Linux-for-Sys-Ads/C2/User-Password-Management/English
Title of script: User Password management
Author: Antara Roy Choudhury
Keywords: passwd, change, Changing user password, Locking and unlocking password, Password removal, Password expiry
Visual Cue | Narration |
Slide 1: Introduction | Hello and welcome to the spoken tutorial on User Password Management in Linux. |
Slide 2: Learning Objectives | In this tutorial we will learn about
We will do this through some examples. |
Slide 3: System requirement | To record this tutorial, I am using Ubuntu Linux 16.04 OS |
Slide:4 Prerequisite | To practice this tutorial,
|
Slide 5A | In this tutorial we will learn about passwd command.
Let’s learn how to do this. |
Press Ctrl+Alt+T | Open the Terminal by pressing Ctrl, Alt and T keys simultaneously on the keyboard. |
Type
sudo su [Enter] |
First, we should login as the superuser or root user.
To do so type: sudo space su And press Enter. |
Type
Password of your account [Enter] |
Type our password and then press Enter. |
Highlight # prompt | Notice, our login prompt has changed to a hash symbol.
This indicates that we are in the root user mode. |
Only narration | Here onwards, please remember to press the Enter key after typing each command. |
Type:
passwd amit [Enter] |
On the terminal type passwd space amit |
Type new_pass
[Enter] Re-type new_pass [Enter] |
It will ask you to type a new password.
Type the new password, say new_pass and press Enter. Retype the same password and press Enter again. |
The password has now changed. | |
Slide 5B | As a system admin, you may need to change the password for the root account itself.
To do so, you should type passwd and press Enter. When prompted, you should type your new password and press Enter. |
Slide 5C | It will prompt you to type the password once again.
So retype the same password and press Enter. You will get a message that the password has been updated successfully. |
Slide 6 | Password status information related to a user account can be displayed, as well.
This is done by using hyphen capital S with the passwd command. |
Switch to the terminal. | Switch to the terminal. |
Type:
passwd -S amit [Enter] |
Type passwd space hyphen capital S space amit |
Show the output | The output shows seven space separated fields.
Let us understand them one by one. |
Slide 6a: | Suppose, your output shows this.
The first field is the username. The second field indicates whether the user account:
|
Slide 7: | The third field gives the date of the last password change.
Fourth to seventh fields indicate password expiry information. |
Slide 8: | The fields are minimum age, maximum age, warning period, and inactivity period for the password.
These ages are expressed in days. We will discuss these in a couple of minutes. |
Show the output of previous command | Notice user amit now has a usable password.
We have changed our password just now. So, the third field is showing today’s date 16th Jan 2019. It may be different in your case. |
Type passwd -aS [Enter] |
As a system admin, you may need to check the password status of all the user accounts.
For this, we will use the option small a along with capital S. Type passwd space hyphen small a capital S |
Show the output | Notice, the password status of the user accounts are shown here. |
Type:
passwd -l amit [Enter] |
Now, as a system admin you may need to lock a user’s password for some reason.
To lock the password for user amit, type passwd space hyphen l space amit |
Press up key twice to get back password -S command
[Enter] |
Press the up arrow key thrice to get back the command for showing password status of user amit. |
Show the output and highlight L | Notice, the status is now L.
This means the password is locked now. |
Type cat /etc/shadow [Enter] | We also know about /etc/shadow file.
It stores the encrypted values of all users’ passwords. Type cat space /etc/shadow Notice, you have an exclamation mark added before the encrypted password for the user amit. Now, this password field cannot be matched by any possible encrypted value. |
Slide 9 |
|
Slide 10 |
Login through ssh key authentication will be covered in subsequent tutorials. |
passwd -u amit [Enter] |
Now, to unlock the password, type:
passwd space hyphen u space amit This will restore the password to its original value. |
Press up key until you get back password -S command
[Enter] |
Recall the command for showing the password status for the user amit |
Show the output and highlight P | Notice, the Status is now P.
Which means that the password is usable now. |
Press Up key | Recall the command to display /etc/shadow file.
Notice that the exclamation mark is removed now for the user amit. It means the password is not locked anymore. |
passwd -d amit [Enter] |
As system admin, you can delete a user’s password also.
To delete the password for user amit, type passwd space -d space amit |
So, the password for the user amit has been removed.
It is a quick way to disable a user’s password. | |
Press up key until you get back password -S command
[Enter] |
Recall the command for showing the password status for the user amit |
Show the output and highlight NP | Notice that the password status is now NP.
So, password is not set for user amit. |
Slide 11 | Next, let’s look at password expiry information.
|
chage -l amit [Enter] |
To view the information about user amit, switch to the terminal and type:
chage space hyphen l space amit |
Highlight output | Notice that we have a lot of information in the output.
Let us look at them one by one. |
Highlight
Minimum number of days between password change : 0 |
See, it is showing the minimum number of days between password change as 0
A value of 0 indicates that the user is allowed to change his or her password anytime. |
The system admin can set minimum number of days between password changes using passwd with -n option. | |
passwd -n 30 amit
[Enter] |
Let us set this, so that the user amit can change his password only after 30 days from the previous one.
To do that, type passwd space -n space 30 space amit |
Press Up key twice to get chage command
chage -l amit [Enter] |
Recall the chage command for the user amit. |
Highlight
Minimum number of days between password change : 30 |
So now, amit is allowed to change his password only after 30 days. |
Highlight
Maximum number of days between password change : 99999 |
Notice, maximum number of days between password change is shown as 99999 days.
It is a very long time. It practically means that the password will never expire. |
Type at the terminal
passwd -x 180 amit [Enter] |
To customize the maximum number of days for which the user password remains valid, use -x option
So let us change the setting such that user amit’s password is set to a maximum of 180 days. Type: passwd space hyphen x space 180 space amit |
Press Up key
[Enter] |
Recall the chage command for the user amit. |
Highlight
Maximum number of days between password change : 180 |
This message indicates that amit’s password will be valid for 180 days only.
After 180 days, user amit will have to change his password. |
Highlight
Number of days of warning before password expires : 7 |
Notice, for now, the user will get a warning message 7 days before the password expires.
You can also set specific number of days for the warning message before the password expires. Let me set it as 10 days. |
Type
passwd -w 10 amit [Enter] |
Type passwd space hyphen w space 10 space amit |
Press Up key
[Enter] |
Let’s recall the chage command for the user amit. |
Highlight
Number of days of warning before password expires : 10 |
So, this will give warning message to the user 10 days before password expiry.
The message will state that his or her password is going to expire. |
Slide 12B |
|
Type
passwd -e amit [Enter] |
Type passwd space -e space amit
It will expire the user’s password immediately. So, the user will be forced to change their password at their next login attempt. |
Show the output | Notice, it says password expiry information has changed. |
Press Up key
[Enter] |
Recall the chage command for the user amit. |
Highlight
Password Expires: Password must be changed |
So, password must be changed. |
Slide 13 |
|
Slide 14 |
|
Type:
passwd -i 20 amit [Enter] |
Let us set the grace period as 20 days for user amit.
Type passwd space hyphen i space 20 space amit |
Show the output | Notice, the user password information has now changed. |
Retain same screen | Till now, we have executed passwd command with only one option at a time.
Please note, you can also combine multiple options in a single command. |
Show
passwd -n 10 -x 30 amit [Enter] |
For example:
This command sets the minimum and maximum days between password change as 10 and 20 respectively. |
Type
exit and press Enter |
To exit from the root user access,
Type exit |
Retain same screen | This brings us to the end of this tutorial.
Let us summarize. |
Slide 15
Summary |
In this tutorial we learnt about-
|
Slide 16 Assignment | As an assignment-
Change password expiry information of the user amit as follows
|
Slide 17 Assignment(Cont.) |
|
Slide 19: About Spoken Tutorial project | The video at the following link summarises the Spoken Tutorial project.
Please download and watch it. |
Slide 20: Spoken Tutorial workshops | The Spoken Tutorial Project team conducts workshops and gives certificates.
For more details, please write to us. |
Slide 21: Forum for specific questions: | Please post your timed queries in this forum. |
Slide 22: Acknowledgement | Spoken Tutorial Project is funded by NMEICT, MHRD, Government of India.
More information on this mission is available at this link. |
Slide 23: Thank You | The script has been contributed by Antara and this is Praveen from IIT Bombay signing off.
Thank you for joining. |