'\" t .\" Title: passwd .\" Author: Julianne Frances Haugh .\" Generator: DocBook XSL Stylesheets vsnapshot .\" Date: 07/02/2024 .\" Manual: User Commands .\" Source: shadow-utils 4.16.0 .\" Language: English .\" .TH "PASSWD" "1" "07/02/2024" "shadow\-utils 4\&.16\&.0" "User Commands" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" passwd \- change user password .SH "SYNOPSIS" .HP \w'\fBpasswd\fR\ 'u \fBpasswd\fR [\fIoptions\fR] [\fILOGIN\fR] .SH "DESCRIPTION" .PP The \fBpasswd\fR command changes passwords for user accounts\&. A normal user may only change the password for their own account, while the superuser may change the password for any account\&. \fBpasswd\fR also changes the account or associated password validity period\&. .SS "Password Changes" .PP The user is first prompted for their old password, if one is present\&. This password is then encrypted and compared against the stored password\&. The user has only one chance to enter the correct password\&. The superuser is permitted to bypass this step so that forgotten passwords may be changed\&. .PP After the password has been entered, password aging information is checked to see if the user is permitted to change the password at this time\&. If not, \fBpasswd\fR refuses to change the password and exits\&. .PP The user is then prompted twice for a replacement password\&. The second entry is compared against the first and both are required to match in order for the password to be changed\&. .PP Then, the password is tested for complexity\&. \fBpasswd\fR will reject any password which is not suitably complex\&. Care must be taken not to include the system default erase or kill characters\&. .SS "Hints for user passwords" .PP The security of a password depends upon the strength of the encryption algorithm and the size of the key space\&. The legacy \fIUNIX\fR System encryption method is based on the NBS DES algorithm\&. More recent methods are now recommended (see \fBENCRYPT_METHOD\fR)\&. The size of the key space depends upon the randomness of the password which is selected\&. .PP Compromises in password security normally result from careless password selection or handling\&. For this reason, you should not select a password which appears in a dictionary or which must be written down\&. The password should also not be a proper name, your license number, birth date, or street address\&. Any of these may be used as guesses to violate system security\&. .PP As a general guideline, passwords should be long and random\&. It\*(Aqs fine to use simple character sets, such as passwords consisting only of lowercase letters, if that helps memorizing longer passwords\&. For a password consisting only of lowercase English letters randomly chosen, and a length of 32, there are 26^32 (approximately 2^150) different possible combinations\&. Being an exponential equation, it\*(Aqs apparent that the exponent (the length) is more important than the base (the size of the character set)\&. .PP You can find advice on how to choose a strong password on http://en\&.wikipedia\&.org/wiki/Password_strength .SH "OPTIONS" .PP The options which apply to the \fBpasswd\fR command are: .PP \fB\-a\fR, \fB\-\-all\fR .RS 4 This option can be used only with \fB\-S\fR and causes show status for all users\&. .RE .PP \fB\-d\fR, \fB\-\-delete\fR .RS 4 Delete a user\*(Aqs password (make it empty)\&. This is a quick way to disable a password for an account\&. It will set the named account passwordless\&. .RE .PP \fB\-e\fR, \fB\-\-expire\fR .RS 4 Immediately expire an account\*(Aqs password\&. This in effect can force a user to change their password at the user\*(Aqs next login\&. .RE .PP \fB\-h\fR, \fB\-\-help\fR .RS 4 Display help message and exit\&. .RE .PP \fB\-i\fR, \fB\-\-inactive\fR\ \&\fIINACTIVE\fR .RS 4 This option is used to disable an account after the password has been expired for a number of days\&. After a user account has had an expired password for \fIINACTIVE\fR days, the user may no longer sign on to the account\&. .RE .PP \fB\-k\fR, \fB\-\-keep\-tokens\fR .RS 4 Indicate password change should be performed only for expired authentication tokens (passwords)\&. The user wishes to keep their non\-expired tokens as before\&. .RE .PP \fB\-l\fR, \fB\-\-lock\fR .RS 4 Lock the password of the named account\&. