Linux-for-Sys-Ads/C2/User-Password-Management/English-timed
From Script | Spoken-Tutorial
| Time | Narration |
| 00:01 | Hello and welcome to the spoken tutorial on User Password Management in Linux. |
| 00:08 | In this tutorial we will learn about
Changing user password |
| 00:14 | Locking and unlocking a password |
| 00:17 | Password removal |
| 00:20 | Changing the password expiry information |
| 00:24 | We will do this through some examples. |
| 00:28 | To record this tutorial, I am using Ubuntu Linux 16.04 OS |
| 00:35 | To practice this tutorial, you should have gone through earlier Linux System Administration tutorials on this website and |
| 00:46 | You must have root access to your computer. |
| 00:51 | In this tutorial we will learn about passwd command. |
| 00:56 | As the name suggests, passwd command is used to change the password of users. |
| 01:04 | Earlier in the series, we had created a user amit. |
| 01:09 | Now suppose he forgot his password. |
| 01:13 | So as a system administrator, you have to reset his password. |
| 01:19 | Let’s learn how to do this. |
| 01:22 | Open the Terminal by pressing Ctrl, Alt and T keys simultaneously on the keyboard. |
| 01:31 | First, we should login as the superuser or root user. |
| 01:37 | To do so type: sudo space su
And press Enter. |
| 01:45 | Type our password and then press Enter. |
| 01:50 | Notice, our login prompt has changed to a hash symbol. |
| 01:55 | This indicates that we are in the root user mode. |
| 02:00 | Here onwards, please remember to press the Enter key after typing each command. |
| 02:07 | On the terminal type passwd space amit |
| 02:13 | It will ask you to type a new password. |
| 02:17 | Type the new password, say new_pass and press Enter. |
| 02:24 | Retype the same password and press Enter again. |
| 02:29 | The password has now changed. |
| 02:32 | As a system admin, you may need to change the password for the root account itself. |
| 02:38 | To do so, you should type passwd and press Enter. |
| 02:43 | When prompted, you should type your new password and press Enter. |
| 02:49 | It will prompt you to type the password once again. |
| 02:53 | So retype the same password and press Enter. |
| 02:58 | You will get a message that the password has been updated successfully. |
| 03:04 | Password status information related to a user account can be displayed, as well. |
| 03:11 | This is done by using hyphen capital S with the passwd command. |
| 03:18 | Switch to the terminal. |
| 03:21 | Type passwd space hyphen capital S space amit |
| 03:28 | The output shows seven space separated fields.
Let us understand them one by one. |
| 03:36 | Suppose, your output shows this. |
| 03:40 | The first field is the username. |
| 03:44 | The second field indicates whether the user account:
has a locked password (L), has no password (NP), or has a usable password (P). |
| 03:58 | The third field gives the date of the last password change. |
| 04:04 | Fourth to seventh fields indicate password expiry information. |
| 04:10 | The fields are minimum age, maximum age, warning period, and inactivity period for the password. |
| 04:22 | These ages are expressed in days. |
| 04:26 | We will discuss these in a couple of minutes. |
| 04:30 | Notice user amit now has a usable password. |
| 04:35 | We have changed our password just now. |
| 04:39 | So, the third field is showing today’s date 16th Jan 2019.
It may be different in your case. |
| 04:50 | As a system admin, you may need to check the password status of all the user accounts. |
| 04:57 | For this, we will use the option small a along with capital S. |
| 05:04 | Type passwd space hyphen small a capital S |
| 05:12 | Notice, the password status of the user accounts are shown here. |
| 05:18 | Now, as a system admin you may need to lock a user’s password for some reason. |
| 05:25 | To lock the password for user amit, type passwd space hyphen l space amit |
| 05:36 | Press the up arrow key thrice to get back the command for showing password status of user amit. |
| 05:44 | Notice, the status is now L. |
| 05:48 | This means the password is locked now. |
| 05:52 | We also know about /etc/shadow file. |
| 05:58 | It stores the encrypted values of all users’ passwords. |
| 06:03 | Type cat space /etc/shadow |
| 06:12 | Notice, you have an exclamation mark added before the encrypted password for the user amit. |
| 06:20 | Now, this password field cannot be matched by any possible encrypted value. |
| 06:27 | Note that, this will not disable the user account. It will simply lock the password. |
| 06:34 | So now the user cannot use this password to login to the system. |
| 06:40 | The user cannot change the password. |
| 06:44 | But, the user can still login to the user account by any other mechanism. |
| 06:51 | It is possible to do so by other ways, which do not refer to the passwd file. |
| 06:58 | For example: ssh key authentication. |
| 07:03 | Login through ssh key authentication will be covered in subsequent tutorials. |
| 07:09 | Now, to unlock the password, type: passwd space hyphen u space amit |
| 07:19 | This will restore the password to its original value. |
| 07:24 | Recall the command for showing the password status for the user amit |
| 07:30 | Notice, the Status is now P. |
| 07:34 | Which means that the password is usable now. |
| 07:38 | Recall the command to display /etc/shadow file. |
| 07:45 | Notice that the exclamation mark is removed now for the user amit. |
| 07:51 | It means the password is not locked anymore. |
| 07:56 | As system admin, you can delete a user’s password also. |
| 08:02 | To delete the password for user amit, type
passwd space -d space amit |
| 08:12 | So, the password for the user amit has been removed. |
| 08:17 | It is a quick way to disable a user’s password. |
| 08:21 | Recall the command for showing the password status for the user amit |
| 08:27 | Notice that the password status is now NP.
