passwd
Change user password
TLDR
Change the password of the current user interactively
Change the password of a specific user
Get the current status of the user
Make the password of the account blank (it will set the named account passwordless)
Set password programmatically (ideal for install scripts)
SYNOPSIS
passwd [options] [username]
PARAMETERS
-d, --delete username
Delete the password for the specified user account. This makes the account accessible without a password. Only available to the root user.
-e, --expire username
Immediately expire the password for the specified user, forcing them to change it upon their next login. Only available to the root user.
-i, --inactive=DAYS username
Set the number of days after a password has expired before the account becomes permanently inactive. Only available to the root user.
-l, --lock username
Lock the password of the specified user account, preventing login. This is done by prepending an '!' to the password hash in /etc/shadow. Only available to the root user.
-n, --mindays=DAYS username
Set the minimum number of days that must pass before a user is allowed to change their password again. Only available to the root user.
-S, --status username
Display the password status information for the specified user account. This includes password last changed date, minimum/maximum days, warning period, and account status (e.g., P for password set, NP for no password, L for locked).
-u, --unlock username
Unlock the password of the specified user account. This removes the '!' prepended by the -l option. Only available to the root user.
-x, --maxdays=DAYS username
Set the maximum number of days a password remains valid. After this period, the user will be forced to change their password. Only available to the root user.
--stdin
Read the new password from standard input. This is commonly used in scripts to automate password changes, but care must be taken to prevent the password from being exposed in process listings.
DESCRIPTION
passwd is a fundamental Linux utility used to change a user's authentication token, typically their password. It prompts the user for their current password (if changing their own) and then for the new password twice to ensure accuracy.
The command enforces system-wide password policies, which are often managed by Pluggable Authentication Modules (PAM), dictating rules like minimum length, complexity, and history. For unprivileged users, passwd allows changing only their own password. The root user has elevated privileges and can change the password for any account on the system without knowing the current password, and can also manipulate password aging settings (e.g., force password expiry, lock/unlock accounts).
Password information is stored securely, primarily in the /etc/shadow file, which contains encrypted password hashes and aging details, while /etc/passwd lists user accounts without password hashes. Using passwd correctly is crucial for maintaining system security and managing user access.
CAVEATS
When changing another user's password, passwd does not require knowledge of the old password; this functionality is exclusive to the root user.
Password complexity and aging rules are not handled directly by passwd itself, but by system-wide configuration files (e.g., /etc/login.defs) and Pluggable Authentication Modules (PAM) such as pam_pwquality or pam_cracklib.
Using the --stdin option can be a security risk if not handled properly, as the password might be exposed in shell history or process lists. It should be used with extreme caution in automated scripts.
For more fine-grained control over password aging policies, the chage(1) command is often preferred.
PASSWORD AGING POLICIES
The passwd command, particularly when used by the root user, allows setting various password aging parameters. These include the minimum (-n) and maximum (-x) number of days between password changes, the warning period before expiry, and inactivity periods (-i). These settings are crucial for enforcing security policies and ensuring regular password updates.
SECURITY IMPLICATIONS
The primary security function of passwd is to manage authentication credentials. Its shift to using /etc/shadow significantly improved security by preventing unauthorized access to password hashes. Additionally, its reliance on PAM allows for enforcement of strong password policies, including complexity, length, and history checks, which mitigate risks from common password attacks.
HISTORY
The passwd command has been a core component of Unix-like operating systems since their early days. Initially, encrypted passwords were stored directly in the publicly readable /etc/passwd file.
However, to enhance security and prevent brute-force attacks on password hashes, the concept of 'shadow passwords' was introduced. This led to the separation of encrypted password hashes into a restricted-access file, /etc/shadow, while /etc/passwd retained only user account information.
Modern Linux distributions integrate passwd with Pluggable Authentication Modules (PAM), allowing system administrators to implement flexible and robust password policies without modifying the core passwd utility.