passwords. Default is plain text.

-c algorithm
    Use algorithm to encrypt the password. Use 'help' to show supported algorithms.

-m
    Modify the password of the current user using stdin

DESCRIPTION

The chpasswd command updates user passwords in batch mode. It reads username:password pairs from standard input. The password can be clear text or, optionally, a hash generated by a hashing algorithm. This command is particularly useful for scripting and automating password changes across multiple accounts or systems. The primary use case is to manage many user passwords from a single script. Passwords are immediately updated in the system's password database, typically /etc/shadow. It's crucial to exercise caution when using chpasswd, especially with clear text passwords, as they can be exposed in command history or logs. Therefore, always ensure that your system is secure and use appropriate password policies. chpasswd leverages PAM (Pluggable Authentication Modules) to authenticate and update user passwords. It allows to utilize of different authentication methods and security configurations depending on the current system configutation.

CAVEATS

Using chpasswd with cleartext passwords is inherently insecure. Consider using stronger password hashing algorithms and encryption to protect sensitive information. Also, ensure your script handles errors gracefully to avoid unintended consequences. Never store clear text passwords in scripts.

SECURITY CONSIDERATIONS

Always prioritize security when using chpasswd. Avoid storing passwords in plaintext. If you must use plaintext, remove them from your script once you are done processing them. Audit password changes regularly to detect any anomalies.

PAM INTEGRATION

chpasswd relies on PAM for authentication and password management. Ensure that PAM is configured correctly to allow chpasswd to function as expected.
Verify PAM configuration by reviewing /etc/pam.d/chpasswd file.

HISTORY

chpasswd has been a standard utility in most Linux distributions for many years. It was primarily developed as a convenient way to automate password management tasks, particularly in environments with a large number of user accounts.

SEE ALSO

passwd(1), useradd(8), usermod(8)

Copied to clipboard