In this tutorial, we will discuss how to change user password in Linux using passwd command from commandline. In addition, we will also learn how to allow an user to change the password of certain other users via sudo.
Table of Contents
What Is passwd Command?
The passwd command is used to set and modify a user's password in Linux and Unix-like systems. The passwd command is not only for setting or changing Linux user's password. We can also use the passwd command to set password aging, lock and unlock an User account.
The important options of passwd command are given below:
| Option | Description |
|---|---|
-d (--delete) | Remove the password of an user without deleting the user. |
-e (--expire) | Force the user to change the password at next login. |
-i (--inactive) | Define the number of days after inactivity after the password expiry and before the user account is locked. |
-l (--lock) | Lock an user's account. |
-u (--unlock) | Unlock a locked user account. |
-n (--minimum) | Specify the number of days that must elapse before the password can be changed. |
-x (--maximum) | Indicates the maximum number of days of password validity before the user password expires and it must be changed. |
-S (--status) | Display the status information of an user account. |
-w (--warning) | Indicates the number of days for which the user gets alerts to change their password before it actually expires. |
In this guide, we only learn about changing the users password in Linux, so we skip examples for the most options. We will publish a detailed guide for passwd command examples in a separate guide soon.
Change User Password With passwd Command
To change the password of the current user, simply run the passwd command without any options like below:
$ passwd
Enter the password of the current user and then enter the new password twice to change the password.
Changing password for user ostechnix. Current password: New password: Retype new password: passwd: all authentication tokens updated successfully.
To modify the password of other users, specify the target username (E.g. senthil) after the passwd command like below:
$ sudo passwd senthil
Please note that the user should be either root or a member of the sudo group in-order to modify the password.
Allow Users To Change The Password Of Certain Other Users
What we have learned in the previous section is how to modify the password of the current user and also how to change the password of other users using passwd command with sudo or root permissions.
What we are going to learn now is permit a specific user to change the password of certain other users. Please note that we want an user to change ONLY the password of the other users, nothing else. The user must not run other commands except the passwd command.
To put this in simple words, we are going to allow an user to run passwd command and disallow the same user to run all other commands, even with sudo permission.
This is quite helpful when a teacher wants to change the password of his/her student logins.
Let me show you an example.
I am going to create two users namely user1 and user2 as root user.
# useradd user1
# useradd user2
Set password for the above users:
# passwd user1
# passwd user2
Now, let us allow the user1 to change the password of the user2.
To do so, edit /etc/sudoers file using command:
# visudo
Add the following line:
user1 ALL=NOPASSWD: /usr/bin/passwd user2
Make sure you've added the correct path of the passwd command. As per the above line, the user1 can change the password of the user2 with passwd command without sudo password. Save the file and close it.
Let us verify what are the commands that the user1 can run as root without sudo password:
# sudo -lU user1
Sample output:
Matching Defaults entries for user1 on Almalinux8CT:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin,
env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS",
env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES",
env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User user1 may run the following commands on Almalinux8CT:
(root) NOPASSWD: /usr/bin/passwd user2
As you can see, the user1 is allowed to run only the passwd command without sudo password on this machine.
Log out from root user session and log back in as user1.
And run the following command to change the password of user2:
[user1@Almalinux8CT ~]$ sudo passwd user2
Sample output:
Changing password for user user2. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully.
As I stated already, the user1 can only execute the passwd command, but not the other commands.
Try to run any other command with sudo except the passwd command:
[user1@Almalinux8CT ~]$ sudo dnf update
You will get an error like below:
[sudo] password for user1: Sorry, user user1 is not allowed to execute '/bin/dnf update' as root on Almalinux8CT.
Authorize Password Changes For Multiple Users Via Sudo
In the above example, we authorized password changes via sudo for a single user only i.e. user2 in our case. We can also authorize an user to change the password for multiple users or group of users.
Edit /etc/sudoers file as root:
# visudo
Add the the passwd command path along with the user names with comma-separated like below:
user1 ALL=NOPASSWD: /usr/bin/passwd user2, /usr/bin/passwd user3, /usr/bin/passwd user4
As per the above command, the user1 is allowed to change the password of user2, user3 and user4.
You can also authorize an user to change the password of a group of users (E.g. user2 to user5) with wild-cards like below:
user1 ALL=NOPASSWD: /usr/bin/passwd user[2-5]
To authorize password changes for user00, user01, user02,....up to user99, add the following line:
user1 ALL=NOPASSWD: /usr/bin/passwd user[0-9][0-9]
Conclusion
As you can see, changing Linux users password is not that difficult. We can easily modify user's password in Linux using passwd command in couple seconds. We can also allow an user to change ONLY the password of other user, or group of users. Hope this was useful.
Featured Image Credit - Pexels
1 comment
This is always useful to know how to do from command line. Thank you.