From Script | Spoken-Tutorial
Jump to: navigation, search
Time Narration
00:01 Hello and welcome to the spoken tutorial on User Password Management in Linux.
00:08 In this tutorial we will learn about

Changing user password

00:14 Locking and unlocking a password
00:17 Password removal
00:20 Changing the password expiry information
00:24 We will do this through some examples.
00:28 To record this tutorial, I am using Ubuntu Linux 16.04 OS
00:35 To practice this tutorial, you should have gone through earlier Linux System Administration tutorials on this website and
00:46 You must have root access to your computer.
00:51 In this tutorial we will learn about passwd command.
00:56 As the name suggests, passwd command is used to change the password of users.
01:04 Earlier in the series, we had created a user amit.
01:09 Now suppose he forgot his password.
01:13 So as a system administrator, you have to reset his password.
01:19 Let’s learn how to do this.
01:22 Open the Terminal by pressing Ctrl, Alt and T keys simultaneously on the keyboard.
01:31 First, we should login as the superuser or root user.
01:37 To do so type: sudo space su

And press Enter.

01:45 Type our password and then press Enter.
01:50 Notice, our login prompt has changed to a hash symbol.
01:55 This indicates that we are in the root user mode.
02:00 Here onwards, please remember to press the Enter key after typing each command.
02:07 On the terminal type passwd space amit
02:13 It will ask you to type a new password.
02:17 Type the new password, say new_pass and press Enter.
02:24 Retype the same password and press Enter again.
02:29 The password has now changed.
02:32 As a system admin, you may need to change the password for the root account itself.
02:38 To do so, you should type passwd and press Enter.
02:43 When prompted, you should type your new password and press Enter.
02:49 It will prompt you to type the password once again.
02:53 So retype the same password and press Enter.
02:58 You will get a message that the password has been updated successfully.
03:04 Password status information related to a user account can be displayed, as well.
03:11 This is done by using hyphen capital S with the passwd command.
03:18 Switch to the terminal.
03:21 Type passwd space hyphen capital S space amit
03:28 The output shows seven space separated fields.

Let us understand them one by one.

03:36 Suppose, your output shows this.
03:40 The first field is the username.
03:44 The second field indicates whether the user account:

has a locked password (L), has no password (NP), or has a usable password (P).

03:58 The third field gives the date of the last password change.
04:04 Fourth to seventh fields indicate password expiry information.
04:10 The fields are minimum age, maximum age, warning period, and inactivity period for the password.
04:22 These ages are expressed in days.
04:26 We will discuss these in a couple of minutes.
04:30 Notice user amit now has a usable password.
04:35 We have changed our password just now.
04:39 So, the third field is showing today’s date 16th Jan 2019.

It may be different in your case.

04:50 As a system admin, you may need to check the password status of all the user accounts.
04:57 For this, we will use the option small a along with capital S.
05:04 Type passwd space hyphen small a capital S
05:12 Notice, the password status of the user accounts are shown here.
05:18 Now, as a system admin you may need to lock a user’s password for some reason.
05:25 To lock the password for user amit, type passwd space hyphen l space amit
05:36 Press the up arrow key thrice to get back the command for showing password status of user amit.
05:44 Notice, the status is now L.
05:48 This means the password is locked now.
05:52 We also know about /etc/shadow file.
05:58 It stores the encrypted values of all users’ passwords.
06:03 Type cat space /etc/shadow
06:12 Notice, you have an exclamation mark added before the encrypted password for the user amit.
06:20 Now, this password field cannot be matched by any possible encrypted value.
06:27 Note that, this will not disable the user account. It will simply lock the password.
06:34 So now the user cannot use this password to login to the system.
06:40 The user cannot change the password.
06:44 But, the user can still login to the user account by any other mechanism.
06:51 It is possible to do so by other ways, which do not refer to the passwd file.
06:58 For example: ssh key authentication.
07:03 Login through ssh key authentication will be covered in subsequent tutorials.
07:09 Now, to unlock the password, type: passwd space hyphen u space amit
07:19 This will restore the password to its original value.
07:24 Recall the command for showing the password status for the user amit
07:30 Notice, the Status is now P.
07:34 Which means that the password is usable now.
07:38 Recall the command to display /etc/shadow file.
07:45 Notice that the exclamation mark is removed now for the user amit.
07:51 It means the password is not locked anymore.
07:56 As system admin, you can delete a user’s password also.
08:02 To delete the password for user amit, type

passwd space -d space amit

08:12 So, the password for the user amit has been removed.
08:17 It is a quick way to disable a user’s password.
08:21 Recall the command for showing the password status for the user amit
08:27 Notice that the password status is now NP.

