Linux-for-Sys-Ads/C2/User-Password-Management/English

From Script | Spoken-Tutorial
Jump to: navigation, search

Title of script: User Password management

Author: Antara Roy Choudhury

Keywords: passwd, change, Changing user password, Locking and unlocking password, Password removal, Password expiry


Visual Cue Narration
Slide 1: Introduction Hello and welcome to the spoken tutorial on User Password Management in Linux.
Slide 2: Learning Objectives In this tutorial we will learn about
  • Changing user password
  • Locking and unlocking a password
  • Password removal
  • Changing the password expiry information

We will do this through some examples.

Slide 3: System requirement To record this tutorial, I am using Ubuntu Linux 16.04 OS
Slide:4 Prerequisite To practice this tutorial,
  • you should have gone through earlier Linux System Administration tutorials on this website and
  • you must have root access to your computer.
Slide 5A In this tutorial we will learn about passwd command.
  • As the name suggests, passwd command is used to change the password of users.
  • Earlier in the series, we had created a user amit.
  • Now suppose he forgot his password.
  • So as a system administrator, you have to reset his password.

Let’s learn how to do this.

Press Ctrl+Alt+T Open the Terminal by pressing Ctrl, Alt and T keys simultaneously on the keyboard.
Type

sudo su

[Enter]

First, we should login as the superuser or root user.

To do so type: sudo space su

And press Enter.

Type

Password of your account

[Enter]

Type our password and then press Enter.
Highlight # prompt Notice, our login prompt has changed to a hash symbol.

This indicates that we are in the root user mode.

Only narration Here onwards, please remember to press the Enter key after typing each command.
Type:

passwd amit

[Enter]

On the terminal type passwd space amit
Type new_pass

[Enter]

Re-type new_pass

[Enter]

It will ask you to type a new password.

Type the new password,

say new_pass and press Enter.

Retype the same password and press Enter again.

The password has now changed.
Slide 5B As a system admin, you may need to change the password for the root account itself.

To do so, you should type passwd and press Enter.

When prompted, you should type your new password and press Enter.

Slide 5C It will prompt you to type the password once again.

So retype the same password and press Enter.

You will get a message that the password has been updated successfully.

Slide 6 Password status information related to a user account can be displayed, as well.

This is done by using hyphen capital S with the passwd command.

Switch to the terminal. Switch to the terminal.
Type:

passwd -S amit [Enter]

Type passwd space hyphen capital S space amit
Show the output The output shows seven space separated fields.

Let us understand them one by one.

Slide 6a: Suppose, your output shows this.

The first field is the username.

The second field indicates whether the user account:

  • has a locked password (L),
  • has no password (NP),
  • or has a usable password (P).
Slide 7: The third field gives the date of the last password change.

Fourth to seventh fields indicate password expiry information.

Slide 8: The fields are minimum age, maximum age, warning period, and inactivity period for the password.

These ages are expressed in days.

We will discuss these in a couple of minutes.

Show the output of previous command Notice user amit now has a usable password.

We have changed our password just now.

So, the third field is showing today’s date 16th Jan 2019.

It may be different in your case.

Type passwd -aS

[Enter]

As a system admin, you may need to check the password status of all the user accounts.

For this, we will use the option small a along with capital S.

Type passwd space hyphen small a capital S

Show the output Notice, the password status of the user accounts are shown here.
Type:

passwd -l amit [Enter]

Now, as a system admin you may need to lock a user’s password for some reason.

To lock the password for user amit,

type passwd space hyphen l space amit

Press up key twice to get back password -S command

[Enter]

Press the up arrow key thrice to get back the command for showing password status of user amit.
Show the output and highlight L Notice, the status is now L.

This means the password is locked now.

Type cat /etc/shadow [Enter] We also know about /etc/shadow file.

It stores the encrypted values of all users’ passwords.

Type cat space /etc/shadow

Notice, you have an exclamation mark added before the encrypted password for the user amit.

Now, this password field cannot be matched by any possible encrypted value.

Slide 9
  • Note that, this will not disable the user account.
  • It will simply lock the password.
  • So now the user cannot use this password to login to the system.
  • The user cannot change the password.
Slide 10
  • But, the user can still login to the user account by any other mechanism.
  • It is possible to do so by other ways, which do not refer to the passwd file.
  • For example: ssh key authentication.

Login through ssh key authentication will be covered in subsequent tutorials.

passwd -u amit [Enter]

Now, to unlock the password, type:

passwd space hyphen u space amit

This will restore the password to its original value.

Press up key until you get back password -S command

[Enter]

Recall the command for showing the password status for the user amit
Show the output and highlight P Notice, the Status is now P.

Which means that the password is usable now.

Press Up key Recall the command to display /etc/shadow file.

Notice that the exclamation mark is removed now for the user amit.

It means the password is not locked anymore.

passwd -d amit [Enter]

As system admin, you can delete a user’s password also.

