Passwd Command in Linux – Options + Examples

Last updated: May 2, 2022

Security is one of the many bragged features about Linux and it can be justified by the way it manages and authenticates its users. Authentication of users is done in Linux through passwords and public keys.

Linux distributions allow to set administrative accounts during the OS installation and this can be changed later if you have the required privilege. Generally, there is no default password set for any user accounts in Linux. When new users are created using the useradd, the account doesn't have a password; in order to login, the password has to be created separately.

In this tutorial, we’ll be learning about passwd command in Linux to change passwords in Linux. 


  • Any Linux system
  • Basic knowledge of Linux command line
  • An existing user account
  • Required privilege to run the command

Passwd Command

passwd is a command that changes user account passwords in the Linux system. A regular user has the privilege to only change the password for their individual account while a superuser (root) exercises the privilege to change passwords for any account in the system. 


passwd [option] [user]

The passwd command changes the user's password by modifying the passwords that are stored as encrypted strings in the /etc/shadow file. It can also be used to change the validity periods and other related settings for passwords associated with the account. 

After entering the passwd command in the terminal, users first need to enter their current password for verification. Superusers are exempt from this step when changing the passwords for other accounts, especially necessary to reset the forgotten passwords for user accounts.

After verifying the current password, passwd makes sure if the current user has the privilege to alter the password. 

Only if the current user has the privilege,  s/he is prompted for a new password. It checks the complexity of the set user passwords in the next step. If the password passes the complexity test, passwd prompts for retyping the new password. If the two passwords match, a new password is set for the user. 

The configuration files passwd uses are:

  • /etc/passwd - stores the user account information
  • /etc/shadow - stores secure user account information
  • /etc/pam.d/passwd - stores PAM configuration for passwd

Passwd command Options

  -a, --all  Display password status of every account in the system
  -d, --delete                  Remove user password
  -e, --expire                  Expire user's password immediately
  -h, --help                    Show this help information
  -k, --keep-tokens             Change password only in case of expired authentication tokens
  -i, --inactive INACTIVE      Deactivate the password after INACTIVE number of days following the password expiry
  -l, --lock                Lock the password for the account specified
  -n, --mindays MIN_DAYS       Set the minimum number of days between password changes to MIN_DAYS
  -q, --quiet                   Enable quiet mode
  -r, --repository REPOSITORY  Change password in REPOSITORY repository
  -R, --root CHROOT_DIR         Specify directory to chroot into
  -S, --status                Display account status information
  -u, --unlock                  Unlock the password of the named account
  -w, --warndays WARN_DAYS      Set the number of days before the required password change the user will be warned to WARN_DAYS
  -x, --maxdays MAX_DAYS        Set the maximum number of days the password remains valid for a user to MAX_DAYS

Passwd Command Examples

Now, we’ll be seeing the passwd commands in action with the following examples. 

Change User Password

Type passwd command without any option can change your own password.


$ passwd
passwd command

To change other users’ passwords, we can prefix the passwd with sudo (i.e. sudo passwd) provided that the current user is configured to access the superuser privileges. With sudo, we can even change the root password along with the passwords for other normal user accounts.

To change the root password, type:

sudo passwd root
change root password

Immediate password expiry 

To expire a user account's password immediately, we can use the -e option.

In the following example, we will expire the user named werewolf password immediately:

$ sudo passwd -e werewolf
change user password immediately

As we can see, we are provided with the message that the password expiry information changed.

This will prompt the users to change their password the next time they login. Now, if we login as werewolf, we will be prompted for a new password. 

$ su werewolf
prompt user to change password

Check password status for user 

Use the -S option to check the status of the password for a user.

Here we check the password status of the user named linuxopsys

check password status

Understanding password status output:

  • The user linuxopsys has a usable password (P) that is set to expire on 02/08/2022.
  • The user has to wait minimum 0 days between password changes i.e. can change password without any set interval.
  • The user has to change his password every 99999 days.
  • User will be warned 7 days before a required password change.
  • The number of days after which the user’s account will be disabled following the password expiry is set to -1 i.e. user account won't be disabled after the password expiry.

The password status seven columns are described in the following table.

Column Description
1User name 
2State of the password i.e. if the user has a locked password (L), no password (NP), or a usable password (P)
3Expiry date of the password
4User cannot change the password more often than every specified number of days
5Associated password validity period for the user account
6Number of days user will be warned before a required password change
7Number of days after which the user’s account will be disabled following the password expiry

We can also display the information about the status of passwords for all the users using the -a option along with the -S option.

$ sudo passwd -Sa
all users password status

Delete user password 

The -d option can be used to delete a user's password. It will make the named account passwordless.

In the following example, we delete the password for the user named werewolf:

$ sudo passwd -d werewolf
delete user password

The console gives a confirmation message that password expiry information changed for the user werewolf.

Now, switch to user werewolf without any password. 

verify no password login

Set inactive days after the password expiry 

Use -i option to set the number of inactive days following the password expiring after which the account will be deactivated.

In the following example, we set the number of inactive days as 7 for the user werewolf. It means that the user account werewolf will be deactivated after it has had an expired password for 7 days.

$ sudo passwd -i 7 werewolf
set account inactive

You can verify by typing: 

$ sudo passwd -S werewolf

Set minimum days to change the password

Use -n option, to set a minimum number of days between password changes so that the user will be unable to change the password for the specified number of days.

In the following example, we set the minimum number of days between which the user werewolf is able to change his password to 1.

$ sudo passwd -n 1 werewolf
minimum days to change password

Set warning period before password expiry

Use the -w option to set the number of days before the password expires the user will be warned about the expiring password.

To set the warning period to 5 days for the user named werewolf, type:

$ sudo passwd -w 5 werewolf
days in advance warning about password expiry

The number of warning days has changed to 5 in the password status:

verify by checking password status

Set maximum days password remains valid

Use -x option to set the maximum days of password validity for a user. After the specified validity period is over, the users are forced to change their password.

For example, to set the password validity period for the user werewolf to 7 day, type:

$ sudo passwd -x 7 werewolf
set maximum days password remain valid

Confirm by checking:

Lock a user account

Use passwd command with -l option to lock the user account. You will need to use sudo before the command or be a root user to perform this action.

For example, to lock the user named werewolf, type:

$ sudo passwd -l werewolf
lock user account

The user will not be able to log in until the system administrator unlocks his password again. 

You can confirm the user is locked by checking the password status, the L in the second column indicates the user account is locked.

check user locked

Once the user is locked, if you try to login with that user you get an authentication failure alert.

Unlock a user account

We can unlock the locked account with the -u option. For example to unlock the user werewolf run the following command:

sudo passwd -u werewolf 
unlock user account

The second column changed to P in the password status to confirm the user account is unlocked.

check unlocked user account

Enable quiet mode

Using the -q option enables the quiet mode which suppresses the messages such as ‘Changing password for $USER’ and some error messages.


$ passwd -q
enable quiet mode

Change Password in Bash

You can change a user account password in bash by using echo command pipe with passwd command.


echo -e "newpassword" | passwd username


In this tutorial, we became familiar with the passwd command which is used to change passwords. We have also covered some of the useful passwd command options with practical examples.



Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment