Using the passwd Command on Linux

In this guide, we will be showing you how to use the passwd command on a Linux-based operating system.

Using the passwd command, you can change the current Linux user’s password. Additionally, if you have superuser privileges, you can even change the password of a different user.

On top of changing a user’s password, this utility has several other useful bits of functionality. For example, you can use it to lock an account, set an expiry on a password, delete a password, or even get a user’s password status.

Learning how to use passwd is crucial to ensuring strong security on your Linux system. It is also an essential tool for any system administrator to learn how to use.

Over the following few sections, we will show you the several different ways that you can use the passwd tool.

Table of Contents

• Syntax of the passwd Command
• Change the Current Users Password with the passwd Command
• Change a Users Password in Linux
  • Example of Using passwd to Change a Users Password
• Get Status of Users Password on Linux
  • The Data from the passwd Status Option
  • Examples of Retrieving the Status of Passwords using passwd
    • Example of Getting Status of Current User’s Password
    • Example of Getting the Status of a Specific Users Password
    • Example of Using passwd To Get Password Status of All Users
• Expire a Linux Users Password
  • Example of Using passwd to Expire a Users Password
• Locking a Users Password Using the passwd Command
  • Example of Using passwd to Lock an Accounts Password
• Unlocking a Users Password with passwd on Linux
  • Example of Unlocking a Users Password
• Set a Minimum Number of Days Between Password Changes
  • Example of Setting a Minimum Number of Days Between Password Changes
• Set an Expiry Time for a Password using passwd
  • Example of Setting an Expiry Time for a Password
• Warn Users Before Password Expiry
  • Example of Setting Number of Days Before Password Expiry Warning
• Disable Account for Inactivity on Linux using passwd
  • Example of Setting an Inactive Period for a User
• Delete a Users Password on Linux using passwd
  • Example of Using passwd to Delete a Users Password
• Conclusion

Syntax of the passwd Command

The passwd tool, while powerful, is straightforward to use. We will be going over how exactly to use this tool.

Included below, you can see the syntax for this command.

passwd [OPTIONS] [USER]

The passwd command has two optional parameters that you can use to control the utility’s behavior.

The first parameter is called “[OPTIONS]“. You can utilize this option to control what the passwd command is doing. For example, you can tell the utility to expire the user’s password, forcing the user to set a new one.

The second parameter ([USER]) allows you to specify the user you want to modify the password of. This option is only helpful for those who have superuser privileges. Typically a user is restricted to only changing their password.

When you use the passwd command on Linux without any option, it will modify the current user.

Change the Current Users Password with the passwd Command

Using the passwd utility on Linux, changing the current user’s password is straightforward. By default, the passwd utility will modify the existing user’s password.

1. All you need to do is use the following command within your system’s terminal.

passwd

2. When you run this command as a non-superuser, you will be asked to enter the password for your current user.

The dialog will tell you the user that you are currently changing the password for. In our case, this user is called “pi“.

Changing password for pi.
Current Password:

3. Next, you will need to enter the new password for your Linux user. The password will need to be longer than 6 characters.

Remember to try and keep your password secure by using a mix of different characters and numbers.

New password:

4. To confirm the new password, you must type it in again.

Requiring you to enter the password again helps ensure you don’t accidentally set a poor password and lock yourself out of your account.

Retype new password:

5. If the passwd command successfully changed your Linux user’s password, you will see the following message in your command line.

passwd: password updated successfully

Change a Users Password in Linux using the passwd Command

You can use the passwd command to change another user’s password. For this part of the tool to work, you will need superuser privileges.

All you need to do is simply use “passwd” followed by the user’s name you want to change the password for.

passwd USER

Example of Using passwd to Change a Users Password

For this example, we will be using the passwd tool to change the password of our user called “pimylifeup“.

1. Changing the password for this user is as straightforward as using “passwd” followed by our user’s name “pimylifeup“.

As we are running this from a non-root user with superuser privileges, we will need to utilize “sudo” at the front of the command.

sudo passwd pimylifeup

2. After running this command, the passwd command will prompt you to enter a new password for your user.

Since we are using the superuser, the tool won’t enforce the standard password requirements. However, it would help if you still stuck to good password standards to maintain the security of your system.

