About passwd

On Unix-like operating systems, the passwd command is used to change the password of a user account. A normal user can run passwd to change their password, and a system administrator (the superuser) can use passwd to change another user’s password, or define how that account’s password can be used or changed.

  • About passwd
  • Description
  • Syntax
  • Options
  • Notes
  • Files used by passwd
  • Examples
  • Related commands
  • Linux commands help

This page covers the Linux version of passwd.

Description

The passwd command changes passwords for user accounts. A normal user can only change the password for their account, but the superuser can change the password for any account. passwd can also change or reset the account’s validity period — how much time can pass before the password expires and must be changed.

Before a normal user can change their password, they must first enter their current password for verification. (The superuser can bypass this step when changing another user’s password.)

After the current password is verified, passwd checks to see if the user is allowed to change their password at this time. If not, passwd refuses to continue, and exits.

Otherwise, the user is then prompted twice for a replacement password. Both entries must match for passwd to continue.

Next, the password is tested for complexity. As a general guideline, passwords should consist of at least 6 characters, including one or more of each of the following:

  • lower case letters
  • digits 0 through 9
  • punctuation marks

Syntax

passwd [OPTION] [USER]

Options

The following options change the way passwd operates:

Notes

Password complexity varies depending on the system. Consult your operating system documentation for default complexity rules and how to change them.

  • The user’s login name password usability: L if the account has a locked password, NP if the account has no password, or P if the account has a usable password date of the last password change minimum password age maximum password age password warning period password inactivity period

On systems that use NIS (Network Information Services), users may not be able to change their password if they are not logged in to the NIS server.

Files used by passwd

Examples

Change your password

passwd

Running passwd with no options changes the password of the account running the command. You will first be prompted to enter the account’s current password:

(current) UNIX password:

If it is correct, you’ll be asked to enter a new password:

Enter new UNIX password:

…and to enter the same password again, to verify it:

Retype new UNIX password:

If the passwords match, the password will be changed.

Change another user’s password

sudo passwd jeff

If you have superuser privileges, you can change another user’s password. Here, we prefix the command with sudo to run as the superuser. This command changes the password for user jeff. You are not prompted for jeff’s current password.

Change your password without knowing your current password

If you need to change your password because you forgot it, you need to log in to the root account. To do this, you need to know the password for user root.

Let’s say your username is sally, and you can’t remember your password. However, you have administrator access to the system: you can log in as root, using the password for that account. Log in as root, and then from the command line, run:

passwd sally

But what if you forgot the password for root as well? In this case, you need to log in to the machine in single-user mode, also known as runlevel 1. This cannot be done over the network, so you need physical access to the machine to boot into this runlevel.

Reboot the machine. When it is booting up, you should be presented with a bootloader menu. On many systems, such as Debian or Ubuntu, the boot menu will include an option for “Recovery Mode” or “Single User Mode” (as in the image below). Select this boot option.

This option boots you into a text-only mode, and log you in as root.

If you need to mount /, do so:

mount -rw -o remount /

Now change sally’s password:

Or root’s:

When you’re done, reboot your system:

shutdown -r now

Start the system normally, and you should be able to log in as sally with the new password.

Additional examples

sudo passwd -S ted

Check the status of the password for the user named ted. Output resembles the following:

ted P 05/13/2014 2 365 7 28

Here, we see the user’s name (ted), followed by a P, indicating that his password is currently valid and usable. The password will expire on May 5, 2014. Ted cannot change his password more often than every 2 days, and must change the password every 365 days. He will be warned 7 days before a required password change, and if he allows his password to expire, his account will be disabled 28 days later.

sudo passwd -S -a

Similar to the above command, but checks the password status for all user accounts, system-wide.

sudo passwd -l jane

Lock the password for user jane. She cannot to log in until a system administrator unlocks it.

sudo passwd -u jane

Unlock jane’s password. It automatically resets to whatever it was before it was locked, and she can log in again.

sudo passwd -e alan

Expire alan’s password. The next time he logs in, he will be required to set a new password.

chfn — Change a user’s finger information. finger — List information about a user. login — Begin a session on a system. nispasswd — Change NIS+ password information. nistbladm — Administer NIS+ tables. useradd — Add a user to the system. vipw — Safely edit the password file. yppasswd — Change a network password in an NIS database.