Linux is a multi-user system, because it allows multiple people to use a computer and not affect each other's files, processes, preferences, etc. As there could be multiple users on the system, it is necessary to manage their authentication. In this post, I will show you how to manage users with command passwd.
The passwd command changes passwords for user accounts for basic use. A normal user may only change the password for their own account, while the superuser may change the password for any account.
[root@server ~]# passwd [options] <username>
Running the passwd command without any argument will ask for a change of password for the user logged in.
Here is a list of some of the options for the passwd command:
[root@server ~]# passwd -S <username>
The -S option displays the status of user account password settings.
[root@server ~]# passwd -l <username>
The -l option is used to lock the password of a specified account, and it is available to root only. The result is that the user cannot use the password to log in to the system but can use other means such as SSH public key authentication.
[root@server ~]# passwd -u <username>
The -u option will unlock the password. This option works for an account that already has the password locked.
[root@server ~]# passwd -d <username>
The -d option is a quick way to delete a password for an account.
[root@server ~]# passwd -e <username>
The -e option is a quick way to expire a password for an account. The user will be forced to change the password during the next login attempt.
[root@server ~]# passwd -n <number of days> <username>
The -n option sets the number of days before a password can be changed. By default, a value of zero is set, which indicates that the user may change their password at any time.
To confirm the password setting made with the -n option above, run the following command:
[root@server ~]# passwd -S example_user
example_user PS 2020-12-04 10 99999 7 -1 (Password set, SHA512 crypt.)
The value of 10 after the date indicates the minimum number of days until the password can be changed.
[root@server ~]# passwd -x <number of MAX_DAYS> <username>
The -x option sets the maximum number of days a password remains valid. After MAX_DAYS, the password is required to be changed.
Confirm the setting with running the following command:
[root@server ~]# passwd -S example_user
example_user PS 2020-12-04 10 90 7 -1 (Password set, SHA512 crypt.)
The value of 90 after 10 indicates the maximum password lifetime.
[root@server ~]# passwd -w <number of days> <username>
The -w option will set the number of days in advance the user will begin receiving warnings that the password will expire.
[root@server ~]# passwd -i <number of INACTIVE days> <username>
The -i option is used to disable an account after the password has been expired for a number of days. After a user account has had an expired password for INACTIVE days, the user may no longer sign on to the account.