Request demo

  • Modern UX

    Edit and navigate faster in the terminal with Warp's IDE-like input editor.

  • Warp AI

    AI suggests what commands to run and learns from your documentation.

  • Agent Mode

    Delegate tasks to AI and use natural language on the command line.

  • Warp Drive

    Save and share interactive notebooks, workflows, and environment variables.

  • All Features

Change User Passwords In Linux

Thumbnail for Razvan LudosanuRazvan Ludosanu

Razvan Ludosanu

Founder, learnbackend.dev

Published: 3/25/2024

About Terminus

The short answer

In Linux, to change the password of user, you can use the passwd command as follows:

$ sudo passwd <username>

Run in Warp

After running the command, you'll be prompted to enter the new password twice for confirmation. Note that when typing the password, no characters will be displayed on the screen for security reasons.

Also note that this command requires superuser privileges to run (i.e.sudo) as it manipulates the /etc/passwd and /etc/shadowsystem authentication files.

For example, the following command will change the password of the johndoe user account:

$ sudo passwd johndoe
New password:
Retype new password:
passwd: password updated successfully

Run in Warp

Changing the password of multiple users

To change the password of multiple users at once, you can use the chpasswd  command that reads username-password pairs from the standard input:

$ sudo chpasswd

Run in Warp

Where the username and the password are separated by a colon character:

username:password

Run in Warp

Once you've entered your user account list, you can press CTRL + D  to send an EOF (End of File) signal and execute the command.

Note that, by default, the supplied passwords must be written in clear-text as they will be automatically encrypted by the chpasswd  command.

For example, the following command will change the passwords of both the alice  and bob  user accounts:

$ sudo chpasswd
alice:helloworld
bob:hallowelt
^D

Run in Warp

Reading username-password pairs from a file

Since the chpasswd  reads directly from the standard input, you can create a list of username-password pairs into a regular file:

username1:password1
username2:password2

Run in Warp

And feed this file to the chpasswd command using the input redirection operator as follows:

sudo chpasswd <passwords.txt

Run in Warp

Note that in order to restrict access and prevent unauthorized users from reading or modifying this file, you can change its permissions to only allow the owner to perform these action using the chmod command as follows:

$ chmod 600 passwords.txt

Run in Warp

You can learn more about the chmod command by reading our other article on how to change file permissions in Linux.

Changing a password’s expiration date

In Linux, setting a password expiration date helps enhance the security of user accounts by mitigating the risk of long-term password compromise.

To change the expiration date of a password and force the user to change it past that date, you can use the chage  command with the -E  flag (short for --expiredate ) as follows:

$ sudo chage -E <date> <username>

Run in Warp

Where:

  • date  is a date in the YYYY-MM-DD  format.

This implies that after this date, the user will not be able to log in without resetting their password.

For example, the following command will set the expiration date of the johndoe  user account password to June 3rd, 2024:

$ sudo chage -E 2024-06-03 johndoe

Run in Warp

Expiring a password immediately

To immediately expire a password and force a user to change their password upon next login, you can use the passwd  command with the -e  flag (short for --expire ) as follows:

$ sudo passwd -e <username>

Run in Warp

Locking user accounts with expired passwords

To automatically lock user accounts with expired passwords that haven't been used in a certain period of time, you can use the chage  command with the -I  flag (short for --inactive ) as follows:

$ sudo chage -I <days> <username>

Run in Warp

Note that setting the number of days to -1  will remove the account's inactivity.

For example, the following command will allow the johndoe  user account to be inactive for 30 days after its password has expired before being automatically locked:

$ sudo chage -I 30 johndoe

Run in Warp

Enforcing a periodic password change

To set the maximum number of days during which a password is valid, you can use the chage  command with the -M  flag (short for --maxdays ) as follows:

$ sudo chage -M <days> <username>

Run in Warp

Note that setting the maximum amount of days to 0  will force the user to change their password every single time they log in, and setting it to -1  will remove the password's validity check, which means that a user will be able to keep the same password indefinitely.

For example, the following command will force the johndoe  user to change their password every 10 days:

$ sudo chage -M 10 johndoe

Run in Warp

Defining a minimum period between password changes

To define the minimum number of days between two password changes, you can use the chage command with the -m flag (short for --mindays) as follows:

$ sudo chage -m <days> <username>

Run in Warp

Note that setting the amount of days to 0  will allow users to change their password at any time.

