TechEarl

How to Change a User Password on Linux (passwd)

Change your own or another user's password with passwd, force a reset at next login, and the rules root can set that ordinary users cannot.

Ishan Karunaratne⏱️ 3 min readUpdated
Share thisCopied
Change your own or another user's password on Linux with passwd, force a reset, and the controls root has over a password that users do not.

To change your own password, run passwd with no arguments:

bash
passwd

It asks for your current password, then the new one twice. To change another user's password you need root:

bash
sudo passwd deploy
Root terminal running passwd deploy, entering a new password twice, and the system replying password updated successfully.
As root, passwd does not ask for the old password and reports 'password updated successfully' when done.

Root skips the rules; users don't

When you change your own password, passwd enforces the system policy: minimum length, complexity, not reusing the old one. When root sets a password, it can override all of that, which is why sudo passwd deploy never prompts for the user's old password and will accept a weak one with only a warning. That is by design: an admin resetting a forgotten password should not be blocked by the policy.

Force the user to change it at next login

After an admin reset, you usually want the user to pick their own password immediately. Expire it so they are prompted on next login:

bash
sudo passwd -e deploy        # expire now; prompt at next login

There is a dedicated guide to forcing a change, including the chage -d 0 equivalent.

Check and lock from the same command

bash
sudo passwd -S deploy        # status: P usable, L locked, NP no password
sudo passwd -l deploy        # lock the password
sudo passwd -u deploy        # unlock

Note that passwd -l locks the password only; an SSH key still works. For a full lockout see lock and unlock a user account.

Set a password non-interactively (scripts)

For automation, pipe it through chpasswd rather than trying to script the interactive prompt:

bash
echo 'deploy:S3cret-pass' | sudo chpasswd

Useful in provisioning, but the password lands in shell history and process listings, so prefer SSH keys for anything that matters and reserve this for throwaway environments.

FAQ

Because root is allowed to reset any password without knowing the current one, which is the whole point of an admin reset. Changing your own password with plain passwd does require the old one and enforces the complexity policy; root bypasses both.

Expire the current password: sudo passwd -e deploy (or sudo chage -d 0 deploy). The next time they log in they are forced to set a new one before reaching a shell. See force a password change.

Use chpasswd: echo 'deploy:newpass' | sudo chpasswd. Be aware the password appears in shell history and process listings, so this is only safe in disposable environments. For real systems, use SSH keys instead of scripted passwords.

See also

Sources

Authoritative references this article was fact-checked against.

TagsLinuxpasswdPasswordUser ManagementSecurity

Found this useful? Pass it on.

Copied

Ishan Karunaratne

Software Systems Architect · Senior Software Engineer · Engineering Leadership

Software systems architect and senior software engineer with more than two decades designing, building, and running production software, Linux systems, and DevOps infrastructure, and lately working AI into the stack. Now a CTO, though what I write here is drawn from the full arc of that work, across architecture, engineering, and operations, not any single job.

Keep reading

Related posts