The chpasswd command allows Linux admins to change passwords one at a time or many at a time. Here's what you need to watch out for. Credit: Gerd Altmann The chpasswd command allows admins to change account passwords by piping username and password combinations to it. This can be done one-account-at-a-time or by putting all of the accounts to be modified in a file and piping the file to the command. How to use chpasswd Using the chpasswd command requires root privilege. You can switch to the root account and run a command like this: # echo nemo:imafish | chpasswd Better yet, you can use sudo with a command like this: $ echo skunk:istink! | sudo chpasswd The usernames and passwords will be in clear text on the command line as shown above, but can also be added to a file like that shown in the two examples below–one running as root, the other using the sudo command: # cat np $ cat np nemo:imafish nemo:imafish lola:imadog lola:imadog skunk:istink! skunk:istink! # cat np | chpasswd $ cat np | sudo chpasswd If you use a file like that shown, you should use a command like shred that will thoroughly erase and overwrite the file so that it cannot be recovered from the disk afterwards. Clearly, it’s never a good idea to keep passwords in unencrypted form on your system. If you’re setting up a password for a new account, it will likely not be usable initially and its /etc/shadow file entry will look something like this: $ sudo grep skunk /etc/shadow skunk:!!:18935:0:99999:7::: After using the chpasswd command, the entry will change to something like this with the lengthy password hash included: $ sudo grep skunk /etc/shadow skunk:$6$qeZmt/yXbkk$PVwHoUY5X/qv9cDK6KNkDCADd87i4h3bHeyfLFNsvQYdmhzZL8rVRTKB9vLT872Dh21K0/KVBUccZ6Vkg34NK/:18935:0:99999:7::: If you use echo to pipe a username and password to the chpasswd command, the command will likely be recorded in your command history–not a good idea. You could avoid this by disabling the history command’s capture of your commands briefly using this command: $ set +o history After running the chpasswd commands that you don’t want recorded, you can reverse that choice like this and return to your normal command history settings: $ set -o history If you are changing user passwords, they should be considered temporary, and you should also set the accounts to expire, so users must reset them on their next login. If you are changing passwords for service accounts, ensuring that the passwords cannot be retrieved from the system should be sufficient, as below. $ sudo passwd -e skunk Expiring password for user skunk. passwd: Success Tweaking history on Linux can help fine-tune what the history command remembers. Related content how-to How to examine files on Linux Linux provides very useful options for viewing file attributes, such as owners and permissions, as well as file content. By Sandra Henry Stocker Oct 24, 2024 6 mins Linux how-to 8 easy ways to reuse commands on Linux Typing the same command again and again can become tiresome. Here are a number of ways you can make repeating commands – or repeating commands but with some changes – a lot easier than you might expect. By Sandra Henry-Stocker Oct 15, 2024 5 mins Linux news SUSE Edge upgrade targets Kubernetes and Linux at the edge SUSE Edge 3.1 includes a new stack validation framework and an image builder tool that are aimed at improving the scalability and manageability of complex Kubernetes and Linux edge-computing deployments. By Sean Michael Kerner Oct 15, 2024 6 mins Edge Computing Linux Network Management Software how-to Lesser-known xargs command is a versatile time saver Boost your Linux command line options and simplify your work with xargs, a handy tool for a number of data manipulation tasks. By Sandra Henry Stocker Oct 11, 2024 6 mins Linux PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe