Categories
Life hack

How to change account passwords on linux

[donotprint]

Tutorial details
Difficulty Easy (rss)
Root privileges Yes
Requirements None
Time 1m

[/donotprint][a] usermod command – Modify various user account properties including user password expiry information.
Where, [b] chage command – Change user password expiry information

Task: Use chage command to force users to chage their password upon first login

Use the following syntax to force a user to change their password at next logon on a Linux:

# chage -d 0 < user-name >
In this example, force tom to change his passsword at next logon, enter:
# chage -d 0 tom

  • -d 0 : Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD. By setting it to zero, you are going to force user to change password upon first login.
Further readings:
  • man pages – chage(8)

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 13 comments so far. add one

  • How to force users to use secure passwords on…
  • Where are the passwords of the users located in Linux?
  • Restrict Linux users to their home directories only
  • Linux Find Out Which Process Is Listening Upon a Port
  • Linux / UNIX: Generate Passwords
  • Linux sys-unconfig: Reconfigure the System Upon Next Boot
  • Nginx: Redirect Backend Traffic Based Upon Client IP Address
Category List of Unix and Linux commands
File Management cat
Firewall Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Network Utilities dig • host • ip • nmap
OpenVPN CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager apk • apt
Processes Management bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time
Searching grep • whereis • which
User Information groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

Very useful tip!
I’ll use it.

Excellent tip for livecds… Thanks!!

Great …….. Very Useful

Task: Use chage command to force users to chage their password upon first login

Use the following syntax:
chage -d 0
# chage -d 0 tom

Hello out there! Must be something wrong with the spelling (chage)??

RRRolle, there is nothing wrong with the spelling. ‘chage’ is correct. You are changing the aging attributes of the account — when the password expires, how long between required password changes, etc. chage -l will give this information:

# chage -l nagios
Last password change : Sep 17, 2010
Password expires : Nov 16, 2010
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 60
Number of days of warning before password expires : 7

Hi,
I am a new Linux user and I created users and set their password to expire and force them to change password on their first log in, I tried on one user ,it prompted me to enter current password and when i typed current password the screen usually sleeps. Can anyone advise?

very useful tip, thanks alot

One method that is easier than doing the math required by the above solutions is:
passwd -e username

This forces an immediate expiration, and forces a password change on the next login. I use it each time I create a user.

Hope this helps!

Hey, is there a way to configure this so that the operating system does it automatically so an admin doesn’t have to go through all the users and run these commands?

I am a Windows user gradually moving towards Linux. In Windows we have an option of either having or not having some password for a user. Once we do not put a password we can directly log in to the system.

However, in Linux this is not possible as every user must have a password. Even if one does not give a password not typing anything and simply pressing the Return key doesn’t log one in (unlike Windows). Is there some default password set for every user or any other mechanism by means of which a password is always assigned?

5 Answers 5

Authentication can be handled in many different ways in Linux. Password authentication via /etc/passwd and /etc/shadow is the usual default. There is no default password.

A user is not required to have a password. In a typical setup a user without a password will be unable to authenticate with the use of a password. This is common for system users which are used to run daemons, but are not intended to be used directly by a human.

You can configure Linux to allow login to the desktop automatically, or allow login without a password. Authentication is done via PAM, which is highly configurable. The Arch wiki offers the following PAM configuration for login without a password:

If you want to bypass the password prompt in GDM then simply add the following line on the first line of /etc/pam.d/gdm-password:

Then, add the group nopasswdlogin to your system. See Groups for group descriptions and group management commands. Now, add your user to the nopasswdlogin group and you will only have to click on your username to login.

Linux Set User Password

Type following passwd command to change your own password:
$ passwd
Sample Outputs:

The user is first prompted for his/her old password if one is present. This password is then encrypted and compared against the stored password. The user has only one chance to enter the correct password. The super user is permitted to bypass this step so that forgotten passwords may be changed. A new password is tested for complexity. As a general guideline, passwords should consist of 10 to 20 characters including one or more from each of following sets:

  1. Lower case alphabetics
  2. Upper case alphabetics
  3. Digits 0 thru 9
  4. Punctuation marks/spacial characters

Linux change password for other user account

You need to login as the root user, type the following command to change password for user vivek:
# passwd vivek
OR
$ sudo passwd vivek
Sample putput:

  • vivek – is username or account name.

Passwords do not display to the screen when you enter them. For example:

Linux changing user password using passwd

Linux Change Group Password

When the -g option is used, the password for the named group is changed. In this example, change password for group sales:
# passwd -g sales
The current group password is not prompted for. The -r option is used with the -g option to remove the current password from the named group. This allows group access to all members. The -R option is used with the -g option to restrict the named group for all users.

