Linux-for-Sys-Ads/C2/User-Password-Management/English-timed
From Script | Spoken-Tutorial
Revision as of 12:57, 7 September 2022 by PoojaMoolya (Talk | contribs)
Time | Narration |
00:01 | Hello and welcome to the spoken tutorial on User Password Management in Linux. |
00:08 | In this tutorial we will learn about
Changing user password |
00:14 | Locking and unlocking a password |
00:17 | Password removal |
00:20 | Changing the password expiry information |
00:24 | We will do this through some examples. |
00:28 | To record this tutorial, I am using Ubuntu Linux 16.04 OS |
00:35 | To practice this tutorial, you should have gone through earlier Linux System Administration tutorials on this website and |
00:46 | You must have root access to your computer. |
00:51 | In this tutorial we will learn about passwd command. |
00:56 | As the name suggests, passwd command is used to change the password of users. |
01:04 | Earlier in the series, we had created a user amit. |
01:09 | Now suppose he forgot his password. |
01:13 | So as a system administrator, you have to reset his password. |
01:19 | Let’s learn how to do this. |
01:22 | Open the Terminal by pressing Ctrl, Alt and T keys simultaneously on the keyboard. |
01:31 | First, we should login as the superuser or root user. |
01:37 | To do so type: sudo space su
And press Enter. |
01:45 | Type our password and then press Enter. |
01:50 | Notice, our login prompt has changed to a hash symbol. |
01:55 | This indicates that we are in the root user mode. |
02:00 | Here onwards, please remember to press the Enter key after typing each command. |
02:07 | On the terminal type passwd space amit |
02:13 | It will ask you to type a new password. |
02:17 | Type the new password, say new_pass and press Enter. |
02:24 | Retype the same password and press Enter again. |
02:29 | The password has now changed. |
02:32 | As a system admin, you may need to change the password for the root account itself. |
02:38 | To do so, you should type passwd and press Enter. |
02:43 | When prompted, you should type your new password and press Enter. |
02:49 | It will prompt you to type the password once again. |
02:53 | So retype the same password and press Enter. |
02:58 | You will get a message that the password has been updated successfully. |
03:04 | Password status information related to a user account can be displayed, as well. |
03:11 | This is done by using hyphen capital S with the passwd command. |
03:18 | Switch to the terminal. |
03:21 | Type passwd space hyphen capital S space amit |
03:28 | The output shows seven space separated fields.
Let us understand them one by one. |
03:36 | Suppose, your output shows this. |
03:40 | The first field is the username. |
03:44 | The second field indicates whether the user account:
has a locked password (L), has no password (NP), or has a usable password (P). |
03:58 | The third field gives the date of the last password change. |
04:04 | Fourth to seventh fields indicate password expiry information. |
04:10 | The fields are minimum age, maximum age, warning period, and inactivity period for the password. |
04:22 | These ages are expressed in days. |
04:26 | We will discuss these in a couple of minutes. |
04:30 | Notice user amit now has a usable password. |
04:35 | We have changed our password just now. |
04:39 | So, the third field is showing today’s date 16th Jan 2019.
It may be different in your case. |
04:50 | As a system admin, you may need to check the password status of all the user accounts. |
04:57 | For this, we will use the option small a along with capital S. |
05:04 | Type passwd space hyphen small a capital S |
05:12 | Notice, the password status of the user accounts are shown here. |
05:18 | Now, as a system admin you may need to lock a user’s password for some reason. |
05:25 | To lock the password for user amit, type passwd space hyphen l space amit |
05:36 | Press the up arrow key thrice to get back the command for showing password status of user amit. |
05:44 | Notice, the status is now L. |
05:48 | This means the password is locked now. |
05:52 | We also know about /etc/shadow file. |
05:58 | It stores the encrypted values of all users’ passwords. |
06:03 | Type cat space /etc/shadow |
06:12 | Notice, you have an exclamation mark added before the encrypted password for the user amit. |
06:20 | Now, this password field cannot be matched by any possible encrypted value. |
06:27 | Note that, this will not disable the user account. It will simply lock the password. |
06:34 | So now the user cannot use this password to login to the system. |
06:40 | The user cannot change the password. |
06:44 | But, the user can still login to the user account by any other mechanism. |
06:51 | It is possible to do so by other ways, which do not refer to the passwd file. |
06:58 | For example: ssh key authentication. |
07:03 | Login through ssh key authentication will be covered in subsequent tutorials. |
07:09 | Now, to unlock the password, type: passwd space hyphen u space amit |
07:19 | This will restore the password to its original value. |
07:24 | Recall the command for showing the password status for the user amit |
07:30 | Notice, the Status is now P. |
07:34 | Which means that the password is usable now. |
07:38 | Recall the command to display /etc/shadow file. |
07:45 | Notice that the exclamation mark is removed now for the user amit. |
07:51 | It means the password is not locked anymore. |
07:56 | As system admin, you can delete a user’s password also. |
08:02 | To delete the password for user amit, type
passwd space -d space amit |
08:12 | So, the password for the user amit has been removed. |
08:17 | It is a quick way to disable a user’s password. |
08:21 | Recall the command for showing the password status for the user amit |
08:27 | Notice that the password status is now NP.
