Linux force user to change password

Linux: Force Users To Change Their Passwords Upon First Login

[donotprint]

Tutorial details
Difficulty level	Easy
Root privileges	Yes
Requirements	None
Est. reading time	1m

[/donotprint][a] usermod command – Modify various user account properties including user password expiry information.
Where, [b] chage command – Change user password expiry information

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Task: Use chage command to force users to chage their password upon first login

Use the following syntax to force a user to change their password at next logon on a Linux:

# chage -d 0 < user-name >
In this example, force tom to change his passsword at next logon, enter:
# chage -d 0 tom

• -d 0 : Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD. By setting it to zero, you are going to force user to change password upon first login.

Further readings:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Category	List of Unix and Linux commands
Documentation	help • mandb • man • pinfo
Disk space analyzers	df • duf • ncdu • pydf
File Management	cat • cp • less • mkdir • more • tree
Firewall	Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Linux Desktop Apps	Skype • Spotify • VLC 3
Modern utilities	bat • exa
Network Utilities	NetHogs • dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtop
Searching	ag • grep • whereis • which
Shell builtins	compgen • echo • printf
Text processing	cut • rev
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

Comments on this entry are closed.

Very useful tip!
I’ll use it.

Excellent tip for livecds… Thanks!!

Great …….. Very Useful

Task: Use chage command to force users to chage their password upon first login

Use the following syntax:
chage -d 0
# chage -d 0 tom

Hello out there! Must be something wrong with the spelling (chage)??

RRRolle, there is nothing wrong with the spelling. ‘chage’ is correct. You are changing the aging attributes of the account — when the password expires, how long between required password changes, etc. chage -l will give this information:

# chage -l nagios
Last password change : Sep 17, 2010
Password expires : Nov 16, 2010
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 60
Number of days of warning before password expires : 7

Hi,
I am a new Linux user and I created users and set their password to expire and force them to change password on their first log in, I tried on one user ,it prompted me to enter current password and when i typed current password the screen usually sleeps. Can anyone advise?

very useful tip, thanks alot

One method that is easier than doing the math required by the above solutions is:
passwd -e username

This forces an immediate expiration, and forces a password change on the next login. I use it each time I create a user.

Hope this helps!

Hey, is there a way to configure this so that the operating system does it automatically so an admin doesn’t have to go through all the users and run these commands?

Источник

How to Force User to Change Password at Next Login in Linux

In our last article, we’ve explained you how to change user password expiry information in Linux, where we looked at different examples of the chage command. In this article, we will elaborate on how to forcefully make a user to change his/her password at the next login in Linux.

Note that if you have just created a user account with a default password, you can also use this trick to force that user to change their password upon the first login.

There are two possible ways to achieve this, as described in detail, below.

Using passwd Command

To force a user to change his/her password, first of all the password must have expired and to cause a user’s password to expire, you can use the passwd command, which is used to change a user’s password by specifying the -e or —expire switch along with username as shown.

Next verify the user ravi’s password expiration and aging information with the chage command as shown.

Check User Password Expiration Information

After running the passwd command above, you can see from the output of the chage command that the user’s password must be changed. Once the user ravi tries to login next time, he will be prompted to change his password before he can access a shell as shown in the following screen shot.

User Forced to Change Password

Using chage Command

Alternatively, you can use the chage command, with the -d or —lastday option which sets the number of days since January 1st, 1970 when the password was last changed.

Now to set the password expiry of user, run the following command by specifying the day to zero (0), means that the password has not been changed since the above date (i.e. January 1st, 1970), so the password has literally expired and needs to be changed immediately before the user can access the system again.

Next check the user ravi’s password expiration and aging information with the chage command using -l option as shown.

Check Password Expiration Information

Here are some additional user management guides for you.

Conclusion

It is always recommended to remind users to change their account passwords regularly for security reasons. In this article, we have explained two ways to force users to change their password in the next login. You can ask any questions via the comment form below.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

We are thankful for your never ending support.

Источник

How To Linux Set or Change User Password

Linux Set User Password

Type following passwd command to change your own password:
$ passwd
Sample Outputs:

The user is first prompted for his/her old password if one is present. This password is then encrypted and compared against the stored password. The user has only one chance to enter the correct password. The super user is permitted to bypass this step so that forgotten passwords may be changed. A new password is tested for complexity. As a general guideline, passwords should consist of 10 to 20 characters including one or more from each of following sets:

1. Lower case alphabetics
2. Upper case alphabetics
3. Digits 0 thru 9
4. Punctuation marks/spacial characters

Linux change password for other user account

You need to login as the root user, type the following command to change password for user vivek:
# passwd vivek
OR
$ sudo passwd vivek
Sample putput:

• vivek – is username or account name.

Passwords do not display to the screen when you enter them. For example:

Linux changing user password using passwd

Linux Change Group Password

When the -g option is used, the password for the named group is changed. In this example, change password for group sales:
# passwd -g sales
The current group password is not prompted for. The -r option is used with the -g option to remove the current password from the named group. This allows group access to all members. The -R option is used with the -g option to restrict the named group for all users.

Changing user passwords on Linux

As a Linux system administrator (sysadmin) you can change password for any users on your server. To change a password on behalf of a user:

1. First sign on or “su” or “sudo” to the “root” account on Linux, run: sudo -i
2. Then type, passwd tom to change a password for tom user
3. The system will prompt you to enter a password twice

To change or set a new root (superuser) password type:
$ sudo passwd

Forcing Linux user to change password at their next login

By default, Linux passwords never expire for users. However, we can force users to change their password the next time they log in via GUI or CLI methods. The syntax is straightforward:
$ sudo passwd -e
$ sudo passwd —expire
Let us immediately expire an account’s password:
$ sudo passwd -e marlena
The system will confirm it:

When user try to login via ssh command, they will see the following on screen:

Locking and Unlocking user password of the named account

Note that the following local command does not disable the account. The user may still be able to login using another authentication token, such as an SSH key. To disable the account, administrators should use either usermod —expiredate 1 or sudo passwd —expire command. Also, users with a locked password are not allowed to change their password to get around the security policy set by sysadmin.

We can lock the password as follows:
$ sudo passwd -l
This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ! at the beginning of the password in the /etc/shadow file. Want to unlock the password, try:
$ sudo passwd -u
The above command option re-enables a password by changing the password back to its previous value. In other words, to the value before using the -l option.

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

A note about setting up a secure Linux password

Compromises in password security typically result from careless password selection. Avoid common password such as:

1. Words which appears in a dictionary
2. Your first and last name
3. Pet names
4. Kids or spouses names
5. License number
6. Date of birth (DoB)
7. Home or office address

I strongly recommend that you generate a unique password for all user accounts using your chosen password manager.

Conclusion

The passwd command line utility is used to update or change user’s password. The encrypted password is stored in /etc/shadow file and account information is in /etc/passwd file. To see all user account try grep command or cat command as follows:
$ cat /etc/passwd
$ grep ‘^userNameHere’ /etc/passwd
$ grep ‘^tom’ /etc/passwd
The guidance given in this quick tutorial should work with any Linux distribution, including Alpine, Arch, Ubuntu, Debian, RHEL, Fedora, Oracle CentOS, SUSE/OpenSUSE and other popular Linux distros.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник