passwd命令修改密码
介绍 (Introduction)
Linux passwd command changes a user’s password. A user can only change his/her own password but the root/superuser may change any user’s password.
Linux passwd命令更改用户密码。 用户只能更改自己的密码,但root / superuser可以更改任何用户的密码。
Let’s look at the Linux man page to understand the usage of this command. This is done by typing in the following command:
让我们看一下Linux手册页,以了解此命令的用法。 通过键入以下命令来完成此操作:
$ man passwd
Linux中的密码 (Passwords in Linux)
The traditional method of storing passwords in a UNIX based system involved storing the information in/etc/passwdfile.
在基于UNIX的系统中存储密码的传统方法包括将信息存储在/ etc / passwd文件中。
This file, however, was accessed by many programs and hence posed a security risk.
但是,该文件已被许多程序访问,因此存在安全风险。
Nowadays,/etc/passwd
file only contains essential user info required at login and authentication.
如今,/etc/passwd
文件仅包含登录和身份验证所需的基本用户信息。
The actual encrypted version of the password is stored in a separate file –/etc/shadow
. This file can only be accessed by the root user.
密码的实际加密版本存储在单独的文件/etc/shadow
。 该文件只能由root用户访问。
file looks as follows:/etc/passwd
passwd file contents
Each line of the file contains general user information about a certain program or user. The fields are separated by:
.
These field are as follow:
Username (upto 8 characters)x to denote the password, which is stored in the/etc/shadow
file in encrypted format.Numeric User ID.Numeric Group ID.Full username.Path of the home directory.Path of the preferred shell. ("/bin/bash"
)
文件如下所示:/etc/passwd
passwd文件内容
文件的每一行都包含有关某个程序或用户的一般用户信息。 这些字段用:
分隔。
这些字段如下:
用户名(最多8个字符) x表示密码,该密码以加密格式存储在/etc/shadow
文件中。 数字用户ID。 数字组ID。 完整的用户名。 主目录的路径。 首选外壳的路径。 ("/bin/bash"
)/etc/shadow
file looks as follows (requires root access):
shadow file contents
This file contains account and password information. The fields are separated by:
.
The fields corresponding user account information are as follow:
Username (upto 8 characters)The second field contains the encrypted password and is divided into sub-fields (separated by$
character).The first sub-field denotes the encryption algorithm used:
Second sub-field contains the salt value used during the encryption process. Third sub-field contains the encrypted password.
Number of days since the password was changed.Number of days before password may be changed (0 indicates it may be changed at any time).Number of days after which password must be changed.Number of days prior to the expiration of the password, that the user must be warned.Number of days after which the account is disabled after a password has expired.Days since Jan 1, 1970 that the account has been inactive or disabled.Reserve field for extra information./etc/shadow
文件如下所示(需要root访问):
影子文件内容
此文件包含帐户和密码信息。 这些字段用:
分隔。
对应于用户帐户信息的字段如下:
用户名(最多8个字符) 第二个字段包含加密的密码,并分为多个子字段(以$
字符分隔)。第一个子字段表示使用的加密算法:
第二个子字段包含加密过程中使用的盐值。 第三子字段包含加密的密码。
更改密码以来的天数。 可以更改密码的天数(0表示可以随时更改)。 必须更改密码的天数。 密码到期前的天数,必须警告用户。 密码过期后帐户被禁用的天数。 自1970年1月1日以来,该帐户已无效或已禁用的天数。 保留字段以获取更多信息。
Linux password命令语法 (Linux password Command Syntax)
$ passwd [options]... [LOGIN]...
1.更改当前用户的密码 (1. Changing Current User’s password)
Typing Passwd Comand
输入Passwd Comand
Typing passwd prompts the user to first enter the current password. User only gets one chance the type in the correct password. If the password entered is incorrect or cannot be changed at the time, the terminal displays an error and exits.
键入passwd会提示用户首先输入当前密码。 用户只有一次输入正确密码的机会。 如果输入的密码不正确或当时无法更改,则终端显示错误并退出。
Passwd Authentication Error
密码验证错误
Once the password is entered, it is encrypted and matched against the stored encrypted password. The user is then prompted to enter the new password twice. Both passwords need to be sufficiently complex and match each other in order to be accepted as valid passwords.
输入密码后,它将被加密并与存储的加密密码匹配。 然后提示用户两次输入新密码。 两个密码都必须足够复杂并且彼此匹配,才能被接受为有效密码。
Entering New Password
输入新密码
An error is displayed if the new password resembles the old one closely.
