Home Linux User Management How To Change User Password In Linux

How To Change User Password In Linux

Allow An User To Change The Password Of Certain Other Users

By sk
Published: Last Updated on 765 views

In this tutorial, we will discuss how to change user password in Linux using passwd command from commandline. In addition, we will also learn how to allow an user to change the password of certain other users via sudo.

What Is passwd Command?

The passwd command is used to set and modify a user's password in Linux and Unix-like systems. The passwd command is not only for setting or changing Linux user's password. We can also use the passwd command to set password aging, lock and unlock an User account.

The important options of passwd command are given below:

OptionDescription
-d (--delete)Remove the password of an user without deleting the user.
-e (--expire)Force the user to change the password at next login.
-i (--inactive)Define the number of days after inactivity after the password expiry and before the user account is locked.
-l (--lock)Lock an user's account.
-u (--unlock)Unlock a locked user account.
-n (--minimum)Specify the number of days that must elapse before the password can be changed.
-x (--maximum)Indicates the maximum number of days of password validity before the user password expires and it must be changed.
-S (--status)Display the status information of an user account.
-w (--warning)Indicates the number of days for which the user gets alerts to change their password before it actually expires.
Table - passwd command options and their descriptions

In this guide, we only learn about changing the users password in Linux, so we skip examples for the most options. We will publish a detailed guide for passwd command examples in a separate guide soon.

Change User Password With passwd Command

To change the password of the current user, simply run the passwd command without any options like below:

$ passwd

Enter the password of the current user and then enter the new password twice to change the password.

Changing password for user ostechnix.
Current password: 
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
Change User Password With Passwd Command
Change User Password With passwd Command

To modify the password of other users, specify the target username (E.g. senthil) after the passwd command like below:

$ sudo passwd senthil

Please note that the user should be either root or a member of the sudo group in-order to modify the password.

Allow Users To Change The Password Of Certain Other Users

What we have learned in the previous section is how to modify the password of the current user and also how to change the password of other users using passwd command with sudo or root permissions.

What we are going to learn now is permit a specific user to change the password of certain other users. Please note that we want an user to change ONLY the password of the other users, nothing else. The user must not run other commands except the passwd command.

To put this in simple words, we are going to allow an user to run passwd command and disallow the same user to run all other commands, even with sudo permission.

This is quite helpful when a teacher wants to change the password of his/her student logins.

Let me show you an example.

I am going to create two users namely user1 and user2 as root user.

# useradd user1
# useradd user2

Set password for the above users:

# passwd user1
# passwd user2

Now, let us allow the user1 to change the password of the user2.

To do so, edit /etc/sudoers file using command:

# visudo

Add the following line:

user1   ALL=NOPASSWD:   /usr/bin/passwd user2
Allow Users To Change The Password Of Certain Other Users
Allow Users To Change The Password Of Certain Other Users

Make sure you've added the correct path of the passwd command. As per the above line, the user1 can change the password of the user2 with passwd command without sudo password. Save the file and close it.

Let us verify what are the commands that the user1 can run as root without sudo password:

# sudo -lU user1

Sample output:

Matching Defaults entries for user1 on Almalinux8CT:
    !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin,
    env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS",
    env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
    env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES",
    env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
    env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
    secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User user1 may run the following commands on Almalinux8CT:
    (root) NOPASSWD: /usr/bin/passwd user2
List The Allowed Commands For The Given User On The Current Host
List The Allowed Commands For The Given User On The Current Host

As you can see, the user1 is allowed to run only the passwd command without sudo password on this machine.

Log out from root user session and log back in as user1.

And run the following command to change the password of user2:

[user1@Almalinux8CT ~]$ sudo passwd user2

Sample output:

Changing password for user user2.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.
Change User2 Password
Change User2 Password

As I stated already, the user1 can only execute the passwd command, but not the other commands.

Try to run any other command with sudo except the passwd command:

[user1@Almalinux8CT ~]$ sudo dnf update

You will get an error like below:

[sudo] password for user1:
Sorry, user user1 is not allowed to execute '/bin/dnf update' as root on Almalinux8CT.

Authorize Password Changes For Multiple Users Via Sudo

In the above example, we authorized password changes via sudo for a single user only i.e. user2 in our case. We can also authorize an user to change the password for multiple users or group of users.

Edit /etc/sudoers file as root:

# visudo

Add the the passwd command path along with the user names with comma-separated like below:

user1   ALL=NOPASSWD:   /usr/bin/passwd user2, /usr/bin/passwd user3, /usr/bin/passwd user4

As per the above command, the user1 is allowed to change the password of user2, user3 and user4.

You can also authorize an user to change the password of a group of users (E.g. user2 to user5) with wild-cards like below:

user1   ALL=NOPASSWD:   /usr/bin/passwd user[2-5]

To authorize password changes for user00, user01, user02,....up to user99, add the following line:

user1   ALL=NOPASSWD:   /usr/bin/passwd user[0-9][0-9]

Conclusion

As you can see, changing Linux users password is not that difficult. We can easily modify user's password in Linux using passwd command in couple seconds. We can also allow an user to change ONLY the password of other user, or group of users. Hope this was useful.

Featured Image Credit - Pexels

You May Also Like

1 comment

Chris McGimpsey-Jones September 15, 2022 - 5:52 am

This is always useful to know how to do from command line. Thank you.

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More