Linux Password Change And Passwd Options

linux-password-change-linux-passwd-command-options

Authentication is very important in Linux. There are different users in a Linux system. One of them is root user and beside root, there are other roots. To manage the authentication information of these users, passwd command is used. We can not only do linux password change with this command, but also, we can access password related information.

 

Here, in this lesson, we will learn both linux password change and other password operations that can be one with linux passwd command. Now, let’s start with linux password file and learn where the password related authentication information resides in kali Linux systems.

 

Where are user passwords stored?

 

In Linux, user password information is stored in /etc/passwd. /etc/passwd file is not only stores user passwords but also it stores other authentication related information. What are these information? These are given below:

  • username
  • password
  • User ID
  • Group ID
  • Home directory
  • Command or shell

 

We can use linux cat command to see the content of this file.

 

kali@kali:~$ cat /etc/passwd

root:x:0:0:root:/root:/bin/bash

daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin

bin:x:2:2:bin:/bin:/usr/sbin/nologin

sys:x:3:3:sys:/dev:/usr/sbin/nologin

sync:x:4:65534:sync:/bin:/bin/sync

games:x:5:60:games:/usr/games:/usr/sbin/nologin

man:x:6:12:man:/var/cache/man:/usr/sbin/nologin

….

linux-password-status-ipcisco.com

By the way, if the user password is hashed, then it is stored under /etc/shadow.


How to do Linux Password Change?

 

In Linux, passwords can be changed by users. But here there is a key point. Root user can change all passwords. But normal users can change only his/her passwords. In other words, if you would like to do linux password change for all the users, you need to be a root user.

 

If you are a normal user or a root user, to change your own linux password, the only command you need to sue is passwd command. With this command, you do not need to use an extra command.

 

root@kali:/home/kali# passwd

Changing password for kali.

Current password:

New password:

Retype new password:

passwd: password updated successfully

 

Now, let’s change another user’s, user gokhan’s password as an example.

 

root@kali:/home/kali# passwd gokhan

New password:

Retype new password:

passwd: password updated successfully

linux-password-change-ipcisco.com-1


 

How to See Password Status?

 

If you would like to check user password status, you can use passwd with “-S” option. Below, you can find how to see password status for the current user “kali”.

 

kali@kali:~$ passwd -S

kali P 08/02/2021 0 99999 7 -1

 

If you would like to check the password of a specific user, you should use the user name with passwd command and “-S” option. To do this, you should be a root user. Because only root user can access other’s information. Below, we will see the status of user gokhan’s password.

 

kali@kali:~$ sudo su

[sudo] password for kali:

 

root@kali:/home/kali# passwd -S gokhan

gokhan P 08/02/2021 0 99999 7 -1

linux-password-status-ipcisco.com

We can also see all the password status with adding “-a” option like below .Again, to do this, we need to be root.

 

root@kali:/home/kali# passwd -a -S

root L 01/27/2020 0 99999 7 -1

daemon L 01/27/2020 0 99999 7 -1

bin L 01/27/2020 0 99999 7 -1

sys L 01/27/2020 0 99999 7 -1

sync L 01/27/2020 0 99999 7 -1

 


 

Linux User Password Lock, Unluck, Disable, Expire

 

During user management, beside linux password change, sometimes you need to lock a linux user password, unlock it or delete the user password with which he/she can access the system without password. So, how can  we do this, how can we lock a user password, unlock it or delete it. Let’s see these with examples.

 

By the way, to lock, unlock or delete a user password, you should be a root user.

 


 

How to Lock user password in Linux?

 

Because of some reasons, we need to lock a user by locking his/her user password. So, to lock a user password in linux, we use linux passwd command and “-l” option with the user name that we will lock. Below, we will lock the password of user gokhan.

 

root@kali:/home/kali# passwd -l gokhan

 


 

How to Unlock user password in Linux?

 

If a user password is locked because of some reasons, we need to unlock it for the user system access. To do this, we use linux passwd command and option “-u” with the user name.Below, we will unclock the password of user gokhan.

 

root@kali:/home/kali# passwd -u gokhan

linux-password-lock-and-unlock-ipcisco.com-1


 

How to Disable user password in Linux?

 

To delete a user password, we use linux passwd command and option “-d” with the user that we would like to work with. Below, we will remove the password of user gokhan.

 

root@kali:/home/kali# passwd -d gokhan

 


 

How to Expire user password in Linux?

 

With passwd -e option, we can force a user password for expire. In other words, if we would like a password change from a user, we use this command to expire it. At the next login, user is forced to change his/her password.

 

root@kali:/home/kali# passwd -e gokhan

linux-password-disable-and-expire-pcisco.com


 

Other Linux Passwd Command Options

 

There are other different options that we can use with Linux passwd command. After linux password change, locking and unlocking linux users, with these commands, we can force a user to change his/her password, we can warn a user about this password expiration and more. Below, we will give different examples to them one by one.

 

Passwd -n <days> <username>

 

If we do not want a password change for a period, we can set the number of the days in which user can not change his/her password. By the way, if we do not use this command for a user, the default zero day works. With this default configuration, user can change his/her password anytime he/she wants.

 

Below, we will force user gokhan to use his password ten days. After twenty days, he can change his password.

 

root@kali:/home/kali# passwd -n 20 gokhan

 


 

Passwd -x <valid-days> <username>

 

With passwd -x option, we can set the days that a user password remain valid. In other words, with this option, we can set the days that user can use his/her password. After that time, he/she need to change his/her password.

 

Below, we will set these valid days as 30. So, user gokhan can use his password 30 days.

 

root@kali:/home/kali# passwd -x 30 gokhan

to-set-valid-linux-password-days-ipcisco.com


 

Passwd -w <username>

 

If you would like to warn the user before password expiration, you can use -w option. With this option, you can determine the days before the password expiration.

 

Below, we will set this value to three days. Here, user gokhan will receive a warning message 3 days before the password expiration day. So, this is a basic reminder for a linux user.

 

root@kali:/home/kali# passwd -w 3 gokhan

warn-user-to-change-linux-password-ipcisco.com


 

Passwd -i <username>

 

We have set the valid password days, we have warned the user. Now, it is time to punish the user:) With -i option, we can disable a user password after the password expiration day. Here, we set the number of days after the expiration day, if user do not change his/her password during this time, he/she no longer can access.

 

Below, if user gokhan can not change his password in 7 days after password expiration, he will no longer access his account.

 

root@kali:/home/kali# passwd -i 7 gokhan

 

In this lesson, we have talked about linux passwd command and its different options. With these options, we have seen linux password change, we have set expiration days, we have warned the user about this expiration and we have punished the user. With these options we have also learned how to lock and unlock the user, how to delete or expire his/her password.

 

 

Back to: Kali Linux Course

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact

  • info@ipcisco.com
IPCisco is the Winner! “Best Certification Study Journey of 2019!”

Cisco-ITBlogAwards-2019-Winner-IPCisco-k