Startpagina > Pakket- en systeembeheer > chpasswd

chpasswd: Batch change user passwords

The chpasswd command is used to update the passwords of multiple user accounts in a batch. It is particularly useful in scripts or automated environments for setting or changing a large number of passwords. The input is expected in the format 'username:password'.

Overview

chpasswd reads data in the 'username:password' format from standard input or a file to update the passwords of the corresponding users. This command typically requires root privileges and is essential for automating password management in large-scale user environments.

Key Features

  • Batch password change functionality
  • Suitable for scripts and automation
  • Reads data from standard input or files
  • Requires root privileges

Main Options

The chpasswd command offers several important options related to password processing.

Password Processing

Gegenereerde opdracht:

Probeer de opdrachtcombinaties.

Uitleg:

`chpasswd` Voer het commando uit.

Combineer deze opties en voer de opdracht virtueel uit met de AI.

Usage Examples

Various password change scenarios using the chpasswd command.

Change Single User Password

echo 'testuser:newpassword123' | sudo chpasswd

Changes the password for a single user by piping the echo command. This method is useful in scripts.

Change Multiple User Passwords from File

cat users.txt
# users.txt content:
# user1:pass123
# user2:pass456
sudo chpasswd < users.txt

Creates a file named users.txt with 'username:password' format on multiple lines, then provides it as input to chpasswd for batch changes.

Using Already Encrypted Passwords

echo 'user3:$6$rounds=5000$saltsalt$hashedpasswordexample' | sudo chpasswd -e

When passwords are already encrypted (hashed), use the -e (or --encrypted) option to prevent chpasswd from re-encrypting them. In this case, the passwords must match the format in /etc/shadow.

Change Password with Specific Encryption Method

echo 'user4:securepass' | sudo chpasswd --crypt-method SHA512

Hashes plain-text passwords using a specific encryption method (e.g., SHA512) for the change. The -e option is not used in this case.

Tips & Precautions

Tips and precautions for using the chpasswd command safely and efficiently.

Security Considerations

Passwords are sensitive information, so please pay attention to the following:

  • **Root Privileges**: chpasswd modifies system passwords and must therefore be run with root privileges.
  • **History Prevention**: Directly entering passwords like `echo 'user:pass' | sudo chpasswd` can leave them in the shell history. It is recommended to clear history (`unset HISTFILE` or `history -c`) or use the file input method.
  • **File Permissions**: Files containing passwords must have permissions set so that only the owner (root) can read them (e.g., `chmod 600 users.txt`).
  • **Temporary File Usage**: If using temporary files to pass passwords in scripts, ensure they are securely deleted after the operation is complete.

Input Format

chpasswd only recognizes the 'username:password' format. Other formats may cause errors.

  • Each line must be a single username:password pair.
  • The username and password are separated by a colon (:).

Encryption Method

By default, chpasswd uses the system's default encryption method. You can force a specific method using the `--crypt-method` option, but ensure this aligns with your system's security policies.

Hétzelfde categoriecommando

acl

ACL: Toegangscontrolelijstbeheer

anacron

anacron: periodieke taken uitvoeren na systeemopstart

ansible

ansible: Beheer en automatisering van servers op afstand

apropos

apropos: Handboekpagina's zoeken

apt

APT (Advanced Package Tool) Commandogids