Syntax
passwd [-r | files | -r nis | -r nisplus ] [-a] [-d | -l] [-e] [-f] [-g] [-h] [-n min] [-s] [-w warn] [-x max] [-D domainname][ name ]
-r | Specifies the repository to which an operation is applied. The supported repositories are files, nis or nisplus. | ||||||||||||
-a | Show password attributes for all entries. Use only with the -s option; name must not be provided. For the nisplus repository, this will show only the entries in the NIS+ password table in the local domain that the invoker is authorized to “read”. For the files repository, this is restricted to the superuser. | ||||||||||||
-d | Deletes password for name. The login name will not be prompted for password. It is only applicable to the files repository. | ||||||||||||
-l | Locks password entry for name. | ||||||||||||
-e | Change the login shell. For the files repository, this only works for the super-user. Normal users may change the nis or nisplus repositories. The choice of shell is limited by the requirements of getusershell(3C). If the user currently has a shell that is not allowed by getusershell , only root may change it. | ||||||||||||
-f | Force the user to change password at the next login by expiring the password for name. | ||||||||||||
-g | Change the gecos (finger) information. For the files repository, this only works for the superuser. Normal users may change the nis or nisplus repositories. | ||||||||||||
-h | Change the home directory. | ||||||||||||
-n min | Set minimum field for name. The min field contains the minimum number of days between password changes for name. If min is greater than max, the user may not change the password. Always use this option with the -x option, unless max is set to -1 (aging turned off). In that case, min need not be set. | ||||||||||||
-s | Displays information including your username and if you do/don’t have a password (This command will not actually show the password.)Below is the format the password information for the login id will be displayed:name status mm/dd/yy min max warn
|
||||||||||||
-w warn | Set warn field for name. The warn field contains the number of days before the password expires and the user is warned. This option is not valid if password aging is disabled. | ||||||||||||
-x max | Set maximum field for name. The max field contains the number of days that the password is valid for name. The aging for name will be turned off immediately if max is set to -1. If it is set to 0, then the user is forced to change the password at the next login session and aging is turned off. | ||||||||||||
-D domainname | Consult the passwd.org_dir table in domainname. If this option is not specified, the default domainname returned by nis_local_directory(3N) will be used. This domain name is the same as that returned by domainname(1M). | ||||||||||||
name | Login ID of user |
Passwd command: Following are common uses
Change user password for rocky
# passwd rocky
Force password change at next logon
# passwd -f rocky
Nullify password (aka delete password)
# passwd -d rocky
Use above only if you need password less account
Disable account / Lock account
# passwd -l rocky
To enable disabled / locked account, assign a new password
# passwd rocky
List user password aging
# passwd -s rocky
Force aging – minimum number of days before user are allowed to password
# passwd -n 30 rocky
Force aging – maximum number of days a user need to wait between password change
# passwd -x 90 rocky
Change group password
# passwd –g groupname
To see password status for any user account
# passwd –S username