I cannot tell you how many times I’ve had to manage user passwords in Linux without the help of a GUI app. Whether it’s on a server or because I’m using SSH to access a remote machine, knowing the commands available for that task has saved my skin on several occasions.
The good news is that there’s only one command you must know to manage those passwords from the command line interface (CLI). However, there’s a second command I consider essential as well.
Also: The first 5 Linux commands every new user should learn
I want to address both of these commands and show you how powerful and helpful they can be.
Are you ready for this?
The passwd command
The name of this command always trips up new users at first. When I first started working with Linux, it took me a while for my fingers to remember the command is passwd and not password.
The passwd command enables you to set, change, and check the status of a password. It also can force a user to change their password and lock/unlock accounts.
Let me show you how to do each of those things. Don’t worry about what distribution you are using, as the passwd command ships with them all.
First, let’s set a new password. This will be necessary only when a user is first created from the command line. Some distributions will require you to set a password during user creation, others do not. If you find the adduser command doesn’t require setting a password for that new user, you can create one with the command:
Where USER is the user in question.
Changing a password can be done by an administrator or by a standard user. The administrator can change the password of any user on the system and the standard user can only change their own password.
Also: Thinking about switching to Linux? 10 things you need to know
For the admin to change a password, the command is:
Where USER is the user in question.
For a user to change their own password, the command is simply:
To check the status of a password, issue the command:
Where USER is the user in question.
The output will include the username, status, date last changed, minimum password age, maximum password age, warning period, and inactive period.
Also: The best Linux distros for beginners
You can also check the status of all user passwords with the command:
The above command will also include system accounts.
Now, let’s force a user to change their password, which is done with the command:
Where USER is the name of the user in question. When the user next logs in, they’ll be prompted for their current password and then instructed to set a new one.
Finally, you can lock and unlock a user account with the passwd command. To lock an account, the command is:
Where USER is the name of the user in question.
The user will no longer be able to log into their account. To unlock the user account, the command is:
Where USER is the name of the user in question.
The chage command
The chage command is used to manage password expiry. Why would you use this instead of the passwd command? Simply put, the chage command gives you more control over password expiration. This can come in handy when you need to create temporary accounts on your Linux system. You can set a password to expire after a certain period, at which point the user will not longer be able to log in. This can be helpful if you have guests staying for a set period or if you have an employee who will be leaving the company on a specific date.
Also: This Linux distro has a smart feature that vastly improved my workflow
Let’s say you want to use chage to force a user to change a password on a specific date. For example, if you want to force a password change on October 31, 2024, for user olivia, the command would be:
sudo chage -d 2024-10-31 olivia
When the olivia user goes to log in on that date, they will be forced to change their password.
Let’s say you want to force an account expiration date. For that, use the E option like this:
sudo chage -E 2024-10-31 olivia
You can also lock user accounts with chage like so:
Where USER is the name of the user in question.
If you want to remove an expiry date from an account, the command would look like this:
sudo chage --expiredate -1 USER
Where USER is the name of the user in question.
Finally, you can specify the number of days between required password changes. Let’s say you want a user to change their password every 30 days. For that, the command would be:
Where USER is the name of the user in question.
Once you’ve executed the above command, the user will have to change their password every 30 days. You can also set the warning period for the user. Instead of being warned on the day of, you can let them know the day before with the command:
Where USER is the name of the user in question.
You can also remove the explicit expiration date with:
Where USER is the name of the user in question.
And that, my friends, is how you can manage user passwords from the command line.
(Except for the headline, this story has not been edited by PostX News and is published from a syndicated feed.)