如果新密码与旧密码非常相似,则会显示错误。
Once every criterion is met, the password for the current user is changed successfully.
一旦满足每个条件,就可以成功更改当前用户的密码。
New Password Set
新密码集
2.更改其他用户的密码 (2. Changing another User’s password)
The following command is used to change the password of another user:
以下命令用于更改其他用户的密码:
$ sudo passwd adam
Since root access is required to change passwords of other users, the terminal prompts the user to enter the password. The process to change the password for other users is same as the current user.
由于需要root用户访问权限才能更改其他用户的密码,因此终端会提示用户输入密码。 更改其他用户密码的过程与当前用户相同。
Linux passwd命令选项 (Linux passwd Command Options)
-dor–deleteoption deletes the user’s password. It sets the user’s account passwordless.-d或–delete选项删除用户密码。 它将用户帐户设置为无密码。-eor–expireoption immediately expires user’s password. This can force them to change their password.-e或–expire选项将立即使用户密码失效。 这可以迫使他们更改密码。-hor–helpoption displays the help message and exits.-h或–help选项显示帮助消息并退出。-lor–lockoption locks the password of the named account by adding a ‘!’ at the beginning of the password. This prevents the encrypted hash to be successfully matched against stored hash. Users with locked passwords cannot change their passwords.-l或–lock选项通过添加“!”来锁定命名帐户的密码。 在密码开头。 这样可以防止将加密的哈希与存储的哈希成功匹配。 密码锁定的用户无法更改其密码。-i [INACTIVE_DAYS]or–inactive [INACTIVE_DAYS]option disables an account after the password has expired for a number of days.-i [INACTIVE_DAYS]或–inactive [INACTIVE_DAYS]选项会在密码过期数天后禁用帐户。Passwd Inactive Option
密码无效选项
-n [MIN_DAYS]or–mindays [MIN_DAYS]option sets minimum number of days between password changes. A value of0
suggests a password can be changed anytime.-n [MIN_DAYS]或–mindays [MIN_DAYS]选项设置两次密码更改之间的最少天数。 值为0
表示可以随时更改密码。
Passwd Mindays Option Example
Passwd Mindays选项示例
-r [REPOSITORY]or–repository [REPOSITORY]option sets password for a particular repository.-r [REPOSITORY]或–repository [REPOSITORY]选项设置特定存储库的密码。-Sor–statusdisplays account status information.-S或–status显示帐户状态信息。
passwd status option example
passwd状态选项示例
The output is split into different fields as shown above. The first field shows the name of the current user.
如上所示,输出分为多个字段。 第一个字段显示当前用户的名称。
The second field shows if the user has a usable password (P), locked password (L) or no password (NP).
第二个字段显示用户是否具有可用密码(P),锁定密码(L)或无密码(NP)。
The third field shows the last date of the password change. The next few fields show the minimum age, maximum age, warning period and inactivity period of password respectively.
第三个字段显示密码更改的最后日期。 接下来的几个字段分别显示密码的最小期限,最大期限,警告期限和不活动期限。
-aor–alloption shows the status for all users. It can only be used with-S.-a或–all选项显示所有用户的状态。 它只能与-S一起使用。-uor–unlockoptions unlocks a locked password and sets to to it’s previous value.-u或–unlock选项可解锁锁定的密码,并将其设置为先前的值。-w [WARN_DAYS]or–warndays [WARN_DAYS]option sets the number of days a warning is displayed before the password needs to be changed.-w [WARN_DAYS]或–warndays [WARN_DAYS]选项设置在需要更改密码之前显示警告的天数。
passwd warndays options example
passwd warndays选项示例
-xor–maxdays [MAX_DAYS]option sets the maximum number of days a password remains valid. After that, password needs to be changed.-x或–maxdays [MAX_DAYS]选项设置密码保持有效的最大天数。 之后,需要更改密码。
passwd maxdays option example
passwd maxdays选项示例
结论 (Conclusion)
Linux passwd command is a basic but important command. It can be used to handle essential user information and authentication upon logging in the system and performing various tasks in the terminal like installing packages and accessing certain directories.
Linux passwd命令是一个基本但重要的命令。 它可以用于在登录系统并在终端中执行各种任务(如安装软件包和访问某些目录)时处理必要的用户信息和身份验证。
翻译自: /31647/linux-passwd-command-change-user-password
passwd命令修改密码