Authentication is very important in Linux. There are different users in a Linux system. One of them is root user and beside root, there are other roots. To manage the authentication information of these users, passwd command is used. We can not only do linux password change with this command, but also, we can access password related information.
Here, in this lesson, we will learn both linux password change and other password operations that can be one with linux passwd command. Now, let’s start with linux password file and learn where the password related authentication information resides in kali Linux systems.
In Linux, user password information is stored in /etc/passwd. /etc/passwd file is not only stores user passwords but also it stores other authentication related information. What are these information? These are given below:
We can use linux cat command to see the content of this file.
kali@kali:~$ cat /etc/passwd
By the way, if the user password is hashed, then it is stored under /etc/shadow.
In Linux, passwords can be changed by users. But here there is a key point. Root user can change all passwords. But normal users can change only his/her passwords. In other words, if you would like to do linux password change for all the users, you need to be a root user.
If you are a normal user or a root user, to change your own linux password, the only command you need to sue is passwd command. With this command, you do not need to use an extra command.
Changing password for kali.
Retype new password:
passwd: password updated successfully
Now, let’s change another user’s, user gokhan’s password as an example.
root@kali:/home/kali# passwd gokhan
Retype new password:
passwd: password updated successfully
If you would like to check user password status, you can use passwd with “-S” option. Below, you can find how to see password status for the current user “kali”.
kali@kali:~$ passwd -S
kali P 08/02/2021 0 99999 7 -1
If you would like to check the password of a specific user, you should use the user name with passwd command and “-S” option. To do this, you should be a root user. Because only root user can access other’s information. Below, we will see the status of user gokhan’s password.
kali@kali:~$ sudo su
[sudo] password for kali:
root@kali:/home/kali# passwd -S gokhan
gokhan P 08/02/2021 0 99999 7 -1
We can also see all the password status with adding “-a” option like below .Again, to do this, we need to be root.
root@kali:/home/kali# passwd -a -S
root L 01/27/2020 0 99999 7 -1
daemon L 01/27/2020 0 99999 7 -1
bin L 01/27/2020 0 99999 7 -1
sys L 01/27/2020 0 99999 7 -1
sync L 01/27/2020 0 99999 7 -1
During user management, beside linux password change, sometimes you need to lock a linux user password, unlock it or delete the user password with which he/she can access the system without password. So, how can we do this, how can we lock a user password, unlock it or delete it. Let’s see these with examples.
By the way, to lock, unlock or delete a user password, you should be a root user.
Because of some reasons, we need to lock a user by locking his/her user password. So, to lock a user password in linux, we use linux passwd command and “-l” option with the user name that we will lock. Below, we will lock the password of user gokhan.
root@kali:/home/kali# passwd -l gokhan
If a user password is locked because of some reasons, we need to unlock it for the user system access. To do this, we use linux passwd command and option “-u” with the user name.Below, we will unclock the password of user gokhan.
root@kali:/home/kali# passwd -u gokhan
To delete a user password, we use linux passwd command and option “-d” with the user that we would like to work with. Below, we will remove the password of user gokhan.
root@kali:/home/kali# passwd -d gokhan
With passwd -e option, we can force a user password for expire. In other words, if we would like a password change from a user, we use this command to expire it. At the next login, user is forced to change his/her password.
root@kali:/home/kali# passwd -e gokhan
There are other different options that we can use with Linux passwd command. After linux password change, locking and unlocking linux users, with these commands, we can force a user to change his/her password, we can warn a user about this password expiration and more. Below, we will give different examples to them one by one.
If we do not want a password change for a period, we can set the number of the days in which user can not change his/her password. By the way, if we do not use this command for a user, the default zero day works. With this default configuration, user can change his/her password anytime he/she wants.
Below, we will force user gokhan to use his password ten days. After twenty days, he can change his password.
root@kali:/home/kali# passwd -n 20 gokhan
With passwd -x option, we can set the days that a user password remain valid. In other words, with this option, we can set the days that user can use his/her password. After that time, he/she need to change his/her password.
Below, we will set these valid days as 30. So, user gokhan can use his password 30 days.
root@kali:/home/kali# passwd -x 30 gokhan
If you would like to warn the user before password expiration, you can use -w option. With this option, you can determine the days before the password expiration.
Below, we will set this value to three days. Here, user gokhan will receive a warning message 3 days before the password expiration day. So, this is a basic reminder for a linux user.
root@kali:/home/kali# passwd -w 3 gokhan
We have set the valid password days, we have warned the user. Now, it is time to punish the user:) With -i option, we can disable a user password after the password expiration day. Here, we set the number of days after the expiration day, if user do not change his/her password during this time, he/she no longer can access.
Below, if user gokhan can not change his password in 7 days after password expiration, he will no longer access his account.
root@kali:/home/kali# passwd -i 7 gokhan
In this lesson, we have talked about linux passwd command and its different options. With these options, we have seen linux password change, we have set expiration days, we have warned the user about this expiration and we have punished the user. With these options we have also learned how to lock and unlock the user, how to delete or expire his/her password.