To delete the password for user amit, type

passwd space -d space amit

So, the password for the user amit has been removed.

It is a quick way to disable a user’s password.

Press up key until you get back password -S command

[Enter]

Recall the command for showing the password status for the user amit
Show the output and highlight NP Notice that the password status is now NP.

So, password is not set for user amit.

Slide 11 Next, let’s look at password expiry information.


  • To display the user’s password expiry information, we had used passwd hyphen capital S option
  • We can also use chage command with the option small L
  • This gives the output in a more user-friendly format.

chage -l amit [Enter]

To view the information about user amit, switch to the terminal and type:

chage space hyphen l space amit

Highlight output Notice that we have a lot of information in the output.

Let us look at them one by one.

Highlight

Minimum number of days between password change : 0

See, it is showing the minimum number of days between password change as 0

A value of 0 indicates that the user is allowed to change his or her password anytime.

The system admin can set minimum number of days between password changes using passwd with -n option.
passwd -n 30 amit

[Enter]

Let us set this, so that the user amit can change his password only after 30 days from the previous one.

To do that, type

passwd space -n space 30 space amit

Press Up key twice to get chage command

chage -l amit [Enter]

Recall the chage command for the user amit.
Highlight

Minimum number of days between password change : 30

So now, amit is allowed to change his password only after 30 days.
Highlight

Maximum number of days between password change : 99999

Notice, maximum number of days between password change is shown as 99999 days.

It is a very long time.

It practically means that the password will never expire.

Type at the terminal

passwd -x 180 amit

[Enter]

To customize the maximum number of days for which the user password remains valid, use -x option

So let us change the setting such that user amit’s password is set to a maximum of 180 days.

Type: passwd space hyphen x space 180 space amit

Press Up key

[Enter]

Recall the chage command for the user amit.
Highlight

Maximum number of days between password change : 180

This message indicates that amit’s password will be valid for 180 days only.

After 180 days, user amit will have to change his password.

Highlight

Number of days of warning before password expires : 7

Notice, for now, the user will get a warning message 7 days before the password expires.

You can also set specific number of days for the warning message before the password expires.

Let me set it as 10 days.

Type

passwd -w 10 amit [Enter]

Type passwd space hyphen w space 10 space amit
Press Up key

[Enter]

Let’s recall the chage command for the user amit.
Highlight

Number of days of warning before password expires : 10

So, this will give warning message to the user 10 days before password expiry.

The message will state that his or her password is going to expire.

Slide 12B
  • How can we force the user to change their password during their next login?
  • For that we have to use passwd command with -e option.
Type

passwd -e amit [Enter]

Type passwd space -e space amit

It will expire the user’s password immediately.

So, the user will be forced to change their password at their next login attempt.

Show the output Notice, it says password expiry information has changed.
Press Up key

[Enter]

Recall the chage command for the user amit.
Highlight

Password Expires: Password must be changed

So, password must be changed.
Slide 13
  • Now suppose the user’s password has already expired.
  • After password expiry, you can give the user a grace period.
  • The user will be able to change the login password within that grace period.
Slide 14
  • Otherwise, the user account will be disabled permanently.
  • That grace period is called period of inactivity.
  • You can set this inactivity period with the help of hyphen i option.
Type:

passwd -i 20 amit

[Enter]

Let us set the grace period as 20 days for user amit.

Type passwd space hyphen i space 20 space amit

Show the output Notice, the user password information has now changed.
Retain same screen Till now, we have executed passwd command with only one option at a time.

Please note, you can also combine multiple options in a single command.

Show

passwd -n 10 -x 30 amit [Enter]

For example:

This command sets the minimum and maximum days between password change as 10 and 20 respectively.

Type

exit and press Enter

To exit from the root user access,

Type exit

Retain same screen This brings us to the end of this tutorial.

Let us summarize.

Slide 15

Summary

In this tutorial we learnt about-
  • Changing password
  • Locking and unlocking password
  • Password removal
  • Changing password expiry information
Slide 16 Assignment As an assignment-

Change password expiry information of the user amit as follows

  • Minimum number of days between password change: 20 days
  • Maximum number of days between password change: 100 days
  • Period of inactivity: 5 days
Slide 17 Assignment(Cont.)
  • Use a single command to execute all of the above
  • Check the password expiry information by using chage command
  • Check password status by using the passwd command with the required option
Slide 19: About Spoken Tutorial project The video at the following link summarises the Spoken Tutorial project.

Please download and watch it.

Slide 20: Spoken Tutorial workshops The Spoken Tutorial Project team conducts workshops and gives certificates.

For more details, please write to us.

Slide 21: Forum for specific questions: Please post your timed queries in this forum.
Slide 22: Acknowledgement Spoken Tutorial Project is funded by NMEICT, MHRD, Government of India.

More information on this mission is available at this link.

Slide 23: Thank You The script has been contributed by Antara and this is Praveen from IIT Bombay signing off.

Thank you for joining.

Contributors and Content Editors

Pravin1389