how to update or change the user password in linux

There are plenty of reasons as to why you might want to change or update your password. Be it for security reasons or just to make it easier to remember you will run into a situation when you need to change your password in Linux. The command to change your password in both Linux and Unix is passwd.

The passwd command can be used to change any user’s password on the system provided you have the permission to do so. It is especially useful if you administer users on a Linux machine.

Change Password

To change your own password, just use passwd without any command line options.

bash$ passwd

As a security measure you will asked for the current password and then prompted to enter your new password.

In order to change the password of another user, you need to be the super user. As a super user or root enter the following command

bash$ passwd <username>

You will be prompted to enter the new password. As you are the super user, it is not necessary to enter the old password. So, this is useful in changing passwords of users who had lost their passwords.

Delete Password

You can delete a user’s password using the –delete or -d option with the passwd command. This will set the password of the user to empty or a blank string. Essentially, the user doesnot have a password in this case which is usually not a desired situation.

bash$ passwd -d <username>

Expire Password

Sometimes you will have to manually expire the password of an user. This will force the user to create or update their password when they login the next time. The –expire or -e option allows you to force expire the user password.

bash$ passwd -e <username>

Lock and UnLock Passwords

In order to lock the the user password you would use the –lock or -l option. This is useful if you intend to unlock the user account at a later time. Note that this is different than disabling the account.

bash$ passwd -l <username>

To unlock a locked password, use the –unlock or -u option

bash$ passwd -u <username>

The lock option is different than disabling the user account. This will just change the password to a value which cannot be encrypted to, usually by adding ! to the start of it. While this will stop the user from logging in directly by typing in the password, it doesnot completely disable other authentication mechanisms and tokens. For example, the user could use an existing ssh key or token or use a different authentication scheme to login.

If you like to disable the user account entirely, then the preferred method is to use the usermod command. You can also expire the account password and then use the –inactive or -i option in the passwd¬†command to disable it after a desired number of days.