Home > Package & System Management > chpasswd

chpasswd: Batch Change User Passwords

The chpasswd command is used to update the passwords of multiple user accounts in a batch. It is particularly useful in scripted or automated environments for setting or changing a large number of passwords. The input is expected in the format 'username:password'.

Overview

chpasswd reads data in the 'username:password' format from standard input or a file and updates the passwords for the corresponding users. This command typically requires root privileges and is essential for automating password management in large user environments.

Key Features

  • Batch password change functionality
  • Suitable for scripting and automation
  • Reads data from standard input or files
  • Requires root privileges

Key Options

The chpasswd command offers several important options related to password processing.

Password Processing

Generated command:

Try combining the commands.

Description:

`chpasswd` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Various scenarios for changing passwords using the chpasswd command.

Change Single User Password

echo 'testuser:newpassword123' | sudo chpasswd

Change a single user's password by piping the output of the echo command. This method is useful in scripts.

Change Multiple User Passwords from a File

cat users.txt
# Contents of users.txt:
# user1:pass123
# user2:pass456
sudo chpasswd < users.txt

Create a file named users.txt with multiple lines in the 'username:password' format, then provide it as input to chpasswd for batch changes.

Using Already Encrypted Passwords

echo 'user3:$6$rounds=5000$saltsalt$hashedpasswordexample' | sudo chpasswd -e

If passwords are already in an encrypted (hashed) format, use the -e (or --encrypted) option to prevent chpasswd from re-encrypting them. In this case, the passwords must match the format in /etc/shadow.

Change Password with a Specific Encryption Method

echo 'user4:securepass' | sudo chpasswd --crypt-method SHA512

Hash plain-text passwords using a specific encryption method (e.g., SHA512) for the change. The -e option is not used in this case.

Tips & Precautions

Tips and precautions for using the chpasswd command safely and efficiently.

Security Considerations

Passwords are sensitive information, so please be mindful of the following:

  • **Root Privileges**: chpasswd modifies system passwords and must be run with root privileges.
  • **History Prevention**: Directly entering passwords like `echo 'user:pass' | sudo chpasswd` can leave them in the shell history. It is recommended to clear history (`unset HISTFILE` or `history -c`) or use the file input method.
  • **File Permissions**: Files containing passwords must have permissions set so that only the owner (root) can read them (e.g., `chmod 600 users.txt`).
  • **Temporary Files**: If using temporary files to pass passwords in scripts, ensure they are securely deleted after the operation is complete.

Input Format

chpasswd only recognizes the 'username:password' format. Other formats may cause errors.

  • Each line must be a single username:password pair.
  • Separate the username and password with a colon (:).

Encryption Methods

By default, chpasswd uses the system's default encryption method. You can force a specific method using the `--crypt-method` option, but ensure this aligns with your system's security policies.

Same category commands

acl

ACL: Access Control List Management

anacron

anacron: Run periodic commands when the system is not running

ansible

ansible: Remote Server Management and Automation

apropos

apropos: Search Manual Pages

apt

APT (Advanced Package Tool) Command Guide