Changing user passwords on Linux

As a Linux system administrator (sysadmin) you can change password for any users on your server. To change a password on behalf of a user:

  1. First sign on or “su” or “sudo” to the “root” account on Linux, run: sudo -i
  2. Then type, passwd tom to change a password for tom user
  3. The system will prompt you to enter a password twice

To change or set a new root (superuser) password type:
$ sudo passwd

Forcing Linux user to change password at their next login

By default, Linux passwords never expire for users. However, we can force users to change their password the next time they log in via GUI or CLI methods. The syntax is straightforward:
$ sudo passwd -e
$ sudo passwd –expire
Let us immediately expire an account’s password:
$ sudo passwd -e marlena
The system will confirm it:

When user try to login via ssh command, they will see the following on screen:

Locking and Unlocking user password of the named account

Note that the following local command does not disable the account. The user may still be able to login using another authentication token, such as an SSH key. To disable the account, administrators should use either usermod –expiredate 1 or sudo passwd –expire command. Also, users with a locked password are not allowed to change their password to get around the security policy set by sysadmin.

We can lock the password as follows:
$ sudo passwd -l
This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ! at the beginning of the password in the /etc/shadow file. Want to unlock the password, try:
$ sudo passwd -u
The above command option re-enables a password by changing the password back to its previous value. In other words, to the value before using the -l option.

A note about setting up a secure Linux password

Compromises in password security typically result from careless password selection. Avoid common password such as:

  1. Words which appears in a dictionary
  2. Your first and last name
  3. Pet names
  4. Kids or spouses names
  5. License number
  6. Date of birth (DoB)
  7. Home or office address

I strongly recommend that you generate a unique password for all user accounts using your chosen password manager.

Conclusion

The passwd command line utility is used to update or change user’s password. The encrypted password is stored in /etc/shadow file and account information is in /etc/passwd file. To see all user account try grep command or cat command as follows:
$ cat /etc/passwd
$ grep ‘^userNameHere’ /etc/passwd
$ grep ‘^tom’ /etc/passwd
The guidance given in this quick tutorial should work with any Linux distribution, including Alpine, Arch, Ubuntu, Debian, RHEL, Fedora, Oracle CentOS, SUSE/OpenSUSE and other popular Linux distros.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 72 comments so far. add one

Rules for changing passwords for user accounts

  1. A normal user may only change the password for his/her own account.
  2. The superuser (root user) may change the password for any account or specific account.
  3. The passwd command also changes the account or associated password validity period.

First, login as the root user. Use sudo -s or su – command to login as root. To change password of specific user account, use the following syntax:

To change the password for user called vivek, enter:
# passwd vivek
Sample outputs:

Fig.01: passwd command in action

The status information consists of 7 fields as follows:

  1. vivek : Account login name (username)
  2. P : This field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P)
  3. 05/05/2012 : Date of the last password change.
  4. 0 : Password expiry minimum age
  5. 99999 : Password expiry maximum age.
  6. 7 : Password expiry warning period.
  7. -1 : Inactivity period for the password (see chage command for more information).

To get more info about password aging for a specific user called vivek, enter:
# chage -l vivek

Fig.01: chage command in action

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 7 comments so far. add one

Updated Nov 19, 2019

How to change account passwords on linux

In this guide we’ll explain how to change a user password in Linux. We will also show you how to force users to change their password the next time they log in.

The instructions should work on any Linux distribution, including Ubuntu, Debian, and CentOS.

Introduction #

In Linux, you can change the password of a user account with the passwd utility.

The encrypted users’ passwords, as well as other passwords related information, are stored in the /etc/shadow file.

As a regular user, you can only change your own password. The root user and users with sudo privileges can change another user’s passwords and define how the password can be used or changed.

When changing the password, make sure you’re using a strong and unique password.

Having a strong password is the most important thing you can do to secure your account. Often a strong password has at least 16 characters and contains at least one uppercase letter, one lowercase letter, one number, and one special character.

For security reasons, it is recommended to update your password on a regular basis and use a unique password for each account.

Change Your User Password #

To change your own user’s account password, run the passwd command without any arguments:

You will be prompted to enter your current password. If the password is correct, the command will ask you to enter and confirm the new password.

Passwords are not shown on the screen when you enter them.

The next time you log in to your system, use the new password.

Change Another User’s Password #

As we mentioned in the introduction, only the root user and users with sudo access can change the password of another user account.

The following example assumes that you are logged in as a user with sudo privileges.

To change the password of another user account, run the passwd command, followed by the username. For example, to change the password of a user named linuxize , run the following command:

You will be prompted to enter and confirm the new password:

On success, the command will print something like this:

Force User to Change Password at Next Login #

By default, passwords are set to never expire. To force a user to change their password the next time they log in, use the passwd command with –expire option followed by the username of the user:

The command above will immediately expire the user password.

The next time the user tries to login with the old password, they will be shown a message forcing them to change the password:

Once the user sets a new password, the connection will be closed.

Conclusion #

In this tutorial, you have learned how to change user’s passwords and how to set password expiry.

You can find more information about the passwd command, by typing man passwd in your terminal or visiting the Linux passwd man page.

If you have any questions or feedback, feel free to leave a comment.

System administration involves numerous tasks including managing users/groups and under user management, some of the minor tasks involved are adding, modifying, suspending, or deactivating user accounts, and many more.

This article will explain one of the critical user account management functions, how to set or change user password expiration and aging in Linux using the chage command.

The chage command is used to modify user password expiry information. It enables you to view user account aging information, change the number of days between password changes and the date of the last password change.

Once you have set password expiry and aging information, this information is used by the system to determine when a user must change his/her password. Normally, companies or organizations have certain security polices that demand users to change passwords regularly: this can be a simple way to enforce such policies as we explained below.

To view a user account aging information, use the -l flag as shwon.

View User Password Aging Information

To set the date or number of days (since January 1, 1970) when the password was last changed, use the -d flag as follows.

Next, you can also set the date or number of days (since January 1, 1970) on which the user’s account will no longer be accessible by using the -E switch as shown in the following command.

In this case, once a user’s account is locked, he/she is required to contact the system administrator before being able to use the system again.

Then, the -W option allows you to set the number of days of warning before a password change is required. Considering the command below, the user ravi will be warned 10 days prior to his password expiring.

In addition, you can set the number of days of inactivity after a password has expired before the account is locked. This example means that after user ravi’s password expires, his account will be inactive for 2 days before it is locked.

When the account becomes inactive, he must contact the system administrator before being able to use the system again.

For more information, refer to the chage man page.

Note that you can also change a user’s password expiration and aging information using the usermod command, which is actually intended for modifying a user account.

That’s it for now. Hoping you find this article informative and useful, if you have any questions to ask, use the feedback form below.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

We are thankful for your never ending support.

The 1 single command for changing user passwords in Linux

The importance of passwords and the role it plays in our digital life cannot be emphasized enough. Passwords are probably our first line of defense when it comes to securing digital content.

Linux is by nature a multi-user operating system, meaning that you can share a Linux machine with other users. This is especially true for shared servers in the cloud. Without a solid password, unauthorized users may easily gain access to your content.

Fortunately, Linux is a robust and secure platform. And it offers a simple and intuitive way of managing user passwords from the command terminal.

A r egular user can only change the password for their own account, while a superuser can change the password of any user account on the Linux system.

The command for changing user passwords in Linux is passwd . To change your own password simply open the command terminal and type the following command.

You will then be prompted to enter your old password followed by the new user password as in the figure below.

Note: You will not see anything as you fill in your passwords. This is the Unix way of protecting you from shoulder surfers.

The root user in Linux is what the Lion is to the Jungle: King. The root user has privileges to modify anything on the Linux system.

You can change the root user password as follows. Then you will be prompted to enter the new password.

Alternatively, you can change the root user password as follows.

First, switch to be the root user by typing the following command. You will then be prompted to enter the root user password. Once

Once you are logged in as the root user you can then change the password by typing the command below.

Note: When you are logged in as the root user, the # symbol is used in the prompt.

Make sure to exit out of the root user prompt when you are done running your command. To exit the root user prompt simply type.

The majority of users on Linux are non-root users. You will need to have administrative privileges to change the password of other users on a Linux system. The command for changing other user’s passwords is passwd username . For example, to change the passwd for user Linga on a system. Simply run.

You will then be prompted to type in the new user password.

The beauty of Linux is that you can learn more about commands right from within the terminal. To learn more about the passwd command, please use the man pages as follows.

As mentioned earlier, passwords are your first line of defense in the digital world. Use secure passwords and do not use the same password on different platforms.

Consider using a password manager to help you in creating and remembering your secure passwords.

Posted on February 7, 2021 by Mel Hawthorne Leave a Comment

If you manage a Linux machine with multiple users, you may occasionally want or need to get a user to change their password. The most likely cause for this requirement is for a first-time use scenario. Other potential reasons to change a password such as a user forgetting it, the password being compromised, or mandatory regular password cycling, don’t really work with the concept of manual password expiry.