New password:

3. You will need to re-enter your password before the passwd command changes your Linux user’s password.

Retype new password:

4. If you successfully changed the specified user’s password, passwd will print the message below to the terminal.

passwd: password updated successfully

Get Status of Users Password on Linux using the passwd Command

The passwd command on Linux allows you to retrieve a user’s password status. This option provides you with information regarding several bits of information.

The main option for getting a user’s status is “-S” or “--status“. This can be accompanied by the “-a” option, which displays the status for all users.

If you don’t specify the user, the command will default to the current user.

passwd -S [-a] [USER]

To get the status of a different user, or all users, you will need to either be using the root user or a user with superuser privileges.

The Data from the passwd Status Option

Below is an example of the data that the status command will give you. We will go over what each value means so that you can interpret this data.

pimylifeup P 02/16/2022 0 5 5 -1

Seven different fields are printed for each user that has a password. Below is what each field contains.

1. The first field represents the user’s login name.
   
   From our example data, we can see that the username for this user is “pimylifeup“.
2. The second field indicates the status of the user’s password. In our example, you can see our user currently has the status of “P“.
   
   The passwd command can display three different options here. You can see the symbols and their meaning below.
   • L – Locked Password
   • NP – No Password
   • P – Useable Password
3. The third field tells you the last date that the user changed their password.
   
   Using our example data, we can see the user last changed their password on “02/16/2022“.
4. The minimum number of days that has to pass before the user can change their password.
   
   In our case, we can see the user can change their password at any time as this value is set to “0“.
5. The fifth field represents the maximum number of days the user can use a password before expiring.
   
   In our example, we can see that our password will expire after 5 days.
6. The sixth field tells you the number of days before password expiry that a user will begin to be warned.
   
   We can see that Linux will warn the user 5 days before their password expires from our example.
7. The seventh and final field tells you how long a user’s password can be expired before the user is disabled.
   
   Our example shows that our user will never be disabled for being inactive as the value is set to “-1“.

Examples of Retrieving the Status of Passwords using passwd

Below, we will walk you through a few different ways to use the passwd command on Linux.

Example of Getting Status of Current User’s Password

To retrieve the current user’s status, all we need to do is use the “-S” option alongside the “passwd” command.

Using this, we tell the tool we want the current user’s password status.

passwd -S

Below is the status that we got for our “pi” user.

pi P 02/16/2022 0 99999 7 -1

Example of Getting the Status of a Specific Users Password

You can also use the passwd command to get a specified user password status.

For this example, we will get the status for our “pimylifeup” user. First, we need to use the “-S” option, followed by the user’s name.

sudo passwd -S pimylifeup

After running this command, we retrieved the status for our specified user.

pimylifeup P 02/16/2022 0 5 5 -1

Example of Using passwd To Get Password Status of All Users

Finally, you can use the passwd command to retrieve the password status for all users.

To get the status of all users, you need to combine both the “-S” and “-a” options. This can be written as “-S -a” or “-Sa“.

sudo passwd -S -a

You will get a list containing every user on your system and their password status. Below is a snippet of what we received after using this option.

root L 10/30/2021 0 99999 7 -1
daemon L 10/30/2021 0 99999 7 -1
bin L 10/30/2021 0 99999 7 -1
sys L 10/30/2021 0 99999 7 -1
sync L 10/30/2021 0 99999 7 -1
games L 10/30/2021 0 99999 7 -1
man L 10/30/2021 0 99999 7 -1
lp L 10/30/2021 0 99999 7 -1

Expire a Linux Users Password

If you want to force a user to change their password, you can use the expire option.

Using the “-e” or “--expire” option, you tell the passwd command that it should immediately expire the specified user’s password.

The next time the user goes to log in, they will be asked to enter a new password before continuing.

passwd -e USER

Example of Using passwd to Expire a Users Password

For this example, we will be expiring the password for our user called “pimylifeup“.

1. To expire a user’s password, we need to use the “-e” option, followed by its username.

Below you can see the passwd command we used to expire the password of our Linux user.

sudo passwd -e pimylifeup

2. Once this command runs, you should see a message similar to the one shown below.

This message tells you that the passwords expiry has been updated.

passwd: password expiry information changed.

3. Next time the user attempts to log in to their account, they will be greeted by the following message.

This message tells the user that their password has expired, and they must now set a new one before they can continue.

To proceed with this process, you must first enter your user’s current password.

