Skip to content

passwd Command Cheat Sheet

passwd allows users to change their account passwords and allows administrators to manage password policies.

Synopsis

passwd [options] [LOGIN]

Changing Passwords

Change Your Own Password

passwd
(Prompts for current, then new password).

Change Another User's Password (Root)

sudo passwd username
(Does not ask for the old password).

Force Password Change on Next Login (-e)

Expire the password immediately.

sudo passwd -e username

Locking & Unlocking

Lock Account (-l)

Prevents the user from logging in via password. (Does not prevent SSH Key login!).

sudo passwd -l username

Unlock Account (-u)

sudo passwd -u username

Status & Info

Check Account Status (-S)

Displays status code: - P: Usable password. - L: Locked. - NP: No password.

sudo passwd -S username
# Output: alice P 01/01/2024 0 99999 7 -1

Password Aging (Policies)

Set persistent rules for a user.

Set Minimum/Maximum Days

  • Minimum days between changes (-n).
  • Maximum days valid (-x).
  • Warning days before expiry (-w).
# Must wait 10 days to change again. Expire in 90 days. Warn 7 days before.
sudo passwd -n 10 -x 90 -w 7 username

Advanced: Pipe Input

Common in automation scripts to set password non-interactively. Warning: Only use this in secure environments (command history logs might capture it).

echo "username:newpassword" | sudo chpasswd
(Better than piping to passwd).

If you MUST pipe to passwd: 

echo "newpassword" | sudo passwd --stdin username
(Note: --stdin flag is not available on all distros, mainly RHEL/CentOS).

Notes

  • File: passwd updates /etc/shadow (secure), not /etc/passwd.
  • Delete Password: passwd -d username allows login without a password (very insecure).