How to Change and Reset User Passwords with passwd and chpasswd
Why Password Management Matters for Server Owners
Alright, let’s get real for a second. If you’re running anything from a tiny Docker container to a beefy dedicated server, user passwords are your first line of defense. Whether you’re spinning up a VPS for your next side project or managing a fleet of cloud instances, knowing how to change and reset user passwords is absolutely essential. Mess this up, and you could be handing the keys to your digital kingdom to anyone who asks nicely (or not so nicely).
But let’s be honest: password management isn’t the sexiest topic. It’s one of those “I’ll deal with it later” things—until you’re locked out, or worse, someone else gets in. So, let’s break down the nitty-gritty of using passwd and chpasswd—two classic Linux tools that make password changes a breeze, whether you’re a solo developer or wrangling users on a big team.
Three Big Questions Every Server Owner Asks
- How do I quickly change or reset a user’s password?
- What’s the difference between
passwdandchpasswd, and when should I use each? - How can I automate password management for multiple users?
How Does It Work? The Algorithms and Structure Under the Hood
Let’s geek out for a second. Both passwd and chpasswd interact with the /etc/shadow file, where Linux stores hashed user passwords. When you set or reset a password, these tools:
- Prompt (or accept) a new password.
- Hash the password using a secure algorithm (these days, usually SHA-512).
- Update the
/etc/shadowfile with the new hash.
But the way you interact with these tools is a little different. passwd is interactive—great for one-offs. chpasswd is batch-friendly—perfect for automation and scripting.
Setting Up Password Changes: Quick and Dirty Guide
1. Using passwd: The Classic Way
Let’s say you want to change your own password (or another user’s, if you’re root):
passwd
# or, as root:
passwd username
It’ll prompt you for the new password (and, if you’re changing your own, your current password too). That’s it. Simple, but not great if you have 20 users to reset.
2. Using chpasswd: The Automation Hero
Now, let’s say you’re onboarding a team, or you want to reset passwords for a bunch of users at once. chpasswd is your friend. It reads username:password pairs from standard input:
echo "alice:SuperSecret123" | chpasswd
Or, for multiple users:
cat <<EOF | chpasswd
alice:SuperSecret123
bob:AnotherPass456
charlie:YetAnother789
EOF
That’s it—no prompts, no fuss. Perfect for scripts, Dockerfiles, or cloud-init setups.
3. Resetting Passwords Non-Interactively (Great for Docker and Cloud)
When building Docker images or automating server provisioning, you don’t want interactive prompts. Here’s how you can set a password non-interactively:
echo "root:MyNewRootPass" | chpasswd
Or, using passwd with --stdin (on some distros, like CentOS):
echo "MyNewRootPass" | passwd --stdin root
Note: --stdin isn’t available everywhere. chpasswd is more universal.
Comparison Table: passwd vs chpasswd
| Feature | passwd |
chpasswd |
|---|---|---|
| Interactive | Yes | No |
| Batch/Script Friendly | No | Yes |
| Change Multiple Users | No | Yes |
| Available on Most Linux Distros | Yes | Yes |
| Prompts for Old Password | Yes (for own user) | No |
| Great for Automation | No | Yes |
Examples and Real-World Cases
Case 1: The “Oops, I Forgot My Password” Scenario
Positive: You’re the admin. User Bob can’t log in. You run:
passwd bob
Bob’s back in business. No downtime, no drama.
Negative: You try to script this for 50 users. Each one prompts for input. Your script fails. You waste an hour. Solution: Use chpasswd instead.
Case 2: Dockerfile Password Setup
Positive: You want a default password for a user in your Docker image (not recommended for production, but hey, sometimes you need it):
RUN echo "user:password" | chpasswd
Works every time, no prompts, builds cleanly.
Negative: You try to use passwd in a Dockerfile. The build hangs, waiting for input. Lesson: Use chpasswd for automation.
Case 3: Cloud-init User Onboarding
Cloud-init scripts often use chpasswd to set initial passwords for new VMs. It’s fast, reliable, and works with automation tools like Ansible, Terraform, and more.
Beginner Mistakes and Common Myths
- Myth: “I can just echo a password into
passwd.”
Reality: Doesn’t work on most distros. Usechpasswdinstead. - Mistake: Leaving default passwords in Docker images or cloud VMs.
Advice: Always change or randomize passwords before going live. - Myth: “Changing the password in
/etc/passwdis enough.”
Reality: Password hashes are stored in/etc/shadow, not/etc/passwd. - Mistake: Not using strong passwords.
Advice: Use password managers or openssl rand to generate strong passwords.
Other Solutions and Utilities
- passwd – The classic, interactive tool.
- chpasswd – Batch and script-friendly.
- usermod – For changing usernames and other user properties, but not passwords.
- newusers – Create or update multiple users at once, including passwords.
- pwgen – Generate random passwords for your users.
- passwdqc – Enforce password quality rules.
For more info, check the official man pages: passwd and chpasswd.
Statistics and Comparison with Other Approaches
- Most Linux distros (Debian, Ubuntu, CentOS, Fedora) ship with both
passwdandchpasswdby default. - Cloud providers (AWS, DigitalOcean, etc.) use
chpasswdin their provisioning scripts for speed and reliability. - Automation tools (Ansible, Chef, Puppet) prefer
chpasswdor direct/etc/shadowmanipulation for batch operations.
Compared to GUI-based tools (like Webmin), CLI tools are faster, scriptable, and don’t require a browser or extra software.
Interesting Facts and Non-Standard Usage
- Fun fact: You can use
chpasswdto set passwords with different hashing algorithms. For example:echo "bob:MyPass" | chpasswd -c SHA512 - Automation: Combine
pwgenandchpasswdto generate and set random passwords for a whole team:for user in alice bob charlie; do pass=$(pwgen 16 1) echo "$user:$pass" | chpasswd echo "$user: $pass" >> /root/passwords.txt done - Bulk onboarding: Use
chpasswdwith a CSV export from your HR system to onboard new hires in seconds.
New Opportunities: Automation and Scripting
Once you master chpasswd, you unlock a world of automation:
- Onboard or offboard users in bulk with a single script.
- Rotate passwords regularly for compliance (just schedule a cron job).
- Integrate with CI/CD pipelines to set up test users on ephemeral servers.
- Automate password resets for customer support or dev teams.
Seriously, if you’re running any kind of hosting—cloud, VPS, dedicated server, or Docker—this is a must-have skill.
Conclusion: Why, How, and Where to Use passwd and chpasswd
Managing user passwords is one of those “boring but critical” admin tasks. Get it right, and your servers hum along smoothly. Get it wrong, and you’re in for a world of pain (or a security breach). Here’s the TL;DR:
- Use
passwdfor quick, interactive password changes—great for one-offs. - Use
chpasswdfor automation, scripting, and bulk operations—essential for anyone managing more than a handful of users. - Don’t forget to use strong passwords, and never leave defaults in production.
- Combine these tools with automation to save time, reduce errors, and keep your hosting environment secure.
Whether you’re running a cloud VM, a Docker container, a VPS, or a dedicated server, mastering passwd and chpasswd will make your life easier—and your servers safer.
Happy hosting, and may your passwords always be strong!
This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.
This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.