So, password is not set for user amit.

08:37 Next, let’s look at password expiry information.
08:42 To display the user’s password expiry information, we had used passwd hyphen capital S option
08:52 We can also use chage command with the option small L
08:59 This gives the output in a more user-friendly format.
09:04 To view the information about user amit, switch to the terminal and type:

chage space hyphen l space amit

09:17 Notice that we have a lot of information in the output.
09:22 Let us look at them one by one.
09:25 See, it is showing the minimum number of days between password change as 0
09:32 A value of 0 indicates that the user is allowed to change his or her password anytime.
09:40 The system admin can set minimum number of days between password changes using passwd with -n option.
09:50 Let us set this, so that the user amit can change his password only after 30 days from the previous one.
09:59 To do that, type passwd space -n space 30 space amit
10:09 Recall the chage command for the user amit.
10:13 So now, amit is allowed to change his password only after 30 days.
10:20 Notice, maximum number of days between password change is shown as 99999 days.

It is a very long time.

10:32 It practically means that the password will never expire.
10:37 To customize the maximum number of days for which the user password remains valid, use -x option
10:45 So let us change the setting such that user amit’s password is set to a maximum of 180 days.
10:55 Type: passwd space hyphen x space 180 space amit
11:04 Recall the chage command for the user amit.
11:08 This message indicates that amit’s password will be valid for 180 days only.
11:15 After 180 days, user amit will have to change his password.
11:21 Notice, for now, the user will get a warning message 7 days before the password expires.
11:29 You can also set specific number of days for the warning message before the password expires.

Let me set it as 10 days.

11:40 Type passwd space hyphen w space 10 space amit
11:49 Let’s recall the chage command for the user amit.
11:54 So, this will give warning message to the user 10 days before password expiry.
12:01 The message will state that his or her password is going to expire.
12:07 How can we force the user to change their password during their next login?
12:13 For that we have to use passwd command with -e option.
12:20 Type passwd space -e space amit
12:26 It will expire the user’s password immediately.
12:31 So, the user will be forced to change their password at their next login attempt.
12:38 Notice, it says password expiry information has changed.
12:44 Recall the chage command for the user amit.
12:49 So, password must be changed.
12:53 Now suppose the user’s password has already expired.
12:58 After password expiry, you can give the user a grace period.
13:04 The user will be able to change the login password within that grace period.
13:10 Otherwise, the user account will be disabled permanently.
13:15 That grace period is called period of inactivity.
13:20 You can set this inactivity period with the help of hyphen i option.
13:26 Let us set the grace period as 20 days for user amit.
13:32 Type passwd space hyphen i space 20 space amit
13:40 Notice, the user password information has now changed.
13:45 Till now, we have executed passwd command with only one option at a time.
13:52 Please note, you can also combine multiple options in a single command.
13:58 For example:

This command sets the minimum and maximum days between password change as 10 and 20 respectively.

14:10 To exit from the root user access,

Type exit

14:15 This brings us to the end of this tutorial.

Let us summarize.

14:22 In this tutorial we learnt about-

Changing password

14:27 Locking and unlocking password
14:30 Password removal
14:32 Changing password expiry information
14:36 As an assignment-

Change password expiry information of the user amit as follows

14:44 Minimum number of days between password change: 20 days
14:49 Maximum number of days between password change: 100 days
14:54 Period of inactivity: 5 days
14:58 Use a single command to execute all of the above
15:03 Check the password expiry information by using chage command
15:09 Check password status by using the passwd command with the required option
15:16 The video at the following link summarises the Spoken Tutorial project.

Please download and watch it.

15:25 The Spoken Tutorial Project team conducts workshops and gives certificates.

For more details, please write to us.

15:35 Please post your timed queries in this forum.
15:39 Spoken Tutorial Project is funded by NMEICT, MHRD, Government of India.

15:45 The script has been contributed by Antara and this is Praveen from IIT Bombay signing off.

Thank you for joining.

Contributors and Content Editors