passwd.1s

passwd [options] [user]

user
    The username whose password is to be changed. If omitted, the current user's password is changed.

-S, --status
    Display the password status for the specified user (e.g., locked, unlocked, last changed, minimum/maximum days).

-l, --lock
    Lock the password of the specified user. This prevents the user from logging in with their password.

-u, --unlock
    Unlock the password of the specified user, allowing them to log in.

-d, --delete
    Delete the password for the specified user. This effectively allows the user to log in without a password. (Use with caution!)

-e, --expire
    Immediately expire the password of the specified user, forcing them to change it upon next login.

-n, --mindays DAYS
    Set the minimum number of days between password changes to DAYS.

-x, --maxdays DAYS
    Set the maximum number of days a password remains valid to DAYS. After this, the user must change their password.

-w, --warndays DAYS
    Set the number of days of warning before a password expires to DAYS.

-i, --inactive DAYS
    Set the number of days after password expiry when the account becomes inactive and locked.

The passwd command is used to change a user's password. A regular user can only change their own password, and they will be prompted for their current password before setting a new one. The new password must satisfy system-defined complexity rules (e.g., minimum length, character types), which are often enforced by PAM modules.

The root user, however, can change any user's password without knowing the current one, and can also set various password aging parameters like expiration dates, minimum/maximum days between changes, and warning periods. This command modifies entries in the /etc/passwd and /etc/shadow files, where sensitive password hashes and aging details are stored.

The passwd command directly modifies sensitive system files (/etc/passwd, /etc/shadow). Incorrect usage can lead to account lockouts or security vulnerabilities. Password complexity rules are enforced by Pluggable Authentication Modules (PAM) and are system-dependent. When deleting a password (-d), the user can log in without providing any password. This is a severe security risk and should only be used for specific, controlled purposes. Changes made by passwd might not immediately apply if the system caches authentication information (e.g., using nscd).

Password aging parameters (minimum days, maximum days, warning days, inactive days) control how often users must change their passwords and how accounts behave after password expiry. These can be managed by the root user using passwd or chage.

The passwd binary typically has the SUID bit set, allowing it to run with root privileges temporarily for modifying password files, even when executed by a non-root user. This is crucial for its functionality but requires careful security considerations.

The passwd command has been a fundamental part of Unix-like operating systems since their early days, evolving with security needs. Originally, password hashes were stored directly in /etc/passwd. The introduction of the shadow password suite (and the /etc/shadow file) significantly enhanced security by separating password hashes from publicly readable user information, making brute-force attacks much harder.

chage(1), login.defs(5), shadow(5), useradd(8), usermod(8)