passwd - change login password and password attributes
passwd [ name ]
passwd [ -l | -d ] [ -n min ] [ -f ] [ -x max ] [ -w warn ] name
passwd -s [ -a ]
passwd -s [ name ]
The passwd command changes the password or lists password attributes
associated with the user's login name. Additionally, super-users may use
passwd to install or change passwords and attributes associated with any
login name. Passwords for NIS entries that don't override the passwd
field with a local value must be changed with yppasswd(1).
When used to change a password, passwd prompts ordinary users for their
old password, if any. It then prompts for the new password twice. The
first time the new password is entered passwd checks to see if the old
password has ``aged'' sufficiently. (Aging is not supported for NIS
entries, even if they have locally overridden passwords.) Password
"aging" is the amount of time (usually a certain number of days) that
must elapse between password changes. If ``aging'' is insufficient the
new password is rejected and passwd terminates; see passwd(4).
Assuming ``aging'' is sufficient, a check is made to insure that the new
password meets construction requirements. When the new password is
entered a second time, the two copies of the new password are compared.
If the two copies are not identical the cycle of prompting for the new
password is repeated for at most two more times.
Passwords must be constructed to meet the following requirements:
Each password must have at least six characters. Only the first
eight characters are significant.
Each password must contain at least two alphabetic characters and at
least one numeric or special character. In this case,
``alphabetic'' means upper and lower case letters.
Each password must differ from the user's login name and any reverse
or circular shift of that login name. For comparison purposes, an
upper case letter and its corresponding lower case letter are
New passwords must differ from the old by at least three characters.
For comparison purposes, an upper case letter and its corresponding
lower case letter are equivalent.
One whose effective user ID is zero is called a super-user; see id(1),
and su(1). Super-users may change any password; hence, passwd does not
prompt super-users for the old password. Super-users are not forced to
comply with password aging and password construction requirements. A
super-user can create a null password by entering a carriage return in
response to the prompt for a new password. (This differs from passwd -d
because the "password" prompt will still be displayed.)
Any user may use the -s option to show password attributes for his or her
own login name.
The format of the display will be:
name status uid gid directory shell mm/dd/yy min max
or, if password aging information is not present,
name status uid gid directory shell
or, if the entry is from NIS,
name status directory shell
name The login ID of the user.
status The password status of name: "PS" stands for passworded or
locked, "LK" stands for locked, and "NP" stands for no
uid Numerical user ID
gid Numerical group ID
directory Initial working directory
shell program to use as Shell when the user logs in.
mm/dd/yy The date password was last changed for name. (Because all
password aging dates are determined using Greenwich Mean Time
and /etc/passwd stores the information in weeks, the date may
differ by as much as a week depending upon the local time
min The minimum number of days required between password changes
max The maximum number of days the password is valid for name.
Only a super-user can use the following options:
-l Locks password entry for name, preventing all logins to that
account, except via the rhosts(4) mechanism. Note that this
feature allows a denial of service attack that may require
booting from the miniroot to fix, as even the root accounts can
be locked out.
-d Deletes password for name. The login name will not be prompted
-n Set minimum field for name. The min field contains the minimum
number of days between password changes for name. If min is
greater than max, the user may not change the password. Always
use this option with the -x option, unless max is set to -1 or
0 (aging turned off). In that case, min need not be set.
-x Set maximum field for name. The max field contains the number
of days that the password is valid for name. The aging for
name will be turned off immediately if max is set to -1. If it
is set to 0, then the user is forced to change the password at
the next login session and aging is turned off. If max is less
than min, only the super-user can change this user's password.
-a Show password attributes for all entries. Use only with -s
option; name must not be provided.
-f Force the user to change password at the next login by expiring
the password for name.
-w The warn argument indicates the number of days before the
password expires that the user is warned. This option is
supported only when the shadow passwords are in use.
The behavior of the program is influenced by the content of
/etc/default/passwd if this file exists. The file is not supplied with
the system, but may be locally created and modified as need be. If the
file is not present, the default behaviors described below are followed.
The following items are recognized:
the number of previous passwords to retain in /etc/passwd.history
for each system user. The default behavior is to not retain any
(and to not create the file). Previously used passwords found in
the history file may not be reused until HISTORYCNT other passwords
have been used, or HISTORYDAYS have elapsed. The superuser may
supply any password for a user, including previously used ones.
This superuser supplied password is retained in the history file.
The maximum value is 25.
the number of days to retain and check for previously used
passwords. The default behavior is to not retain any (and to not
create the history file). The maximum value is 730 (approximately
two years). If HISTORYCNT has not been specified and this parameter
has been, HISTORYCNT is set to 25. Smaller values of HISTORYCNT may
the maximum number of weeks that the password is valid. The default
behavior is to not set a value. This is equivalent to the -x XX
command line arguments.
minimum number of weeks between password changes (part of password
aging). The default behavior is to not set a value. This is
equivalent to the -n XX command line arguments.
external program to be invoked to supply generated passwords. The
default behavior is to not have such a program. The program is
invoked in lieu of getting a password from the user. The user must
select one of the choices offered. The superuser may still supply
passwords, and is not presented with the generated passwords. The
program must be specified as a full pathname (starts with /). It
should produce the passwords on separate lines with a trailing new
line character on its stdout which is read by passwd and presented
to the user. Up to 20 generated passwords may be supplied by the
program. If it generates more than 20, an error message is printed
and no passwords are presented. No generating programs are supplied
with the system.
minimum length of an acceptable password. This defaults to 6, and
has a maximum value of 8.
external program to be invoked to validate a new password. The
default behavior is to not have such a program. The program is
invoked after the basic validation steps discussed above. It must be
specified as a full pathname (starts with /). The program receives
the new password in the clear, with a trailing new line, on its
standard input, which is closed after writing this one line. The
passwd program issues a wait(2) and obtains the exit status of the
external validation program. Exit status of 0 indicates the new
password is acceptable, all other status values indicate an error
and the new password is not accepted. Passwords being changed by the
superuser are not subject to this validation. No external
validation programs are supplied with the system.
number of weeks before password expiration to begin warning the
user. The default behavior is to not set a value. This is
equivalent to the -w XX comand line arguments.
Aging does not work with NIS entries, even if the password is locally
The passwd command will silently delete commented lines (lines beginning
with #) from /etc/passwd.
/etc/passwd, /etc/opasswd, /etc/.pwd.lock, /etc/shadow, /etc/oshadow,
id(1M), login(1), su(1M).
yppasswd(1) for NIS passwords.
crypt(3C), passwd(4), shadow(4).
The passwd command exits with one of the following values:
1 Permission denied.
2 Invalid combination of options.
3 File manipulation error.
4 Old password or shadow password file cannot be recovered.
5 Password file(s) busy. Try again later.
6 Invalid argument to option.
7 Unexpected failure. Password file unchanged.
8 Unknown login name.
9 Password aging is disabled.
PPPPaaaaggggeeee 5555 [ Back ]