To change your own password, run passwd with no arguments:
passwdIt asks for your current password, then the new one twice. To change another user's password you need root:
sudo passwd deploy
Root skips the rules; users don't
When you change your own password, passwd enforces the system policy: minimum length, complexity, not reusing the old one. When root sets a password, it can override all of that, which is why sudo passwd deploy never prompts for the user's old password and will accept a weak one with only a warning. That is by design: an admin resetting a forgotten password should not be blocked by the policy.
Force the user to change it at next login
After an admin reset, you usually want the user to pick their own password immediately. Expire it so they are prompted on next login:
sudo passwd -e deploy # expire now; prompt at next loginThere is a dedicated guide to forcing a change, including the chage -d 0 equivalent.
Check and lock from the same command
sudo passwd -S deploy # status: P usable, L locked, NP no password
sudo passwd -l deploy # lock the password
sudo passwd -u deploy # unlockNote that passwd -l locks the password only; an SSH key still works. For a full lockout see lock and unlock a user account.
Set a password non-interactively (scripts)
For automation, pipe it through chpasswd rather than trying to script the interactive prompt:
echo 'deploy:S3cret-pass' | sudo chpasswdUseful in provisioning, but the password lands in shell history and process listings, so prefer SSH keys for anything that matters and reserve this for throwaway environments.
FAQ
See also
- Force a password change at next login: the passwd -e and chage -d 0 details.
- Set password expiry and account aging: max age, warnings, and account expiry.
- Lock and unlock a user account: the passwd -l/-u states.
- How to Create a User on Linux: set the first password at creation.
Sources
Authoritative references this article was fact-checked against.
