MAINTAINING PASSWORDS ON A MULTIUSER SYSTEM

Password maintenance on a Linux system is very important, and a few tools exist that can be of particular use when you're dealing with password maintenance in multiuser systems, such as in a server environment. The passwd command, which is the first and most often-used command, changes a user's password. If the user executes it, it will change his or her password; if root executes it, the user can change any user's password. For instance, the following, executed as root, will change joe's password by asking for joe's new password:

# passwd joe

If joe were to execute the passwd command on his own, the system would ask for his current password and then his new password. The passwd command is also used to manipulate the account in other ways, such as by changing a user's shell or disabling an account.

When reinstalling a server, there is a useful tool, called chpasswd, that allows you to batch update user passwords. For example, if you are setting up a new server and have a number of user accounts to transfer over, you can use chpasswd to do it for you. It reads a file of username and password pairs in the format user:password (one per line in the file). The password can either be cleartext or encrypted. If you are importing encrypted passwords, you must use the -e option with chpasswd in the following way:

# chpasswd -e </path/to/passwd/file

Because chpasswd reads the username/password pairs from standard input, you must redirect the contents of your file to chpasswd as illustrated above. Also note that the user accounts must already exist for chpasswd to work.

Finally, the gpasswd command is used to maintain group membership and password data. With gpasswd, you can add users to groups, remove them, and add or remove password protection for groups.