Used to allow users to change their passwords
passwd command is used to set user authentication information, including user password, password expiration time, etc. System administrators can use it to manage system user passwords. Only administrators can specify user names, and general users can only change their own passwords.
passwd(options)(parameters)
-d: Delete the password, only system administrators can use it;
-f: forced execution;
-k: The setting can only be updated after the password expires;
-l: lock password;
-s: Lists password-related information, which can only be used by system administrators;
-u: Unlock a locked account.
Username: Username for which password needs to be set.
Files related to user and group account information
Store user information:
/etc/passwd
/etc/shadow
Store group information:
/etc/group
/etc/gshadow
User information file analysis (separate each item with :
)
For example: jack:X:503:504:::/home/jack/:/bin/bash
jack # Username
X # Password, password
503 #User ID (0 represents root, ordinary new users start from 500)
504 # Group
: # describe
/home/jack/ #User home directory
/bin/bash # User default Shell
Group information file analysis
For example: jack:$!$:???:13801:0:99999:7:*:*:
jack # group name
$!$ # Encrypted password
13801 # The number of days between the creation date and today
0 # Minimum number of digits in password
99999 # User password
7 # Reminder when 7 days are up
* # Number of days of banning
* # Expiration days
If an ordinary user executes passwd, he can only change his own password. If you want to create a password for the new user after creating a new user, use the passwd username, and be sure to create it with the permissions of the root user.
[root@localhost ~]# passwd linuxde # Change or create the password of the linuxde user;
Changing password for user linuxde.
New UNIX password: # Please enter a new password;
Retype new UNIX password: # Enter again;
passwd: all authentication tokens updated successfully. # Success;
If ordinary users want to change their passwords, they can directly run passwd. For example, the current operating user is linuxde.
[linuxde@localhost ~]$ passwd
Changing password for user linuxde. # Change the password of user linuxde;
(current) UNIX password: # Please enter the current password;
New UNIX password: # Please enter a new password;
Retype new UNIX password: # Confirm new password;
passwd: all authentication tokens updated successfully. # Change successfully;
For example, if we prevent a user from changing their password, we can use the -l
option to lock it:
[root@localhost ~]# passwd -l linuxde # Lock user linuxde and cannot change the password;
Locking password for user linuxde.
passwd: Success # Lock successful;
[linuxde@localhost ~]# su linuxde # Switch to the linuxde user through su;
[linuxde@localhost ~]$ passwd # linuxde to change the password;
Changing password for user linuxde.
Changing password for linuxde
(current) UNIX password: # Enter the current password of linuxde;
passwd: Authentication token manipulation error #Failed, cannot change password;
Another example:
[root@localhost ~]# passwd -d linuxde # Clear the linuxde user password;
Removing password for user linuxde.
passwd: Success # Clear successfully;
[root@localhost ~]# passwd -S linuxde # Query the linuxde user password status;
Empty password. # Empty password, that is, no password;
Note: When we clear a user's password, there is no need for a password when logging in. This should be noted.