passwd Command in Linux: Change User Passwords
In Linux, user passwords are changed with the passwd command. The encrypted passwords and aging information are stored in the /etc/shadow
file.
As a regular user, you can only change your own password. The root user and users with sudo
privileges can change another user’s password and control how the password can be used or changed.
When changing a password, make sure you use a strong and unique password. A strong password has at least 16 characters and contains at least one uppercase letter, one lowercase letter, one number, and one special character.
The instructions in this guide work on any Linux distribution, including Ubuntu, Debian, and CentOS.
passwd Command Syntax
The basic passwd syntax is:
passwd [OPTIONS] [USERNAME]Run passwd without a username to change your own password. Run it as root, or with sudo, followed by a username to change another user’s password.
Changing Your Own Password
To change your own password, run passwd without any arguments:
passwdYou will be prompted to enter your current password. If correct, the command will ask you to enter and confirm the new password:
Changing password for linuxize.
Current password:
New password:
Retype new password:
passwd: password updated successfullyLog in again using the new password.
Changing Another User’s Password
To change the password of another user account, run the passwd command followed by the username. For example, to change the password of a user named sansa:
sudo passwd sansaYou will be prompted to enter and confirm the new password:
New password:
Retype new password:
passwd: password updated successfullyUnlike changing your own password, you are not asked for the current password.
Changing the Root Password
To change the root password, run:
sudo passwd rootEnter and confirm the new root password when prompted.
If you do not know the current root password and have sudo access, this is the way to reset it.
sshd_config.Removing a Password (Empty Password)
To remove a user’s password (set it to empty), use the -d option:
sudo passwd -d sansaAn empty password allows passwordless login, so use this only in controlled environments.
Forcing a Password Change at Next Login
To force a user to change their password the next time they log in, expire the password with the --expire option:
sudo passwd --expire sansaThe next time the user tries to log in, they will see a message requiring them to set a new password:
WARNING: Your password has expired.
You must change your password now and login again!
Current password:
New password:
Retype new password:
passwd: password updated successfully
Connection to 192.168.1.10 closed.You can also use chage to achieve the same result:
sudo chage -d 0 sansaPassword Aging Policy with chage
The chage command controls password aging. It allows you to set expiration dates, minimum and maximum password age, and warning periods.
To view the password aging information for a user:
sudo chage -l sansaLast password change : Feb 03, 2026
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7Common chage options:
Set the maximum number of days a password is valid (e.g., 90 days):
Terminalsudo chage -M 90 sansaSet the minimum number of days between password changes (e.g., 7 days):
Terminalsudo chage -m 7 sansaSet the number of warning days before the password expires (e.g., 14 days):
Terminalsudo chage -W 14 sansaSet an account expiration date:
Terminalsudo chage -E 2026-12-31 sansa
Locking and Unlocking a User Account
To lock a user account so they cannot log in:
sudo passwd -l sansapasswd: password expiry information changed.This prepends a ! to the encrypted password in /etc/shadow, making it invalid.
To unlock the account:
sudo passwd -u sansaTo check whether an account is locked:
sudo passwd -S sansaThe second field shows L for locked or P for a usable password.
Quick Reference
| Task | Command |
|---|---|
| Change your own password | passwd |
| Change another user’s password | sudo passwd username |
| Change the root password | sudo passwd root |
| Force password change at next login | sudo passwd --expire username |
| View password aging info | sudo chage -l username |
| Set max password age (90 days) | sudo chage -M 90 username |
| Set min password age (7 days) | sudo chage -m 7 username |
| Set warning days (14 days) | sudo chage -W 14 username |
| Set account expiration date | sudo chage -E YYYY-MM-DD username |
| Lock a user account | sudo passwd -l username |
| Unlock a user account | sudo passwd -u username |
| Check account lock status | sudo passwd -S username |
FAQ
How do I change the root password if I forgot it?
If you have sudo access, run sudo passwd root. If you do not have sudo access, boot into single-user mode or a recovery environment to reset it.
What are the password requirements in Linux?
By default, Linux uses PAM (Pluggable Authentication Modules) to enforce password quality. The default rules depend on the distribution and PAM configuration in /etc/pam.d/. You can install libpam-pwquality (or pam_pwquality on RHEL-based systems) to configure minimum length, character classes, and other requirements.
What is the difference between passwd --expire and chage -d 0?
Both commands force the user to change their password at the next login. passwd --expire is simpler; chage -d 0 sets the “last password change” date to epoch 0, which has the same effect.
Can I change a password non-interactively in a script?
Yes. Pipe the new password to chpasswd:
echo "username:newpassword" | sudo chpasswdWhat does locking an account with passwd -l do?
It prepends ! to the hashed password in /etc/shadow, making password authentication impossible. It does not disable SSH key-based login. To fully disable an account, use usermod -s /usr/sbin/nologin username as well.
Conclusion
The passwd command handles password changes for your own account and other users. Use chage to manage password aging policies like expiration and minimum age. To lock or unlock accounts, use passwd -l and passwd -u.
For more information, type man passwd or man chage in your terminal.
If you have any questions, feel free to leave a comment below.
Linuxize Weekly Newsletter
A quick weekly roundup of new tutorials, news, and tips.
About the authors
Dejan Panovski
Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.
View author page