NAME¶
passwd - change user password
SYNOPSIS¶
passwd [option...] [user]
DESCRIPTION¶
The passwd command changes passwords for user accounts.
While an administrator may change the password for any account, a normal
user is only allowed to change the password for their own account.
passwd can also change account information, such as the full name of
the user, their login shell and password expiry dates or disable an
account.
This implementation does not require the setuid bit set, instead
it will communicate via the varlink protocol with pwaccessd(8) and
pwupd(8) to read and modify the account data.
OPTIONS¶
-d, --delete
The password of the given account can be deleted by the
system administrator. If the PAM stack is configured accordingly, the user can
log in without entering a password.
-e, --expire
Immediately expire the password. The user will be forced
to change the password at next login.
-h, --help
Print a verbose help text and exit.
-I, --inactive days
This option is used to set the number of days of
inactivity after a password has expired before the account is locked. A user
whose account is locked must contact the system administrator before being
able to use the account again. A value of -1 disables this feature.
-k, --keep-tokens
Keep non-expired authentication tokens. The password will
only be changed if it is expired. This functionality depends on the used PAM
modules to change the password.
-l, --lock
A system administrator can lock the account of the
specified user by adding a ! in front of the password, so that it
cannot match anything.
-m, --mindays #days
With this option the minimum number of days between
password changes is changed. A value of zero for this field indicates that the
user may change her password at any time. Else the user will not be permitted
to change the password until minimum number of days have elapsed.
-M, --maxdays #days
With this option the maximum number of days during which
a password is valid is changed. When maxdays plus lastday is
less than the current day, the user will be required to change his password
before being able to use the account.
-q, --quiet
Suppress informal messages. This mainly depends on the
used PAM modules.
-s, --stdin
Read the password from stdin, which could also be a pipe.
Other input requested from a PAM module will lead to an error.
-S, --status
Report password status on the named account. The first
part indicates if the user account is locked (LK), has no password (NP), or
has an existing or locked password (PS). The second part gives the date of the
last password change. The next parts are the minimum age, maximum age, warning
period, and inactivity period for the password.
-u, --unlock
A system administrator can unlock the specified account
by removing the ! in front of the password again. This can lead to a
password less account, if it was password less before, too.
-v, --version
Print version information and exit.
-w, --warndays #days
With this option the number of days of warning before a
password change is required can be changed. This option is the number of days
prior to the password expiring that a user will be warned the password is
about to expire.
FILES¶
/etc/passwd
user account information
/etc/shadow
shadow user account information