Linux User Password

Education is not limited to just classrooms. It can be gained anytime, anywhere... - Ravi Ranjan (M.Tech-NIT)

Linux User Password

This chapter tells you about the local users password. You will learn here to change the password, set the password using different methods.

First method is by using passwd command.

Second method is with openssel passwd command.


Using passwd command

passwd

A user can set the password with the command passwd. Old password has to be typed twice before entering the new one.

Syntax:

  1. passwd  

Linux User Password1

Look at the above snapshot, shell warns the user from creating a simple password. Ultimately, after two or three attempts if password is not changed then the command passwd fails and you have to pass the command again.

Although, these rules are not applied on the root user neither they need to type the old password. They can change the password directly.

Syntax:

passwd <userName>

Example:

  1. passwd jtp  

Linux User Password2

Look at the above snapshot, password is changed successfully without any warning.


Shadow File

Shadow files are the encrypted user passwords which are kept in /etc/shadow. This file is read-only directory and can be read only by root.

Syntax:

/etc/shadow

Linux User Password3

Look at the above snapshot, the /etc/shadow file contains nine columns separeted by colons.

Starting from left to right, these nine columns contain username, encrypted password, last changed password day, number of days password must be left unchanged, password expiry day, warning number of days before password expiry, number of days after expiry before disabling the account, and the day account was disabled. Last column has no meaning yet.


Encryption With passwd

Passwords are always stored in encrypted format. Encryption is done with crypt function. The simplest way to add a user with a password is to add the user with the command useradd -m and then set the user's password with command passwd.

Syntax:

useradd -m <userName>

Example:

useradd -m akki 

Syntax:

passwd <typePassword> 

Example:

  1. passwd ****  

Linux User Password4

Look at the above snapshot, user name akki is created with a password successfully.

Using openssl passwd

Encryption With openssl

To create a user with a password -p option is also used, but that requires an encrypted password.

Thid encrypted password can be generated with openssl passwd command.

openssl passwd command can genereate several distinct hashes for the same pssword. To do this, it uses salt.

 

Linux User Password5

This salt can be chosen and is visible as the first two characters of the hash as shown below.

Linux User Password6

Look at the above snapshot, the first two characters start from the defined sale '32'.

To create a user with password using openssl command, following syntax is used.

Syntax:

  1. useradd -m -p $(openssl paeewd hunter2) <userName>  

Example:

useradd -m -p $(openssl paeewd hunter2) aaa 

Linux User Password7

Look at the above snapshot, user aaa is created and its password is kept into command history.


/etc/login.defs

The /etc/login.defs file contains some default settings like password aging and length settings.,

Syntax:

grep PASS /etc/login.defs 

Linux User Password8


chage

The chage command can be used by a user to know the information about their password. The -l option is used to list the information.

Syntax:

chage -l <userName>

Example:

  1. chage -l abc  

Linux User Password9


Disabling A Password

Passwords in /etc/shadow are not saved starting with exclamation mark (!). If exclamation mark is present in starting then password can not be used.

This feature can be used to disable a password and the process is called locking, disabling and suspending a user account. It can be done in vi or with usermod command.

Here, we'll disable the password of akki with usermod command.

Syntax:

usermod -L <userName>

Example:

  1. usermod -L akki  

Linux User Password10

Look at the above snapshot, first command shows hashed password of akki, and command "usermod -L akki" disables the password of akki. Now user akki can't authenticate using this password.

Linux User Password11

Look at the above snapshot, hashed password is preceded with !, which means it is disabled.

Please note that root user will be able to open the akki account as password is not needed here. And if user akki wouldn't have set password, then akki can also login.

You can unlock your account with usermod -U.

Syntax:

usermod -U <userName>

Example:

usermod -U akki

Linux User Password12

Look at the above snapshot, hashed password of akki is unlocked now as there is no (!) mark in starting.