So, password is not set for user amit. |
08:37 | Next, let’s look at password expiry information. |
08:42 | To display the user’s password expiry information, we had used passwd hyphen capital S option |
08:52 | We can also use chage command with the option small L |
08:59 | This gives the output in a more user-friendly format. |
09:04 | To view the information about user amit, switch to the terminal and type:
chage space hyphen l space amit |
09:17 | Notice that we have a lot of information in the output. |
09:22 | Let us look at them one by one. |
09:25 | See, it is showing the minimum number of days between password change as 0 |
09:32 | A value of 0 indicates that the user is allowed to change his or her password anytime. |
09:40 | The system admin can set minimum number of days between password changes using passwd with -n option. |
09:50 | Let us set this, so that the user amit can change his password only after 30 days from the previous one. |
09:59 | To do that, type passwd space -n space 30 space amit |
10:09 | Recall the chage command for the user amit. |
10:13 | So now, amit is allowed to change his password only after 30 days. |
10:20 | Notice, maximum number of days between password change is shown as 99999 days.
It is a very long time. |
10:32 | It practically means that the password will never expire. |
10:37 | To customize the maximum number of days for which the user password remains valid, use -x option |
10:45 | So let us change the setting such that user amit’s password is set to a maximum of 180 days. |
10:55 | Type: passwd space hyphen x space 180 space amit |
11:04 | Recall the chage command for the user amit. |
11:08 | This message indicates that amit’s password will be valid for 180 days only. |
11:15 | After 180 days, user amit will have to change his password. |
11:21 | Notice, for now, the user will get a warning message 7 days before the password expires. |
11:29 | You can also set specific number of days for the warning message before the password expires.
Let me set it as 10 days. |
11:40 | Type passwd space hyphen w space 10 space amit |
11:49 | Let’s recall the chage command for the user amit. |
11:54 | So, this will give warning message to the user 10 days before password expiry. |
12:01 | The message will state that his or her password is going to expire. |
12:07 | How can we force the user to change their password during their next login? |
12:13 | For that we have to use passwd command with -e option. |
12:20 | Type passwd space -e space amit |
12:26 | It will expire the user’s password immediately. |
12:31 | So, the user will be forced to change their password at their next login attempt. |
12:38 | Notice, it says password expiry information has changed. |
12:44 | Recall the chage command for the user amit. |
12:49 | So, password must be changed. |
12:53 | Now suppose the user’s password has already expired. |
12:58 | After password expiry, you can give the user a grace period. |
13:04 | The user will be able to change the login password within that grace period. |
13:10 | Otherwise, the user account will be disabled permanently. |
13:15 | That grace period is called period of inactivity. |
13:20 | You can set this inactivity period with the help of hyphen i option. |
13:26 | Let us set the grace period as 20 days for user amit. |
13:32 | Type passwd space hyphen i space 20 space amit |
13:40 | Notice, the user password information has now changed. |
13:45 | Till now, we have executed passwd command with only one option at a time. |
13:52 | Please note, you can also combine multiple options in a single command. |
13:58 | For example:
This command sets the minimum and maximum days between password change as 10 and 20 respectively. |
14:10 | To exit from the root user access,
Type exit |
14:15 | This brings us to the end of this tutorial.
Let us summarize. |
14:22 | In this tutorial we learnt about-
Changing password |
14:27 | Locking and unlocking password |
14:30 | Password removal |
14:32 | Changing password expiry information |
14:36 | As an assignment-
Change password expiry information of the user amit as follows |
14:44 | Minimum number of days between password change: 20 days |
14:49 | Maximum number of days between password change: 100 days |
14:54 | Period of inactivity: 5 days |
14:58 | Use a single command to execute all of the above |
15:03 | Check the password expiry information by using chage command |
15:09 | Check password status by using the passwd command with the required option |
15:16 | The video at the following link summarises the Spoken Tutorial project.
Please download and watch it. |
15:25 | The Spoken Tutorial Project team conducts workshops and gives certificates.
For more details, please write to us. |
15:35 | Please post your timed queries in this forum. |
15:39 | Spoken Tutorial Project is funded by NMEICT, MHRD, Government of India.
|
15:45 | The script has been contributed by Antara and this is Praveen from IIT Bombay signing off.
Thank you for joining. |