Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to use the user password management commands passwd and change in Linux

2025-04-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to use the user password management commands passwd and change in Linux". In daily operation, I believe many people have doubts about how to use the user password management commands passwd and change in Linux. Xiaobian consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to use the user password management commands passwd and change in Linux". Next, please follow the editor to study!

Passwd

Modify a user's password

Parameters.

-k keep unexpired authentication token

-l close the account password. The effect is equivalent to usermod-L, and only root is entitled to use this item.

-u recover the account password. The effect is equivalent to usermod-U, and only root has the right to use it.

-g modify the group password. Equivalent command for gpasswd.

-f changes the user information accessed by the finger command.

-d turn off the password authentication function of the user, the user will not have to enter the password when logging in, and only users with root permission can use it.

-S displays the password authentication type of the specified user, which can only be used by users with root permission.

Passwd is a text file that contains a list of system accounts, giving some useful information about each account, such as user ID, group ID, home directory, shell, etc. Usually it also contains each user's encrypted password. It should usually be readable (many commands and tools like ls (1) use it for user Id to user name mapping), but only superusers are allowed to write.

In the good old days, there was no big problem with this general reading license. Everyone can read the encrypted password because the hardware is too slow to unlock a selected password. In addition, this is basically assumed to be used by friendly users. Now, many people run versions of shadow cipher suites that are * in the password field of / etc/passwd instead of encrypted passwords, encrypted passwords are placed in / etc/shadow, and that file can only be read by superusers.

Regardless of whether or not a shadow password is used, many system administrators use an asterisk in the encrypted password field to ensure that the user cannot authenticate his or her own password. (see note below)

If you create a new login, first put an asterisk in the password field, and then use passwd (1) to set it.

(password file) one record per line, and each line has the following format:

Account

Password:UID:GID:GECOS:directory:shell (account: password: user ID: group ID: general information: directory: shell)

The field description is as follows:

Account

The name of the user in the system, which cannot contain uppercase letters.

Password

Encrypted user password, or asterisk.

UID

The number of user ID.

GID

The number of primary group ID of the user.

GECOS

This field is optional and is usually set for the purpose of storing information. usually, it contains the full name of the user. GECOS means General Electric Integrated operating system (General Electric Comprehensive Operating System), which was changed to GCOS when part of GE's large system was sold to Honeywell. Dennis Ritchie reported: "sometimes when we send printed matter or batch work to the GCOS machine, the gcos field interrupts the message of the $IDENT card, which is not very beautiful." (I think it's too long.)

Directory

The user's $HOME directory.

Shell

The program that runs at login (if empty, use / bin/sh). If set to an execution that does not exist, the user cannot log in through login (1).

Be careful

If you want to create a user group, their GID must be equal and must be a record in / etc/group, otherwise the group does not exist.

If the encryption password is set to an asterisk, users will not be able to log in with login (1), but they can still log in with rlogin (1), run existing processes and start new ones through programs such as rsh (1) or cron (1) or at (1) or mail filter. Try to change the shell simply

The result of locking a user is the same, and the permission to use su (1) is attached.

Example:

The code is as follows:

[root@Blackghost ~] passwd zhangying # change the password for zhangying

Chage

Password invalidation is managed by this command.

Parameter meaning:

The minimum number of days that the-m password can be changed. 00:00 means you can change the password at any time.

The maximum number of days that the-M password remains valid.

-the number of days before the W user's password expires that the warning message is received in advance.

-the date when the E account expires. After this day, this account will not be available.

-d date last changed

-I period of stagnation. If a password has expired these days, then this account will not be available.

-l exemplifies the current settings. It is up to unprivileged users to determine when their passwords or accounts expire.

Example 1:

The code is as follows:

[root@localhost ~] # chage-l zhangy # View user password settings

Last password changed: April 27, 2013

Password expiration time: never

Password expiration time: never

Account expiration time: never

The minimum number of days between two password changes:-1

The maximum number of days between two password changes:-1

Number of days to warn before password expiration:-1

The code is as follows:

[root@localhost ~] # chage-M 90 zhangy # password is valid for 90 days

The code is as follows:

[root@localhost ~] # chage-d 0 zhangy # force users to change password when logging in

The code is as follows:

[root@localhost ~] # chage-d 0-m 0-M 90-W 15 zhangy # forces the user to change the password when logging in next time, and sets the minimum validity period of the password 0 and the maximum limited period of 90, and issues an alarm 15 days in advance

Example 2:

The code is as follows:

# chage-E '2014-09-30' test # test this account is valid for 2014-09-30

At this point, the study on "how to use the user password management commands passwd and change in Linux" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report