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for pimylifeup.
Current password:

4. Next, the passwd command will prompt you to enter a new password for your user. Please note that the user can’t type in the same password as before. It must be new password.

The tool will also require you to verify the password by entering it twice.

New password:
Retype new password:

5. If your password has been successfully changed, you will be greeted by the following message.

The user will also be logged out immediately from their current session. This action forces the user to now have to log in with their new password

passwd: password updated successfully

Locking a Users Password Using the passwd Command

The passwd command allows you to lock a Linux user’s account as an alternative to deleting a user’s password.

The tool achieves locking a user by adding an exclamation mark (!) to the beginning of the encrypted value. Doing this ensures that there will never be a valid match for the user’s password.

To lock a user, you will need to use the “-l” (--lock) option alongside “passwd“. In addition, you will be required to specify the username you want to lock.

passwd -l USER

Please note locking a user’s password using passwd does not prevent them from logging in. If that user has another authentication method, such as using an SSH key, they will still gain access to their user.

This option simply prevents the user’s password from being used.

Example of Using passwd to Lock an Accounts Password

For this example, we will use the passwd command to lock our user called “pimylifeup“.

1. We can run the following command within the terminal to lock our “pimylifeup” user.

All we need to do is use the passwd command, followed by the “-l” option, and our user.

passwd -l pimylifeup

2. After locking the user’s password you will receive a message that your password information has changed.

passwd: password expiry information changed.

3. Now, if we try to login to our “pimylifeup” user using the password, we will run into an access denied error.

This is because the passwd command has modified our password, so Linux can’t validate it.

Access Denied

Unlocking a Users Password with passwd on Linux

The passwd command allows you to unlock an already locked Linux user’s password.

Using the “-u” or “--unlock” option, the tool will restore the user’s password to its original form. Simply put, it will remove the exclamation mark (!) that passwd added to the password by using the lock option.

The syntax for using the unlock option is as straightforward as what is shown below.

passwd -u USER

Please note that after running this command, that user will be able to log in to the account again.

Example of Unlocking a Users Password

For this example, we will unlock the password belonging to a user called “pimylifeup“.

1. All this requires us to do is use the passwd command, the “-u” option, and the username “pimylifeup“.

As we need to use our superuser privileges, we need to use “sudo” at the start of the command.

sudo passwd -u pimylifeup

2. Once your user has been successfully unlocked, you will see a message displayed in the terminal.

In our case, the passwd tool displayed the following message on our Linux system.

passwd: password expiry information changed.

3. Now, if we try to log in to our “pimylifeup” user, we can log in without issue.

Set a Minimum Number of Days Between Password Changes

The passwd command on Linux allows you to set restrictions on that user’s password. The first of these restrictions allows you to force a user to keep the same password for a set number of days.

This option is helpful if you want to force a user to maintain a password for a set number of days.

To set the minimum time between password changes, you need to use the “-n MIN_DAYS” or “--mindays MIN_DAYS” option.

Below you can see the straightforward syntax for setting a minimum timespan for a password for a particular user.

passwd -n MIN_DAYS USER

If you set the number of days to 0, users can change their password whenever they want.

Example of Setting a Minimum Number of Days Between Password Changes

For this example, we will be using the passwd tool to set it so that our user can’t change their password for 30 days.

1. Utilizing the passwd tool, we can use the “-n” option, followed by the number “30“.

Used this way, the user will only be able to change their password after 30 days have elapsed.

passwd -n 30 pimylifeup

2. As usual, you will receive a message informing you that the passwd command has successfully changed your user.

passwd: password expiry information changed.

3. Now, when that user changes their password on their Linux system, they will run into the following message.

The message passwd gives you informs the user that they must wait longer before being able to change their password

pimylifeup@pimylifeup:~ $ passwd
Changing password for pimylifeup.
Current password:
You must wait longer to change your password.
passwd: Authentication token manipulation error
passwd: password unchanged

Set an Expiry Time for a Password using passwd

The passwd command allows you to set an expiry date for your user’s password. This option will force the user to change their password after a specified number of days has passed.

This option is useful if you want to force a user to change their password regularly.

All we need to do is use the “-x MAX_DAYS” or “--maxdays MAX_DAYS” option, followed number the number of days (MAX_DAYS), and finally, the username (USER).

passwd -x MAX_DAYS USER

By setting the maximum days to 0, the user’s password will never expire.

