Friday, November 15, 2024
Google search engine
HomeSecurity & Testingchpasswd Command in Linux with Examples

chpasswd Command in Linux with Examples

Introduction

The chpasswd command allows updating the passwords of multiple users one at a time or in bulk. Even though the passwd command is a go-to tool for changing individual Linux user passwords, the chpasswd utility is helpful when multiple changes are necessary.

This tutorial will show you how to use the chpasswd command in Linux with examples.

chpasswd Command in Linux with Exampleschpasswd Command in Linux with Examples

Prerequisites

  • A Linux system (this tutorial uses Ubuntu 22.04).
  • Access to the terminal.
  • Root or sudo privileges.
  • A text editor of your choice (this tutorial uses Vim).

chpasswd syntax

The basic syntax for the chpasswd command is:

chpasswd [options]
[username]:[password]

The chpasswd works without any options, as long as the user provides usernames and passwords as shown in the syntax. Arguments are not mandatory, but they provide additional functionality.

chpasswd Options

Sysadmins use several options to adjust how chpasswd works. The most common options are listed below:

Option Description
-e, --encrypted Encrypts passwords before storing in the password file.
-c Validates the password before it is stored.
-m, --md5 Encrypts the password using the MD5 algorithm.
-R Specifies the password file location.
-S Displays the encrypted password to standard output instead of modifying the password file.
-c, --crypt-method Specifies the method to be used for encrypting the password. Available methods include MD5, DES, SHA256, SHA512, and NONE.
-p Specifies the prefix for the crypt(3) algorithm, such as $6$ for SHA512-CRYPT, $5$ for SHA256-CRYPT, and $2a$ for Blowfish.
-s, --sha-rounds Uses the Blowfish encryption algorithm for the password with a minimum value of 1000 and a maximum value of 999,999,999. This option only works with the SHA256 or SHA512 crypt method.
-h, --help Displays the help message and exits.

chpasswd Examples

The chpasswd command is the primary tool for bulk-managing passwords on Linux systems. Therefore, the utility is useful for setting up a new system or resetting hundreds of passwords. The following instructions provide practical examples of using the chpasswd command.

Note: The chpasswd command updates passwords for current users. To add a new user, use the adduser command. Running chpasswd for nonexistent users results in an error message.

Update Passwords from Standard Input

When used without any options, chpasswd reads a list of user names and corresponding new passwords from standard input and updates the system’s password database with the new values.

To use chpasswd in this way, follow these steps:

1. Run the chpasswd command as sudo without any options:

sudo chpasswd

2. Provide the list of current user names and new passwords to be updated. The syntax is:

username:password

For example, to update passwords for three existing users, pnapuser1, pnapuser2, and pnapuser3, run:

pnapuser1:newpassword1

pnapuser2:newpassword2

pnapuser3:newpassword3
sudo chpasswd input passwordssudo chpasswd input passwords

Note: Do not use common words as passwords. When that happens, the terminal prints an error: BAD PASSWORD: The password fails the dictionary check – it is based on a dictionary word.

3. Hit ctrl+d to confirm that the list is complete.

Update Passwords from a File

Another way to bulk-update passwords with chpasswd is to create a file with current usernames and passwords to be updated. The command reads data from the file and not from the standard input.

To update passwords this way, follow these steps:

1. Create a file in Vim called mypasswords.txt with:

vim mypasswords.txt

2. List the three usernames with new passwords in the document:

pnapuser1:newpassword01

pnapuser2:newpassword02

pnapuser3:newpassword03
update usernames and passwords in vimupdate usernames and passwords in vim

3. Save and exit the file.

4. Verify the file contents with cat:

cat mypasswords.txt
The cat command mypasswords terminal outputThe cat command mypasswords terminal output

5. Run chpasswd by redirecting data from the mypasswords.txt file using <:

sudo chpasswd < mypasswords.txt
sudo chpasswd mypasswords terminal outputsudo chpasswd mypasswords terminal output

The command prints no output.

Use Different Encryption Methods when Updating Passwords

By default, the chpasswd command uses the Pluggable Authentication Modules (PAM) library to authenticate users and encrypt passwords. Alternative encryption methods like bcrypt and SHA-512 exist, but are considered less secure.

To change the encryption method, use the argument -c with chpasswd. For instance, to change the encryption method from PAM to NONE, follow these steps:

1. Execute the command with the appropriate arguments:

sudo chpasswd -c NONE
sudo chpasswd c terminal outputsudo chpasswd c terminal output

2. Input the username and password to update:

pnapuser1:newpassword11

pnapuser2:newpassword12

pnapuser3:newpassword13
sudo chpasswd -c input usernames and passwordssudo chpasswd -c input usernames and passwords

3. Hit ctrl + d to complete the entry.

Switch to MD5 Encryption

Use a predetermined argument as a shortcut to changing encryption. For instance, to switch to the MD5 algorithm, follow these steps:

1. Run the -m argument with chpasswd:

sudo chpasswd -m

2. Provide username and password.

pnapuser:newpassword111
sudo chpassw -m input username and password terminal outputsudo chpassw -m input username and password terminal output

3. Hit ctrl + d to finish the entry.

Conclusion

After reading this tutorial, you know how to change passwords for multiple users at once using the chpasswd command.

Next, learn how to reset or change the root password in Ubuntu.

Was this article helpful?
YesNo

RELATED ARTICLES

Most Popular

Recent Comments