chpasswd - Linux

Overview

The chpasswd command in Linux is used to update the passwords of user accounts in batch mode. This utility reads pairs of usernames and their corresponding passwords from the standard input and updates the passwords accordingly. It’s primarily useful for system administrators managing multiple accounts at once, allowing them to update passwords in bulk efficiently and securely.

Syntax

The general syntax for chpasswd is as follows:

chpasswd [options]

The command reads from standard input; therefore, user and password pairs must be provided in this format:

username:password
username2:password2
...

Options/Flags

  • -e, --encrypted: By using this option, the input passwords are treated as already encrypted.
  • -m, --md5: Use the MD5 algorithm rather than the default encryption algorithm for password creation.
  • -s, --sha256: Use the SHA-256 algorithm for password hashing.
  • -S, --sha512: Use the SHA-512 algorithm for password hashing.
  • -c, --crypt-method: Allows the specification of the cryptographic algorithm (DES, MD5, SHA256, SHA512).
  • -h, --help: Display a help message and exit.

Examples

  1. Updating a single user password: 
    echo 'username:password' | chpasswd
  2. Updating multiple users’ passwords: 
    echo -e 'user1:password1\nuser2:password2' | chpasswd
  3. Using encrypted passwords: 
    echo 'username:$1$somemj00$abcdef...' | chpasswd -e
  4. Changing password using SHA-512: 
    echo 'username:password' | chpasswd -S

Common Issues

  • Permission Denied: Users must have appropriate privileges (typically root) to change passwords for other users.
  • Invalid Option Combination: Combining -m, -s, and -S can lead to errors since these flags are mutually exclusive.
  • Weak Passwords: If the system enforces strong passwords and the input does not comply, chpasswd will fail.

Integration

chpasswd can be integrated with other commands for efficient batch operations:

cat userlist.txt | chpasswd

Where userlist.txt contains user-password pairs. It can be used in scripts to automate the initial setup of user accounts in new system deployments.

  • passwd: Command used to change the user’s password.
  • useradd, usermod: Commands for adding and modifying user accounts, respectively.

Check the man chpasswd for more detailed information and usage options.