Linux "passwd" Command Line Options and Examples
the password file

The passwd command changes passwords for user accounts. A normal user may only change the password for his/her own account, while the superuser may change the password for any account. passwd also changes the account or associated password validity period.


passwd [options] [LOGIN]

Command Line Options:

This option can be used only with -S and causes show status for all users.
passwd -a ...
Delete a user's password (make it empty). This is a quick way to disable a password for an account. Itwill set the named account passwordless.
passwd -d ...
Immediately expire an account's password. This in effect can force a user to change his/her password atthe user's next login.
passwd -e ...
Display help message and exit.
passwd -h ...
This option is used to disable an account after the password has been expired for a number of days. Aftera user account has had an expired password for INACTIVE days, the user may no longer sign on to theaccount.
passwd -i ...
Indicate password change should be performed only for expired authentication tokens (passwords). The userwishes to keep their non-expired tokens as before.
passwd -k ...
Lock the password of the named account. This option disables a password by changing it to a value whichmatches no possible encrypted value (it adds a ´!´ at the beginning of the password).Note that this does not disable the account. The user may still be able to login using anotherauthentication token (e.g. an SSH key). To disable the account, administrators should use usermod
passwd -l ...
Users with a locked password are not allowed to change their password.
passwd --expiredate ...
Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this fieldindicates that the user may change his/her password at any time.
passwd -n ...
change password in REPOSITORY repository
passwd -r ...
Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory.
passwd -R ...
Display account status information. The status information consists of 7 fields. The first field is theuser's login name. The second field indicates if the user account has a locked password (L), has nopassword (NP), or has a usable password (P). The third field gives the date of the last password change.The next four fields are the minimum age, maximum age, warning period, and inactivity period for thepassword. These ages are expressed in days.
passwd -S ...
Unlock the password of the named account. This option re-enables a password by changing the password backto its previous value (to the value before using the -l option).
passwd -u ...
Set the number of days of warning before a password change is required. The WARN_DAYS option is the numberof days prior to the password expiring that a user will be warned that his/her password is about toexpire.
passwd -w ...
Set the maximum number of days a password remains valid. After MAX_DAYS, the password is required to bechanged.CAVEATSPassword complexity checking may vary from site to site. The user is urged to select a password as complex ashe or she feels comfortable with.Users may not be able to change their password on a system if NIS is enabled and they are not logged into theNIS server.passwd uses PAM to authenticate users and to change their passwords.FILES/etc/passwdUser account information./etc/shadowSecure user account information./etc/pam.d/passwdPAM configuration for passwd.EXIT VALUESThe passwd command exits with the following values:0success1permission denied2invalid combination of options3unexpected failure, nothing done4unexpected failure, passwd file missing5passwd file busy, try again6invalid argument to option
passwd -x ...