How to Set or Change Password in Linux
How do I set or change Linux system password for any user account? How can I change user password on Linux operating system using the command-line options?
Both Linux and UNIX-like operating systems use the password command to change user password. The password is used to update a user’s authentication token (password) stored in /etc/shadow file. The password change passwords for user and group accounts. A normal user may only change the password for his/her own account, the super user (or root) may change the password for any account. The administrator of a group may change the password for the group. password also changes account information, such as the full name of the user, user login shell, or password expiry date and interval.
Linux Set User Password
Type following password command to change your own password:$ password
Sample Outputs:
Changing password for vivek (current) UNIX password: Enter new UNIX password: Retype new UNIX password: password: password updated successfully
The user is first prompted for his/her old password if one is present. This password is then encrypted and compared against the stored password. The user has only one chance to enter the correct password. The super user is permitted to bypass this step so that forgotten passwords may be changed. A new password is tested for complexity. As a general guideline, passwords should consist of 10 to 20 characters including one or more from each of following sets:
- Lower case alphabetics
- Upper case alphabetics
- Digits 0 thru 9
- Punctuation marks/spacial characters
Linux change password for other user account
You need to login as the root user, type the following command to change password for user vivek:# password vivek
OR$ sudo passwd vivek
Sample putput:
Enter new UNIX password: Retype new UNIX password: password: password updated successfully
Where,
- vivek – is username or account name.
Linux Change Group Password
When the -g option is used, the password for the named group is changed. In this example, change password for group sales:# passwd -g sales
The current group password is not prompted for. The -r option is used with the -g option to remove the current password from the named group. This allows group access to all members. The -R option is used with the -g option to restrict the named group for all users.
Changing user passwords on Linux
As a Linux system administrator (sysadmin) you can change password for any users on your server. To change a password on behalf of a user:
- First sign on or “su” or “sudo” to the “root” account on Linux, run: sudo -i
- Then type, passwd tom to change a password for tom user
- The system will prompt you to enter a password twice
To change or set a new root (superuser) password type:$ sudo passwd
Forcing Linux user to change password at their next login
By default, Linux passwords never expire for users. However, we can force users to change their password the next time they log in via GUI or CLI methods. The syntax is straightforward:$ sudo passwd -e {username}
$ sudo passwd --expire {username}
Let us immediately expire an account’s password:$ sudo passwd -e marlena
The system will confirm it:
passwd: password expiry information changed.
When user try to login via ssh command, they will see the following on screen:
$ ssh marlena@192.168.2.25 Last login: Fri Dec 4 04:12:48 2020 from 192.168.2.105 WARNING: Your password has expired. You must change your password now and login again! Changing password for marlena. Current password: New password: Retype new password: passwd: password updated successfully Connection to 192.168.2.25 closed.
Locking and Unlocking user password of the named account
Note that the following local command does not disable the account. The user may still be able to login using another authentication token, such as an SSH key. To disable the account, administrators should use either usermod --expiredate 1 {username} or sudo passwd --expire {username} command. Also, users with a locked password are not allowed to change their password to get around the security policy set by sysadmin.
We can lock the password as follows:$ sudo passwd -l {username}
This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ! at the beginning of the password in the /etc/shadow file. Want to unlock the password, try:$ sudo passwd -u {username}
The above command option re-enables a password by changing the password back to its previous value. In other words, to the value before using the -l option.
A note about setting up a secure Linux password
Compromises in password security typically result from careless password selection. Avoid common password such as:
- Words which appears in a dictionary
- Your first and last name
- Pet names
- Kids or spouses names
- License number
- Date of birth (DoB)
- Home or office address
I strongly recommend that you generate a unique password for all user accounts using your chosen password manager.
Conclusion
The passwd command line utility is used to update or change user’s password. The encrypted password is stored in /etc/shadow file and account information is in /etc/passwd file. To see all user account try grep command or cat command as follows:$ cat /etc/passwd
$ grep '^userNameHere' /etc/passwd
$ grep '^tom' /etc/passwd
The guidance given in this quick tutorial should work with any Linux distribution, including Alpine, Arch, Ubuntu, Debian, RHEL, Fedora, Oracle CentOS, SUSE/OpenSUSE and other popular Linux distros.
Post a Comment