Your organization may have a policy that requires changing the passwords of many users regularly. Doing this for each user with the "passwd" command can be overwhelming. But don't worry, the "chpasswd" command can save you.
The "chpasswd" command takes a list of usernames and passwords separated by a colon, either from the standard input or a file. It then encrypts the passwords based on specified options and sets them for the user accounts.
Syntax of chpasswd
To use the "chpasswd" command, you can follow this basic syntax:
chpasswd [options]
[username]:[password]
Option of chpasswd
The command can work without options, as long as you provide usernames and passwords in the given format. However, using options can offer more functionality and control.
Here are some common options used with "chpasswd":
-e, --encrypted: Encrypts passwords before storing them in the password file.
-c: Validates the password before storing it.
-m, --md5: Encrypts the password using the MD5 algorithm.
-R: Specifies the password file location.
-S: Displays the encrypted password to standard output instead of modifying the password file.
chpasswd Examples
The chpasswd command is a useful tool for managing passwords in bulk on Linux systems. It can be used to set up a new system or reset multiple passwords. Here are some practical examples of using chpasswd:
Update Passwords from Standard Input:
When you use chpasswd without any options, it reads a list of usernames and their corresponding new passwords from standard input and updates the system's password database.
To do this, follow these steps:
Step 1: Open the terminal and run the chpasswd command as a superuser (sudo) without any options:
# chpasswd
Step 2: Provide the list of current user names and their new passwords in the following format:
username:password
For instance, if you want to update passwords for three existing users, "nick," "stanley," and "victor," you can enter the information like this:
nick:Nick@12345
stanley:Stanley@12345
victor:Victor@12345
Note: It's essential to avoid using common words as passwords. If you do use a common word, the terminal will display an error: "BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word."
Step 3: Once you have provided the information for all users, press "ctrl+d" to indicate that the list is complete. The system will then update the passwords accordingly.
Update Passwords from a File
You can also update passwords in bulk using chpasswd by making a file with the usernames and passwords you want to update. The command will read the data from the file instead of asking for input directly.
To update passwords using a file with chpasswd, follow these simple steps:
Step 1: Create a file named "userpasswords.txt" using any text editor.
# vi userpasswords.txt
Step 2: In the file, list the usernames with their corresponding new passwords in this format:
username:password
For example:
nick:Nick@12345
stanley:Stanley@12345
victor:Victor@12345
Step 3: Save and close the file.
Step 4: To ensure the file has the correct data, you can view its contents using the "cat" command:
# cat userpasswords.txt
Step 5: Now, run the chpasswd command and redirect the data from the "userpasswords.txt" file using "<":
# chpasswd < userpasswords.txt
You won't see any output from the command, but it will have successfully updated the passwords for the specified users based on the information in the file.
Use Different Encryption Methods when Updating Passwords
By default, the chpasswd command uses a method called Pluggable Authentication Modules (PAM) to check users and encrypt their passwords. There are other encryption methods available, like bcrypt and SHA-512, but they are not as secure.
If you want to use a different encryption method, you can do it by adding the -c argument to the chpasswd command. For example, to switch from PAM to NONE encryption, follow these steps:
Step 1: Execute the command with the proper argument:
# chpasswd -c NONE
Step 2: Enter the username and the new password you want to set:
nick:Nick@12345
stanley:Stanley@12345
victor:Victor@12345
Step 3: Press ctrl + d to finish the input.
Switching to MD5 Encryption
You can also use a specific argument to quickly switch to another encryption method. For example, to use the MD5 algorithm, follow these steps:
Step 1: Run the -m argument with chpasswd:
# chpasswd -m
Step 2: Provide the username and the new password:
nick:Nick@12345
Step 3: Press ctrl + d to complete the entry.
Conclusion:
The chpasswd command is typically used by system admins or people responsible for managing users on a Linux PC or network. However, it's beneficial for anyone to learn about it, even if you are a regular user. In this discussion, we've covered various important options of this tool that you should know.