For example, the following command will only allow the johndoe  user to change their password every 10 days:

$ sudo chage -m 10 johndoe

Run in Warp

Generating random passwords

In general, randomly generated passwords are usually harder to guess and more resistant to brute-force or dictionary attacks compared to passwords created by humans.

Here are two methods you can use to generate random password.

Generating simple passwords using openssl

To generate a random password, you can use the openssl rand  command with the -base64  flag to generate a Base64-encoded string as follows:

$ openssl rand -base64  <length>

Run in Warp

Where:

  • length  is the length of the password string in bytes.

For example, the following command will generate a random Base64-encoded password of 10 characters:

$ openssl rand -base64 10
wjPuE3+Cp7s/Vn

Run in Warp

Generating complex passwords using the urandom file

On Unix-like operating systems, the /dev/urandom  file is used to generate a pseudo-random stream of bytes using the kernel's random number generator.

To generate complex password that include both alphanumeric characters and punctuation characters like ! , -  or @ , you can combine the tr  and head  commands as follow:

$ LC_ALL=C tr -dc '[:alnum:][:punct:]' < /dev/urandom | head -c <length > ; echo

Run in Warp

Where:

  • LC_ALL=C  is an environment variable used to prevent any potential issues with character interpretations.
  • tr -dc  is used to process an input stream and delete the characters that don't match the specified character classes.
  • '[:alnum:][:punct:]'  is used to specify the character classes used by the tr  command, where [:alnum:]  represents alphanumeric characters and [:punct:]  represents punctuation characters.
  • head -c  is used to limit the output of the tr  command to a specific length.
  • echo  is used to print a new line.

For example, the following command will generate a pseudorandom password of 10 characters:

bash $ LC_ALL=C tr -dc '[:alnum:][:punct:]' > /dev/urandom | head -c 10 ; echo
p\0i}BIxQx

Run in Warp

Written by

Thumbnail for Razvan LudosanuRazvan Ludosanu

Razvan Ludosanu

Founder, learnbackend.dev

Filed Under

Related Articles

List Open Ports in Linux

Learn how to output the list of open TCP and UDP ports in Linux, as well as their IP addresses and ports using the netstat command.

UnixLinux
Thumbnail for Razvan LudosanuRazvan Ludosanu

Count Files in Linux

Learn how to count files and folders contained in directories and subdirectories in Linux using the ls, find, and wc commands.

LinuxUnix
Thumbnail for Razvan LudosanuRazvan Ludosanu

How to Check the Size of Folders in Linux

Learn how to output the size of directories and subdirectories in a human-readable format in Linux and macOS using the du command.

LinuxUnix
Thumbnail for Razvan LudosanuRazvan Ludosanu

Linux Chmod Command

Understand how to use chmod to change the permissions of files and directories. See examples with various chmod options.

Linux
Thumbnail for Razvan LudosanuRazvan Ludosanu

POST JSON Data With Curl

How to send valid HTTP POST requests with JSON data payloads using the curl command and how to avoid common syntax pitfalls. Also, how to solve the HTTP 405 error code.

BashUnixLinux
Thumbnail for Neeran GulNeeran Gul

Format Command Output In Linux

Learn how to filter and format the content of files and the output of commands in Linux using the awk command.

Linux

Create Groups In Linux

Learn how to manually and automatically create and list groups in Linux.

Linux

Switch Users In Linux

Learn how to switch between users, log in as another user, and execute commands as another user in Linux.

Linux

Remover Users in Linux

Learn how to remove local and remote user accounts and associated groups and files in Linux using the userdel and deluser commands.

Linux

Delete Files In Linux

Learn how to selectively delete files in Linux based on patterns and properties using the rm command.

Linux

Find Files In Linux

Learn how to find and filter files in Linux by owner, size, date, type and content using the find command.

Linux

Copy Files In Linux

Learn how to safely and recursively copy one or more files locally and remotely in Linux using the cp and scp command.

Linux

Trusted by hundreds of thousands of professional developers

Download Warp to get started

Download for Mac
Request demo
Thumbnail for null