|00:01||Hello and welcome to the spoken tutorial on User Password Management in Linux.|
|00:08|| In this tutorial we will learn about
Changing user password
|00:14||Locking and unlocking a password|
|00:20||Changing the password expiry information|
|00:24||We will do this through some examples.|
|00:28||To record this tutorial, I am using Ubuntu Linux 16.04 OS|
|00:35||To practice this tutorial, you should have gone through earlier Linux System Administration tutorials on this website and|
|00:46||You must have root access to your computer.|
|00:51||In this tutorial we will learn about passwd command.|
|00:56||As the name suggests, passwd command is used to change the password of users.|
|01:04||Earlier in the series, we had created a user amit.|
|01:09||Now suppose he forgot his password.|
|01:13||So as a system administrator, you have to reset his password.|
|01:19||Let’s learn how to do this.|
|01:22||Open the Terminal by pressing Ctrl, Alt and T keys simultaneously on the keyboard.|
|01:31||First, we should login as the superuser or root user.|
|01:37|| To do so type: sudo space su
And press Enter.
|01:45||Type our password and then press Enter.|
|01:50||Notice, our login prompt has changed to a hash symbol.|
|01:55||This indicates that we are in the root user mode.|
|02:00||Here onwards, please remember to press the Enter key after typing each command.|
|02:07||On the terminal type passwd space amit|
|02:13||It will ask you to type a new password.|
|02:17||Type the new password, say new_pass and press Enter.|
|02:24||Retype the same password and press Enter again.|
|02:29||The password has now changed.|
|02:32||As a system admin, you may need to change the password for the root account itself.|
|02:38||To do so, you should type passwd and press Enter.|
|02:43||When prompted, you should type your new password and press Enter.|
|02:49||It will prompt you to type the password once again.|
|02:53||So retype the same password and press Enter.|
|02:58||You will get a message that the password has been updated successfully.|
|03:04||Password status information related to a user account can be displayed, as well.|
|03:11||This is done by using hyphen capital S with the passwd command.|
|03:18||Switch to the terminal.|
|03:21||Type passwd space hyphen capital S space amit|
|03:28|| The output shows seven space separated fields.
Let us understand them one by one.
|03:36||Suppose, your output shows this.|
|03:40||The first field is the username.|
|03:44|| The second field indicates whether the user account:
has a locked password (L), has no password (NP), or has a usable password (P).
|03:58||The third field gives the date of the last password change.|
|04:04||Fourth to seventh fields indicate password expiry information.|
|04:10||The fields are minimum age, maximum age, warning period, and inactivity period for the password.|
|04:22||These ages are expressed in days.|
|04:26||We will discuss these in a couple of minutes.|
|04:30||Notice user amit now has a usable password.|
|04:35||We have changed our password just now.|
|04:39|| So, the third field is showing today’s date 16th Jan 2019.
It may be different in your case.
|04:50||As a system admin, you may need to check the password status of all the user accounts.|
|04:57||For this, we will use the option small a along with capital S.|
|05:04||Type passwd space hyphen small a capital S|
|05:12||Notice, the password status of the user accounts are shown here.|
|05:18||Now, as a system admin you may need to lock a user’s password for some reason.|
|05:25||To lock the password for user amit, type passwd space hyphen l space amit|
|05:36||Press the up arrow key thrice to get back the command for showing password status of user amit.|
|05:44||Notice, the status is now L.|
|05:48||This means the password is locked now.|
|05:52||We also know about /etc/shadow file.|
|05:58||It stores the encrypted values of all users’ passwords.|
|06:03||Type cat space /etc/shadow|
|06:12||Notice, you have an exclamation mark added before the encrypted password for the user amit.|
|06:20||Now, this password field cannot be matched by any possible encrypted value.|
|06:27||Note that, this will not disable the user account. It will simply lock the password.|
|06:34||So now the user cannot use this password to login to the system.|
|06:40||The user cannot change the password.|
|06:44||But, the user can still login to the user account by any other mechanism.|
|06:51||It is possible to do so by other ways, which do not refer to the passwd file.|
|06:58||For example: ssh key authentication.|
|07:03||Login through ssh key authentication will be covered in subsequent tutorials.|
|07:09||Now, to unlock the password, type: passwd space hyphen u space amit|
|07:19||This will restore the password to its original value.|
|07:24||Recall the command for showing the password status for the user amit|
|07:30||Notice, the Status is now P.|
|07:34||Which means that the password is usable now.|
|07:38||Recall the command to display /etc/shadow file.|
|07:45||Notice that the exclamation mark is removed now for the user amit.|
|07:51||It means the password is not locked anymore.|
|07:56||As system admin, you can delete a user’s password also.|
|08:02|| To delete the password for user amit, type
passwd space -d space amit
|08:12||So, the password for the user amit has been removed.|
|08:17||It is a quick way to disable a user’s password.|
|08:21||Recall the command for showing the password status for the user amit|
|08:27|| Notice that the password status is now NP.
So, password is not set for user amit.
|08:37||Next, let’s look at password expiry information.|
|08:42||To display the user’s password expiry information, we had used passwd hyphen capital S option|
|08:52||We can also use chage command with the option small L|
|08:59||This gives the output in a more user-friendly format.|
|09:04|| To view the information about user amit, switch to the terminal and type:
chage space hyphen l space amit
|09:17||Notice that we have a lot of information in the output.|
|09:22||Let us look at them one by one.|
|09:25||See, it is showing the minimum number of days between password change as 0|
|09:32||A value of 0 indicates that the user is allowed to change his or her password anytime.|
|09:40||The system admin can set minimum number of days between password changes using passwd with -n option.|
|09:50||Let us set this, so that the user amit can change his password only after 30 days from the previous one.|
|09:59||To do that, type passwd space -n space 30 space amit|
|10:09||Recall the chage command for the user amit.|
|10:13||So now, amit is allowed to change his password only after 30 days.|
|10:20|| Notice, maximum number of days between password change is shown as 99999 days.
It is a very long time.
|10:32||It practically means that the password will never expire.|
|10:37||To customize the maximum number of days for which the user password remains valid, use -x option|
|10:45||So let us change the setting such that user amit’s password is set to a maximum of 180 days.|
|10:55||Type: passwd space hyphen x space 180 space amit|
|11:04||Recall the chage command for the user amit.|
|11:08||This message indicates that amit’s password will be valid for 180 days only.|
|11:15||After 180 days, user amit will have to change his password.|
|11:21||Notice, for now, the user will get a warning message 7 days before the password expires.|
|11:29|| You can also set specific number of days for the warning message before the password expires.
Let me set it as 10 days.
|11:40||Type passwd space hyphen w space 10 space amit|
|11:49||Let’s recall the chage command for the user amit.|
|11:54||So, this will give warning message to the user 10 days before password expiry.|
|12:01||The message will state that his or her password is going to expire.|
|12:07||How can we force the user to change their password during their next login?|
|12:13||For that we have to use passwd command with -e option.|
|12:20||Type passwd space -e space amit|
|12:26||It will expire the user’s password immediately.|
|12:31||So, the user will be forced to change their password at their next login attempt.|
|12:38||Notice, it says password expiry information has changed.|
|12:44||Recall the chage command for the user amit.|
|12:49||So, password must be changed.|
|12:53||Now suppose the user’s password has already expired.|
|12:58||After password expiry, you can give the user a grace period.|
|13:04||The user will be able to change the login password within that grace period.|
|13:10||Otherwise, the user account will be disabled permanently.|
|13:15||That grace period is called period of inactivity.|
|13:20||You can set this inactivity period with the help of hyphen i option.|
|13:26||Let us set the grace period as 20 days for user amit.|
|13:32||Type passwd space hyphen i space 20 space amit|
|13:40||Notice, the user password information has now changed.|
|13:45||Till now, we have executed passwd command with only one option at a time.|
|13:52||Please note, you can also combine multiple options in a single command.|
|13:58|| For example:
This command sets the minimum and maximum days between password change as 10 and 20 respectively.
|14:10|| To exit from the root user access,
|14:15|| This brings us to the end of this tutorial.
Let us summarize.
|14:22|| In this tutorial we learnt about-
|14:27||Locking and unlocking password|
|14:32||Changing password expiry information|
|14:36|| As an assignment-
Change password expiry information of the user amit as follows
|14:44||Minimum number of days between password change: 20 days|
|14:49||Maximum number of days between password change: 100 days|
|14:54||Period of inactivity: 5 days|
|14:58||Use a single command to execute all of the above|
|15:03||Check the password expiry information by using chage command|
|15:09||Check password status by using the passwd command with the required option|
|15:16|| The video at the following link summarises the Spoken Tutorial project.
Please download and watch it.
|15:25|| The Spoken Tutorial Project team conducts workshops and gives certificates.
For more details, please write to us.
|15:35||Please post your timed queries in this forum.|
|15:39|| Spoken Tutorial Project is funded by NMEICT, MHRD, Government of India.
|15:45|| The script has been contributed by Antara and this is Praveen from IIT Bombay signing off.
Thank you for joining.