So, password is not set for user amit. |
| 08:37 | Next, let’s look at password expiry information. |
| 08:42 | To display the user’s password expiry information, we had used passwd hyphen capital S option |
| 08:52 | We can also use chage command with the option small L |
| 08:59 | This gives the output in a more user-friendly format. |
| 09:04 | To view the information about user amit, switch to the terminal and type:
chage space hyphen l space amit |
| 09:17 | Notice that we have a lot of information in the output. |
| 09:22 | Let us look at them one by one. |
| 09:25 | See, it is showing the minimum number of days between password change as 0 |
| 09:32 | A value of 0 indicates that the user is allowed to change his or her password anytime. |
| 09:40 | The system admin can set minimum number of days between password changes using passwd with -n option. |
| 09:50 | Let us set this, so that the user amit can change his password only after 30 days from the previous one. |
| 09:59 | To do that, type passwd space -n space 30 space amit |
| 10:09 | Recall the chage command for the user amit. |
| 10:13 | So now, amit is allowed to change his password only after 30 days. |
| 10:20 | Notice, maximum number of days between password change is shown as 99999 days.
It is a very long time. |
| 10:32 | It practically means that the password will never expire. |
| 10:37 | To customize the maximum number of days for which the user password remains valid, use -x option |
| 10:45 | So let us change the setting such that user amit’s password is set to a maximum of 180 days. |
| 10:55 | Type: passwd space hyphen x space 180 space amit |
| 11:04 | Recall the chage command for the user amit. |
| 11:08 | This message indicates that amit’s password will be valid for 180 days only. |
| 11:15 | After 180 days, user amit will have to change his password. |
| 11:21 | Notice, for now, the user will get a warning message 7 days before the password expires. |
| 11:29 | You can also set specific number of days for the warning message before the password expires.
Let me set it as 10 days. |
| 11:40 | Type passwd space hyphen w space 10 space amit |
| 11:49 | Let’s recall the chage command for the user amit. |
| 11:54 | So, this will give warning message to the user 10 days before password expiry. |
| 12:01 | The message will state that his or her password is going to expire. |
| 12:07 | How can we force the user to change their password during their next login? |
| 12:13 | For that we have to use passwd command with -e option. |
| 12:20 | Type passwd space -e space amit |
| 12:26 | It will expire the user’s password immediately. |
| 12:31 | So, the user will be forced to change their password at their next login attempt. |
| 12:38 | Notice, it says password expiry information has changed. |
| 12:44 | Recall the chage command for the user amit. |
| 12:49 | So, password must be changed. |
| 12:53 | Now suppose the user’s password has already expired. |
| 12:58 | After password expiry, you can give the user a grace period. |
| 13:04 | The user will be able to change the login password within that grace period. |
| 13:10 | Otherwise, the user account will be disabled permanently. |
| 13:15 | That grace period is called period of inactivity. |
| 13:20 | You can set this inactivity period with the help of hyphen i option. |
| 13:26 | Let us set the grace period as 20 days for user amit. |
| 13:32 | Type passwd space hyphen i space 20 space amit |
| 13:40 | Notice, the user password information has now changed. |
| 13:45 | Till now, we have executed passwd command with only one option at a time. |
| 13:52 | Please note, you can also combine multiple options in a single command. |
| 13:58 | For example:
This command sets the minimum and maximum days between password change as 10 and 20 respectively. |
| 14:10 | To exit from the root user access,
Type exit |
| 14:15 | This brings us to the end of this tutorial.
Let us summarize. |
| 14:22 | In this tutorial we learnt about-
Changing password |
| 14:27 | Locking and unlocking password |
| 14:30 | Password removal |
| 14:32 | Changing password expiry information |
| 14:36 | As an assignment-
Change password expiry information of the user amit as follows |
| 14:44 | Minimum number of days between password change: 20 days |
| 14:49 | Maximum number of days between password change: 100 days |
| 14:54 | Period of inactivity: 5 days |
| 14:58 | Use a single command to execute all of the above |
| 15:03 | Check the password expiry information by using chage command |
| 15:09 | Check password status by using the passwd command with the required option |
| 15:16 | The video at the following link summarises the Spoken Tutorial project.
Please download and watch it. |
| 15:25 | The Spoken Tutorial Project team conducts workshops and gives certificates.
For more details, please write to us. |
| 15:35 | Please post your timed queries in this forum. |
| 15:39 | Spoken Tutorial Project is funded by NMEICT, MHRD, Government of India.
|
| 15:45 | The script has been contributed by Antara and this is Praveen from IIT Bombay signing off.
Thank you for joining. |
