Password Management in Linux

Linux provides commands to:

1. Set passwords
2. Change passwords
3. Lock accounts
4. Expire passwords
5. Enforce password policies

Main commands:

1. passwd
2. chage

1. passwd Command

Purpose

Used to:

1. Set user passwords
2. Change passwords
3. Lock/unlock accounts
4. Manage password expiry

Basic Syntax

passwd

Changes current user's password.

Change Another User Password

sudo passwd devuser

Example

sudo passwd aryan

System asks:

New password:

Retype new password:

Password Stored Where?

Encrypted passwords are stored in:

/etc/shadow

Lock User Account

sudo passwd -l devuser

• l = lock

User cannot log in.

Unlock User Account

sudo passwd -u devuser

Expire Password Immediately

sudo passwd -e devuser

User must change password at next login.

Delete User Password

sudo passwd -d devuser

Removes password.

Not recommended for production systems.

Check Password Status

sudo passwd -S devuser

Example Output

devuser P 05/18/2026 0 99999 7 -1

2. chage Command

Purpose

Manages password aging policies.

Used for:

1. Password expiry
2. Password warnings
3. Password age limits

View Password Aging Information

sudo chage -l devuser

Example Output

Last password change
Password expires
Password inactive
Account expires

Set Maximum Password Age

sudo chage -M 90 devuser

Password expires after:

90 days

Set Minimum Password Age

sudo chage -m 7 devuser

User cannot change password before:

7 days

Set Warning Days

sudo chage -W 5 devuser

Warn user:

5 days before expiry

Set Account Expiry Date

sudo chage -E 2026-12-31 devuser

Disable Password Expiry

sudo chage -M -1 devuser

Real-World Usage

Enterprise Password Policy

sudo chage -M 90 -m 7 -W 7 devuser

Meaning:

1. Max age = 90 days
2. Minimum = 7 days
3. Warning = 7 days

Important Password Files

File	Purpose
/etc/passwd	User info
/etc/shadow	Password hashes
/etc/login.defs	Password policy defaults

Real-World DevOps Examples

Force Password Reset

sudo passwd -e developer

Lock Inactive Employee

sudo passwd -l employee1

Set Security Policy

sudo chage -M 60 -W 7 admin

Common Password Security Rules

1. Minimum 8–12 characters
2. Uppercase letters
3. Lowercase letters
4. Numbers
5. Special characters

Check Password Policy

cat /etc/login.defs

Best Practices

1. Use strong passwords
2. Enable password expiry in enterprises
3. Lock unused accounts
4. Avoid passwordless accounts
5. Audit /etc/shadow permissions regularly