When a Linux password is expired, the user is required to change it the next time that they log in. If a user has forgotten their password, they’ll never be able to sign in to then get to change their password. If a user’s password is compromised it should be changed immediately; expiring it runs the risk that the hacker signs into the account first and can then set the password to any value. If you have a policy of requiring regular password resets, then this should be managed automatically by setting a maximum password age rather than manually expiring passwords.

Note: Ideally you shouldn’t regularly expire passwords anymore, the NCSC and NIST as well as the larger cybersecurity community have changed their public guidance due to research that showed that doing so makes people more likely to choose weak and formulaic passwords. The guidance is now to only make users change passwords when there is a reasonable suspicion that the password has been compromised. By not forcing users to regularly remember new passwords, they are more likely to create and remember a longer, more complex, strong password.

When you first create an account for a user, typically it is created with a temporary password. The user should then change this password to something they can remember the first time that they sign in.

How to force expire a password

To mark a password as “expired” and to force the user to change their password the next time that they log in you want to use the command “passwd” along with the “-e” flag. The “-e” flag immediately expires an accounts password which will force them to change their password the next time that they log in.

The full command would be “sudo passwd -e [username]”. Sudo is required as the command required root permissions to run.

The command “sudo passwd -e [username]” immediately expires the specified user’s password, forcing them to change it the next time that they log in. Password security is incredibly important, and not just on a Windows machine – be sure to often change your (and other users) passwords, so that nobody can gain unauthorised access to their accounts.

The 1 single command for changing user passwords in Linux

How to change account passwords on linux

Mwiza Kumwenda

6 days ago · 3 min read

How to change account passwords on linux

The importance of passwords and the role it plays in our digital life cannot be emphasized enough. Passwords are probably our first line of defense when it comes to securing digital content.

Linux is by nature a multi-user operating system, meaning that you can share a Linux machine with other users. This is especially true for shared servers in the cloud. Without a solid password, unauthorized users may easily gain access to your content.

Fortunately, Linux is a robust and secure platform. And it offers a simple and intuitive way of managing user passwords from the command terminal.

A r egular user can only change the password for their own account, while a superuser can change the password of any user account on the Linux system.

The command for changing user passwords in Linux is passwd . To change your own password simply open the command terminal and type the following command.

You will then be prompted to enter your old password followed by the new user password as in the figure below.

How to change account passwords on linux

Note: You will not see anything as you fill in your passwords. This is the Unix way of protecting you from shoulder surfers.

The root user in Linux is what the Lion is to the Jungle: King. The root user has privileges to modify anything on the Linux system.

You can change the root user password as follows. Then you will be prompted to enter the new password.

Alternatively, you can change the root user password as follows.

First, switch to be the root user by typing the following command. You will then be prompted to enter the root user password. Once

Once you are logged in as the root user you can then change the password by typing the command below.

How to change account passwords on linux

Note: When you are logged in as the root user, the # symbol is used in the prompt.

Make sure to exit out of the root user prompt when you are done running your command. To exit the root user prompt simply type.

The majority of users on Linux are non-root users. You will need to have administrative privileges to change the password of other users on a Linux system. The command for changing other user’s passwords is passwd username . For example, to change the passwd for user Linga on a system. Simply run.

You will then be prompted to type in the new user password.

The beauty of Linux is that you can learn more about commands right from within the terminal. To learn more about the passwd command, please use the man pages as follows.

As mentioned earlier, passwords are your first line of defense in the digital world. Use secure passwords and do not use the same password on different platforms.

Consider using a password manager to help you in creating and remembering your secure passwords.

Linux How To’s | Bash Scripting | Python

Friday, 23 March 2018

Problem statement:

Change or set a Linux user’s password non-interactively. Consider a scenario that you have to create multiple user accounts with a default password on a server.

I can use passwd command, but it expects user input through stdin .

So, it is certainly not handy when you have to create hundreds of user accounts and set their passwords, as one has to enter the same password twice per user multiplied by the number of user accounts to be created.

We know that, passwd commands expects the new password to be provided through stdin twice, with a ENTER key i.e. new line separating those inputs. We can reproduce this using echo as:

This way, we can send the password twice in one shot using echo command and a new line character \n as:

A better approach to set a user accounts password is to use chpasswd command. This command is used especially when you have to create multiple user accounts and set/update their passwords in a batch. It reads user-password pair from stdin in userName:newPassword format and changes the password of user account userName to newPassword .

With this, we can change the password of user account foouser to newpassword as:

Alternately, you can mention usernames and passwords in a file in userName:newPassword format, one pair per line, and feed that to chpasswd command.

You can use any of this tricks in your script to automate changing or updating Linux user account’s password. Try and let us know how it goes for you.