文章目录
1. passwd 命令说明
passwd:用于设置用户的认证信息,包括用户密码、密码过期时间、锁定用户密码等。基本信息如下:
Usage: passwd [OPTION...] <accountName>
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only)
-l, --lock lock the password for the named account (root only)
-u, --unlock unlock the password for the named account (root only)
-e, --expire expire the password for the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before
password expiration (root only)
-i, --inactive=DAYS number of days after password expiration when an
account becomes disabled (root only)
-S, --status report password status on the named account (root
only)
--stdin read new tokens from stdin (root only)
Help options:
-?, --help Show this help message
--usage Display brief usage message
参数如下:
选项 | 作用 |
---|---|
-k, --keep-tokens | 更新只能发送在过期之后 |
-d, --delete | 删除密码(root only) |
-l, --lock | 锁定账号密码(root only),相当于锁定了账号(密码不可用) |
-u, --unlock | 解锁账号密码(root only) |
-e, --expire | 强迫用户下次登录时必须修改密码(root only) |
-f, --force | 强制执行 |
-x, --maximum=DAYS | 指定密码最长存活期(root only) |
-n, --minimum=DAYS | 指定密码最短存活期(root only) |
-w, --warning=DAYS | 密码要到期提前警告的天数(root only) |
-i, --inactive=DAYS | 密码过期后多少天停用账户(root only) |
-S, --status | 显示密码信息(root only) |
–stdin | 从stdin读取新密码(root only) |
-?, --help | 显示帮助信息 |
–usage | 显示简短的使用信息 |
2. passwd 命令语法
passwd [OPTION...] <accountName>
3. passwd 命令示例
3.1 不加参数
不加参数时,可以修改当前用户的密码,但是必须知道当前用户的密码,且新密码需要符合密码策略。
[root@localhost home]# ls
aaa demo1 demo2 root2
[root@localhost home]# su root2
[root2@localhost home]$ passwd
Changing password for user root2.
Changing password for root2.
(current) UNIX password:
New password:
BAD PASSWORD: The password is too similar to the old one
New password:
[root2@localhost home]$ passwd demo2
passwd: Only root can specify a user name.
[root2@localhost home]$ su root
Password:
[root@localhost home]# passwd
Changing password for user root.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
管理员用户修改普通用户密码
passwd 很多命令是只有管理员才能执行的,使用 root 修改普通用户密码时,不需要原密码,也不用符合密码策略
[root@localhost home]# ls
aaa demo1 demo2 root2
[root@localhost home]# passwd demo2
Changing password for user demo2.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
3.2 -S(显示密码信息)
当然,也是 root 用户才可以用的参数。
[root2@localhost home]$ ls
aaa demo1 demo2 root2
[root2@localhost home]$ passwd -S demo2
Only root can do that.
[root2@localhost home]$ su root
Password:
[root@localhost home]# passwd -S demo2
demo2 PS 2024-04-15 0 99999 7 -1 (Password set, MD5 crypt.)
[root@localhost home]#
3.3 -l/-u(锁定/解锁密码)
[root@localhost home]# passwd -l demo2
Locking password for user demo2.
passwd: Success
[root@localhost home]# passwd -S demo2
demo2 LK 2024-04-15 0 99999 7 -1 (Password locked.)
[root@localhost home]# passwd -u demo2
Unlocking password for user demo2.
passwd: Success
[root@localhost home]# passwd -S demo2
demo2 PS 2024-04-15 0 99999 7 -1 (Password set, MD5 crypt.)
[root@localhost home]#
账户被锁了密码之后,切换用户是不能成功的。
[root2@localhost ~]$ su - demo2
Password:
su: Authentication failure
[root2@localhost ~]$
3.4 -d(删除密码)
[root@localhost home]# passwd -S demo2
demo2 PS 2024-04-15 0 99999 7 -1 (Password set, MD5 crypt.)
[root@localhost home]# passwd -d demo2
Removing password for user demo2.
passwd: Success
[root@localhost home]# passwd -S demo2
demo2 NP 2024-04-15 0 99999 7 -1 (Empty password.)
[root@localhost home]#
3.5 设置密码过期策略
可以使用 -x/-n/-w/-i 组合参数,举例设置密码有效期 1-30天,快过期3天前提示,过期5天后停用账户。
先查看改动前的参数
cat /etc/shadow
使用命令修改
passwd -n 1 -x 30 -w 3 -i 5 demo2
再查看密码状态
4. 总结
passwd,用于对账户密码进行删除、锁定、解锁、查看状态、设置过期等操作,一般需要 root 用户执行。