Introduction
The chpasswd command allows updating the passwords of multiple users one at a time or in bulk. Even though the passwd command is a go-to tool for changing individual Linux user passwords, the chpasswd utility is helpful when multiple changes are necessary.
This tutorial will show you how to use the chpasswd command in Linux with examples.
Prerequisites
- A Linux system (this tutorial uses Ubuntu 22.04).
- Access to the terminal.
- Root or sudo privileges.
- A text editor of your choice (this tutorial uses Vim).
chpasswd syntax
The basic syntax for the chpasswd command is:
chpasswd [options]
[username]:[password]The chpasswd works without any options, as long as the user provides usernames and passwords as shown in the syntax. Arguments are not mandatory, but they provide additional functionality.
chpasswd Options
Sysadmins use several options to adjust how chpasswd works. The most common options are listed below:
| Option | Description |
|---|---|
-e, --encrypted |
Encrypts passwords before storing in the password file. |
-c |
Validates the password before it is stored. |
-m, --md5 |
Encrypts the password using the MD5 algorithm. |
-R |
Specifies the password file location. |
-S |
Displays the encrypted password to standard output instead of modifying the password file. |
-c, --crypt-method |
Specifies the method to be used for encrypting the password. Available methods include MD5, DES, SHA256, SHA512, and NONE. |
-p |
Specifies the prefix for the crypt(3) algorithm, such as $6$ for SHA512-CRYPT, $5$ for SHA256-CRYPT, and $2a$ for Blowfish. |
-s, --sha-rounds |
Uses the Blowfish encryption algorithm for the password with a minimum value of 1000 and a maximum value of 999,999,999. This option only works with the SHA256 or SHA512 crypt method. |
-h, --help |
Displays the help message and exits. |
chpasswd Examples
The chpasswd command is the primary tool for bulk-managing passwords on Linux systems. Therefore, the utility is useful for setting up a new system or resetting hundreds of passwords. The following instructions provide practical examples of using the chpasswd command.
Note: The chpasswd command updates passwords for current users. To add a new user, use the adduser command. Running chpasswd for nonexistent users results in an error message.
Update Passwords from Standard Input
When used without any options, chpasswd reads a list of user names and corresponding new passwords from standard input and updates the system’s password database with the new values.
To use chpasswd in this way, follow these steps:
1. Run the chpasswd command as sudo without any options:
sudo chpasswd2. Provide the list of current user names and new passwords to be updated. The syntax is:
username:passwordFor example, to update passwords for three existing users, pnapuser1, pnapuser2, and pnapuser3, run:
pnapuser1:newpassword1
pnapuser2:newpassword2
pnapuser3:newpassword3
Note: Do not use common words as passwords. When that happens, the terminal prints an error: BAD PASSWORD: The password fails the dictionary check – it is based on a dictionary word.
3. Hit ctrl+d to confirm that the list is complete.
Update Passwords from a File
Another way to bulk-update passwords with chpasswd is to create a file with current usernames and passwords to be updated. The command reads data from the file and not from the standard input.
To update passwords this way, follow these steps:
1. Create a file in Vim called mypasswords.txt with:
vim mypasswords.txt2. List the three usernames with new passwords in the document:
pnapuser1:newpassword01
pnapuser2:newpassword02
pnapuser3:newpassword03
4. Verify the file contents with cat:
cat mypasswords.txt
5. Run chpasswd by redirecting data from the mypasswords.txt file using <:
sudo chpasswd < mypasswords.txt
The command prints no output.
Use Different Encryption Methods when Updating Passwords
By default, the chpasswd command uses the Pluggable Authentication Modules (PAM) library to authenticate users and encrypt passwords. Alternative encryption methods like bcrypt and SHA-512 exist, but are considered less secure.
To change the encryption method, use the argument -c with chpasswd. For instance, to change the encryption method from PAM to NONE, follow these steps:
1. Execute the command with the appropriate arguments:
sudo chpasswd -c NONE
2. Input the username and password to update:
pnapuser1:newpassword11
pnapuser2:newpassword12
pnapuser3:newpassword13
3. Hit ctrl + d to complete the entry.
Switch to MD5 Encryption
Use a predetermined argument as a shortcut to changing encryption. For instance, to switch to the MD5 algorithm, follow these steps:
1. Run the -m argument with chpasswd:
sudo chpasswd -m2. Provide username and password.
pnapuser:newpassword111
3. Hit ctrl + d to finish the entry.
Conclusion
After reading this tutorial, you know how to change passwords for multiple users at once using the chpasswd command.
Next, learn how to reset or change the root password in Ubuntu.
