The passwd command can be used to create or update an encrypted password. The chage command can be used to view a users account.

Change password

The passwd command followed by the username can be used to change the password.

[root@server1 ~]# passwd user1
New UNIX password: ********
Retype UNIX password: ********

The second field of the /etc/shadow file will contain the new, encrypted password.

[root@server1 ~]# cat /etc/shadow | grep user1
user1:$6HV7FH3HVNFH7X8DJ1MDHC8SA7J1M388E8SJSJDMD71J37A:1002:1002::/home/user1:

Delete password

The passwd -d command can be used to delete a users password.

[root@server1 ~]# passwd -d user1

The second field of the /etc/shadow file will be empty.

[root@server1 ~]# cat /etc/shadow | grep user1
user1::1002:1002::/home/user1:

Immediately expire password

The passwd -e command can be used to immediately expire a users password.

[root@server1 ~]# passwd -e user1

The chage command will show password must be changed.

[root@server1 ~]# chage -l user1
Last password change                               : password must be changed
Password expires                                   : password must be changed
Password inactive                                  : password must be changed
Account expires                                    : never
Minimum number of days between password change     : 0 
Maximum number of days between password change     : 99999
Number of days of warning before password expires  : 7

Make account inactive

The passwd -i command can be used to make a users account inactive. In this example, user1 will become inactive after 1 day.

[root@server1 ~]# passwd -i 1 user1

The chage command will show when the account will be inactive.

[root@server1 ~]# chage -l user1
Last password change                               : Aug 01, 2016
Password expires                                   : Aug 01, 2017
Password inactive                                  : Aug 08, 2017
Account expires                                    : never
Minimum number of days between password change     : 0 
Maximum number of days between password change     : 99999
Number of days of warning before password expires  : 1

Lock user account

The passwd -l command can be used to lock a users account.

[root@server1 ~]# passwd -l user1

The second field of the /etc/shadow file will begin with an exclamation point, signfying the password is bad and cannot be used.

[root@server1 ~]# cat /etc/shadow | grep user1
user1:!$6HV7FH3HVNFH7X8DJ1MDHC8SA7J1M388E8SJSJDMD71J37A:1002:1002::/home/user1:

Unlock user account

The passwd -u command can be used to unlock a users account.

[root@server1 ~]# passwd -u user1

The second field of the /etc/shadow file will not begin with an exclamation point, signfying the password is not locked.

[root@server1 ~]# cat /etc/shadow | grep user1
user1:$6HV7FH3HVNFH7X8DJ1MDHC8SA7J1M388E8SJSJDMD71J37A:1002:1002::/home/user1:

Change minimum days between password change

The passwd -n command can be used to set the minimum number of days that must elapse before a password can be changed. Set this to 0 to disable minimum number of days between password change.

[root@server1 ~]# passwd -n 14 user1

The chage command will show the minimum number of days that must elapse before a password can be changed.

[root@server1 ~]# chage -l user1
Last password change                               : Aug 01, 2016
Password expires                                   : Aug 01, 2017
Password inactive                                  : never
Account expires                                    : never
Minimum number of days between password change     : 14
Maximum number of days between password change     : 99999
Number of days of warning before password expires  : 7

Change maximum days between password change

The passwd -x command can be used to set the maximum number of days that can elapse before a password must be changed. Set this to 0 to disable maximum number of days.

[root@server1 ~]# passwd -x 365 user1

The chage command will show the maximum number of days that can elapse before a password must be changed.

[root@server1 ~]# chage -l user1
Last password change                               : Aug 01, 2016
Password expires                                   : Aug 01, 2017
Password inactive                                  : never
Account expires                                    : never
Minimum number of days between password change     : 14
Maximum number of days between password change     : 365
Number of days of warning before password expires  : 7

Change number of days of warning before password expires

The passwd -w command can be used to change the number of days of warning before password expires.

[root@server1 ~]# passwd -w 14 user1

The chage command will show the maximum number of days that can elapse before a password must be changed.

[root@server1 ~]# chage -W 14 user1

[root@server1 ~]# chage -l user1
Last password change                               : Aug 01, 2016
Password expires                                   : Aug 01, 2017
Password inactive                                  : never
Account expires                                    : never
Minimum number of days between password change     : 1
Maximum number of days between password change     : 365
Number of days of warning before password expires  : 14