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a \(aa!\(aa at the beginning of the password)\&. .sp Note that this does not disable the account\&. The user may still be able to login using another authentication token (e\&.g\&. an SSH key)\&. To disable the account, administrators should use \fBusermod \-\-expiredate 1\fR (this set the account\*(Aqs expire date to Jan 2, 1970)\&. .sp Users with a locked password are not allowed to change their password\&. .RE .PP \fB\-n\fR, \fB\-\-mindays\fR\ \&\fIMIN_DAYS\fR .RS 4 Set the minimum number of days between password changes to \fIMIN_DAYS\fR\&. A value of zero for this field indicates that the user may change their password at any time\&. .RE .PP \fB\-q\fR, \fB\-\-quiet\fR .RS 4 Quiet mode\&. .RE .PP \fB\-r\fR, \fB\-\-repository\fR\ \&\fIREPOSITORY\fR .RS 4 change password in \fIREPOSITORY\fR repository .RE .PP \fB\-R\fR, \fB\-\-root\fR\ \&\fICHROOT_DIR\fR .RS 4 Apply changes in the \fICHROOT_DIR\fR directory and use the configuration files from the \fICHROOT_DIR\fR directory\&. Only absolute paths are supported\&. .RE .PP \fB\-P\fR, \fB\-\-prefix\fR\ \&\fIPREFIX_DIR\fR .RS 4 Apply changes to configuration files under the root filesystem found under the directory \fIPREFIX_DIR\fR\&. This option does not chroot and is intended for preparing a cross\-compilation target\&. Some limitations: NIS and LDAP users/groups are not verified\&. PAM authentication is using the host files\&. No SELINUX support\&. .RE .PP \fB\-S\fR, \fB\-\-status\fR .RS 4 Display account status information\&. The status information consists of 7 fields\&. The first field is the user\*(Aqs login name\&. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P)\&. The third field gives the date of the last password change\&. The next four fields are the minimum age, maximum age, warning period, and inactivity period for the password\&. These ages are expressed in days\&. .RE .PP \fB\-u\fR, \fB\-\-unlock\fR .RS 4 Unlock the password of the named account\&. This option re\-enables a password by changing the password back to its previous value (to the value before using the \fB\-l\fR option)\&. .RE .PP \fB\-w\fR, \fB\-\-warndays\fR\ \&\fIWARN_DAYS\fR .RS 4 Set the number of days of warning before a password change is required\&. The \fIWARN_DAYS\fR option is the number of days prior to the password expiring that a user will be warned that their password is about to expire\&. .RE .PP \fB\-x\fR, \fB\-\-maxdays\fR\ \&\fIMAX_DAYS\fR .RS 4 Set the maximum number of days a password remains valid\&. After \fIMAX_DAYS\fR, the password is required to be changed\&. .sp Passing the number \fI\-1\fR as \fIMAX_DAYS\fR will remove checking a password\*(Aqs validity\&. .RE .PP \fB\-s\fR, \fB\-\-stdin\fR .RS 4 This option is used to indicate that passwd should read the new password from standard input, which can be a pipe\&. .RE .SH "CAVEATS" .PP Password complexity checking may vary from site to site\&. The user is urged to select a password as complex as he or she feels comfortable with\&. .PP Users may not be able to change their password on a system if NIS is enabled and they are not logged into the NIS server\&. .PP \fBpasswd\fR uses PAM to authenticate users and to change their passwords\&. .SH "FILES" .PP /etc/passwd .RS 4 User account information\&. .RE .PP /etc/shadow .RS 4 Secure user account information\&. .RE .PP /etc/pam\&.d/passwd .RS 4 PAM configuration for \fBpasswd\fR\&. .RE .SH "EXIT VALUES" .PP The \fBpasswd\fR command exits with the following values: .PP \fI0\fR .RS 4 success .RE .PP \fI1\fR .RS 4 permission denied .RE .PP \fI2\fR .RS 4 invalid combination of options .RE .PP \fI3\fR .RS 4 unexpected failure, nothing done .RE .PP \fI4\fR .RS 4 unexpected failure, passwd file missing .RE .PP \fI5\fR .RS 4 passwd file busy, try again .RE .PP \fI6\fR .RS 4 invalid argument to option .RE .SH "SEE ALSO" .PP \fBchpasswd\fR(8), \fBmakepasswd\fR(1), \fBpasswd\fR(5), \fBshadow\fR(5), \fBusermod\fR(8)\&. .PP The following web page comically (yet correctly) compares the strength of two different methods for choosing a password: "https://xkcd\&.com/936/"