Here at HowtoForge, we have already discussed the passwd command, which lets you change your account password on a Linux system. But what if you want to change passwords of multiple users in one go? Well, there exists a command – chpasswd – that lets you do this.
In this tutorial, we will discuss the basics of this tool using some easy to understand examples. But before we do that, it’s worth mentioning that all examples here have been tested on an Ubuntu 18.04 LTS machine.
Linux chpasswd command
The chpasswd command in Linux lets you update passwords in batch mode. Following is its syntax:
And here’s what the tool’s man page says about it:
The chpasswd command reads a list of user name and password pairs from
standard input and uses this information to update a group of existing
users. Each line is of the format:
By default the passwords must be supplied in clear-text, and are
encrypted by chpasswd. Also the password age will be updated, if
Following are some Q&A-styled examples that should give you a good idea on how chpasswd works.
Q1. How to use chpasswd command?
Basic usage, as explained in the introduction section above, is pretty straight forward. Just run the chpasswd command (with root privileges) sans any option, and enter the new password in ‘username:password’ format.
For example, I executed the command:
and provide the following input:
Note1: As chpasswd expects you to enter the input on stdin, don’t forget to press Ctrl+D once you’re done entering usernames and new passwords.
Note2: The passwords used in the example here are just for demo purposes, don’t use them in any way.
Q2. How to make chpasswd read information from file?
Sometimes, you may want the tool to read input information from a file (rather than stdin). This can be done in the following way:
cat [FILENAME] | chpasswd
cat newpass.txt | chpasswd
Note that the format of input remains the same: ‘username:password’, just that it’s written in a file now.
Q3. How chpasswd handles encryption?
Here’s how the tool’s man page explains this:
By default, passwords are encrypted by PAM, but (even if not
recommended) you can select a different encryption method with the -e,
-m, or -c options.
Except when PAM is used to encrypt the passwords,chpasswd first updates
all the passwords in memory, and then commits all the changes to disk
if no errors occurred for any user.
When PAM is used to encrypt the passwords (and update the passwords in
the system database) then if a password cannot be updated chpasswd
continues updating the passwords of the next users, and will return an
error code on exit.
This command is intended to be used in a large system environment where
many accounts are created at a single time.
Q4. How to enable a different encryption method?
This can be done using the -c command line option. By default, as you may already know by now, PAM is used as the encryption method, but using -c, you can specify any of the following: DES, MD5, NONE, and SHA256 or SHA512 (provided your libc supports the method you choose).
chpasswd -c DES
Q5. How to tell chpasswd about encrypted input?
If you want, you can also supply encrypted passwords in input. But for that, you need to use the -e option so that chpasswd knows about this.
The chpasswd command is usually used by system admins or persons entrusted with user management on a Linux PC or a network, although there’s no harm in learning about it even if you are a normal user. Here, we’ve discussed several major command line options of this tool. To learn more, head to its man page.