Linux Change Password
Are you a Linux user by any means either student or professional or learning UNIX or LINUX or Linux system admin in your early stage of career? Then this is the most basic but equally most important thing to know how you can do change passwords on Linux or UNIX. Linux Change Password is always required because due to increasing security threats most of the organizations have policies for password validity as a security standard.
There are many password complexity metrics that are being used to safeguard servers by organizations like password length, password expiry, and many others. Most of the organizations like financial organization, banks, and insurance firms, and even IT support organizations they have provision password to expire after every 90 days.
All the UNIX or LINUX Distributions have the same set of security standards. Few of the major UNIX or LINUX Distributions like Red Hat Enterprise Linux popularly referred to as RHEL, HP-UX, AIX, or Solaris. Linux change Password is going to be the same in any environment.
Types of Linux Users
Let us see what the provisions are under LINUX systems for user management. There is mainly three types of user that exist in all the environment.
- System Users/System ID
- Human Users/Users ID
- Application Users/Service ID
As the name suggests system users are the users who come by default with server build needs to run the operating system smoothly like root, NFS, or related to any system services.
Human users are authorized human users on the server for the specified purposes. For Example, any server gets build for a specific purpose and 100 users in that department all need to have access to the server for their due diligence of performing the assigned tasks. To keep server and data safe all organizations follow a set of rules to maintain passwords including password complexity and password expiration policy.
Application users also named Service Accounts. All Servers have service accounts that are not related to anyone human but broadly used by the application team and mostly they do not follow the password expiry standards because of the nature of the account. For example, if any batch has to be run until the server is live or you can say service business needs so password expiration will be a regular hurdle.
Unix/Linux: Local User Administration
There are basically 4 main files in Linux Related to User Management. Those files are as below. All files exist in /etc folder.
1. Password File
passwd file is present in /etc directory. The syntax of the Password file looks like below.
rajesh:x:1024:100:Rajesh Kumar – HR:/home/rajesh:/bin/bash
Let us briefly understand this. It contains 7 fields.
First Field: It is called Username: rajesh .this is id needs to be used for login purpose. We will see Linux change password for this ID later which is our ultimate goal of this post.
Second Field: X represents that this user has a password. This is also a security standard that there will be no user without a password in the server which opens the door for attackers.
3rd Field: 3rd field is called User is UID:1024 known as a User ID. All users in the system must have a UNIQUE ID.
Fourth Field: This is called GID:10 which is called Group ID. Many users can have the same group name for example if any group is created for any specific department users. So all users have unique IDs but the same group.
Fifth Field: We know this field as GECOS which means User Details in a simple way.
Sixth Field: This is called home folder for user>This folder is owned by the user itself. Users can read, write, and save content in this folder without any special permission.
7th Field: /bin/bash This field is known as the shell. There is the various shell you might be aware like bash which is the default shell in Linux while the sh shell is the default shell in UNIX.
2. Shadow File
The shadow file is also present in /etc directory and always in encrypted mode with no write permission for a normal user. This is the main file where our password gets stored. When you Linux Change Password this file only gets updated.
The syntax of this file is as below
UID:Encripted Password:90 Days Validity:10 Days before alert about password expiry.
Note: passwd file contains can be seen by the normal user but the normal user can not see the shadow file contents as mentioned earlier it is accessible with privilege id only.
Group file maintains a group name associated with group id.No two group names should have the same GID. Users can be part of any group.
The syntax of the group file is like below.
Group Name:x: GROUP ID: GROUP Members separated by a comma.
This file is really important which defines how users are getting authenticated to servers. The sample file looks like below.
[root@lnxprod01 rajesh]# cat /etc/nsswitch.conf
# # The entry ‘[NOTFOUND=return]’ means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry.
This is a truncated output of the file. You can see here files are referred in front of passwd, shadow, group which means for all three it refers local system file for authentication purpose.
So now we have a fair idea about files which is responsible for managing users in the UNIX Linux system. So we will return to our main objective of the post- Linux Change Password.
How to Change Linux Password
So now we have to see how to Linux Change Password. Remember user can change it,s own password but if you want to change the other’s password you need privilege access on servers which is normally given to system administrators based on RBAC (Role-Based Access Control) is addressed by sudoers file which is also normally available in /etc folder.
Linux Change Password for own account
After logging to the system you can simply type passwd command which will allow you to change your password. If the user is resetting or changing his password himself user needs to enter his current password and then a new password he wants to set and reconfirm before the password gets successfully updated. In all cases, linux change password command will be passwd only.
-bash-4.2$ passwd Changing password for user rajesh. Changing password for rajesh. (current) UNIX password: New password: Retype new password: passwd: all authentication tokens updated successfully. -bash-4.2$ Linux Change Password for User
If a password is getting changed or reset for any user by someone who has privilege access on the server say system administrator’s current password is not required. It can be directly reset for the user because the user have right to reset/set a password for any user in the system or create a user in the system. This is all about the linux change password of user.
[root@ lnxprod01]# passwd rajesh
Changing password for user rajesh.
New password: Retype new password:
passwd: all authentication tokens updated successfully.
Linux Change Root Password
We are going to see that how you can linux change root password so it is obvious that the user who is going to do linux change root password he must be having role assigned to do because the root is the superuser of all the UNIX and linux distributions.
Normally these privileges is granted to the system administrator or even few others may have been granted to do so.
passwd command can change root password also only difference is that the user is trying to reset or change the root password need to have the authority or you can say privilege to do so.
[root@ lnxprod01]# passwd root
Changing password for user root.
Retype new password:
passwd: all authentication tokens updated successfully. UNIX/LINUX Local User Administration is a different topic which needs separate discussion to discuss various commands like useradd, userdel, usermod, and chage commands can be discussed in detail.
That,s it about Linux Change Password. I hope we have discussed all that is intended in beginning and hope you like it. Please do let us know in case of any query you have about this post.
Request you to share as much as possible if you like the contents.
Below are a few other Linux related posts you can go through for making more familiar with Linux.
- How to Install uuencode In Linux
- How to Run FSCK Forcibly On Next Reboot in Linux
- How to Disable SELINUX in Linux
- How to fix Service Group Auto Disabled in VCS
- How to Fix Failover Service Group in VCS
- How to Identify HBA Cards Ports and WWN in Linux
- How to restart vxconfigd manually in VCS
- How to fix Resources not probed issues in VCS after upgrade
- How to Remove Veritas File Systems