Example of Setting an Expiry Time for a Password

For this example on using the passwd command on Linux, we will set our users password to be expired every 60 days.

1. Within the command line, you can run the following command to expire our pimylifeup user’s password every 60 days.

All we need to do is use “passwd“, followed by the “-x” option, the number 60, and finally the username “pimylifeup“.

sudo passwd -x 60 pimylifeup

2. You will know that your user’s expiry information has changed by seeing the following message in the terminal

passwd: password entry expiry information changed.

3. After 60 days have passed, our “pimylifeup” user would see the following message.

For the user to log in to their account, they will be forced to change their password.

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for pimylifeup.
Current password:

Warn Users Before Password Expiry

Using the passwd command it is possible to warn a user before their password expires. The user will be warned whenever they log in to their account.

By utilizing this option, Linux will warn the user for the number of warn days before the password expires.

To set this value, we must use the “-w” or “--warndays” option. The period before the user is warned about their password expiring is specified in days.

passwd -w WARN_DAYS USER

By setting this value to 0, the user will never be warned about their password expiring.

Example of Setting Number of Days Before Password Expiry Warning

For this example, we will warn our “pimylifeup” user about their password expiring 10 days before it expires.

1. Using the following command within the terminal, we can change the number of warning days for our “pimylifeup” to 10.

sudo passwd -w 10 pimylifeup

2. Once the number of warning days has been updated, you will see a message like the following in your terminal.

This message may differ depending on the Linux distribution that you are using.

passwd: password expiry information changed.

3. Once your user falls within the warn day range, they will start being warned that their password is going to expire.

Below is an example of the message shown for our user three days before their password expired.

Warning: your password will expire in 3 days.

Disable Account for Inactivity on Linux using passwd

The passwd command also can disable an account when its password remains expired. The period before the account is disabled is specified in days.

To set the inactive period, you can use the “-i” or “--inactive” option, followed by the number of days. Next, you will need to specify the user’s name that you want to modify.

passwd -i INACTIVE_DAYS USER

Example of Setting an Inactive Period for a User

For this example, we will be setting an inactive period of 120 days for our “pimylifeup” user.

This means after our user’s password expires and 120 days have passed, the user will be disabled.

1. Within the terminal, we need to use the following command to set the inactive period for our user.

First, we need to use the “-i” option, followed by the number of days you want to pass before the user is disabled. The last thing you need to specify is the user’s name.

sudo passwd -i 120 pimylifeup

2. If the passwd tool successfully changes the inactive period, you will see a message as we have shown below.

Depending on your Linux distribution, this message might be worded differently.

passwd: password expiry information changed.

3. After the inactivity passes, the user will no longer be able to access their account.

For that user to have their account re-activated, they would need to contact an administrator for your Linux system.

Delete a Users Password on Linux using passwd

The passwd command allows you to delete the specified user’s password. The tool achieves this by making the password empty, effectively making it a passwordless named account. Of course, as a passwordless account, you won’t be able to log in to it.

To delete a user’s password, you need to use the “-d” (--delete) option alongside the passwd utility. In addition, you will be required to specify the user’s name.

passwd -d USER

Example of Using passwd to Delete a Users Password

For this example, we will be deleting the password for our “pimylifeup” user by utilizing the “-d” option.

1. To delete the password for our user, we need to start with the “passwd” command, followed by the “-d” option, then our username “pimylifeup“.

Remember that you will no longer be able to log in to the specified user after running this command.

sudo passwd -d pimylifeup

2. Below is an example of the message you will get after deleting your user’s password.

passwd: password expiry information changed.

3. If we attempt to login to our pimylifeup user, you will now run into an “Access Denied” error. The reason for this is the user no longer has an associated password, so there is nothing.

Access Denied

Conclusion

By this point in the guide, you should now understand how to use the passwd command on Linux.

While the primary use of the passwd tool is to change the password of a user, it also has additional functionality.

This functionality allows you to perform tasks like having a user’s password expire or locking their account.

If you have any issues using the passwd command on your Linux system, please comment below.

Be sure to check out our many other Linux command guides or our general Linux tutorials.

Weekly Updates Straight To Your Inbox

Receive our Raspberry Pi projects, coding tutorials, Linux guides and more!

Subscribe