1 00:00:06,580 --> 00:00:08,949 In this video we'll talk about password properties. 2 00:00:10,230 --> 00:00:12,970 Users can change their own password using passwd. 3 00:00:14,289 --> 00:00:18,649 Administrators can manage passwords and their properties using passwd and change. 4 00:00:19,809 --> 00:00:25,870 Change is for change aging information and you can use change l for a list of current settings. 5 00:00:27,530 --> 00:00:32,049 The nice thing about changes is that the command prompts about changeable settings. So just 6 00:00:32,049 --> 00:00:36,569 use sudo changes on the user and you'll be prompted for every setting that applies. 7 00:00:38,490 --> 00:00:45,429 You can use different options with password s and change to change password properties. I would definitely 8 00:00:45,429 --> 00:00:52,369 recommend you use change and not pass wd s because the interactive prompt is really convenient. 9 00:00:53,460 --> 00:00:58,149 Also convenient is the option to change passwords without an interactive prompt. 10 00:00:59,070 --> 00:01:03,935 On Red hat you can use echo password and send the output of 11 00:01:03,935 --> 00:01:08,799 the echo command into a pipe using sudo passwd stdin on a username. 12 00:01:10,620 --> 00:01:15,790 On Ubuntu it's slightly different, and there you use the chpasswd command. 13 00:01:16,310 --> 00:01:22,219 So you would use echo username passwd pipe sudo chpasswd. 14 00:01:22,870 --> 00:01:27,270 Now the fun thing is that chpasswd does exist on Red 15 00:01:27,270 --> 00:01:31,670 Hat as well, but paswd standardin does not exist on Ubuntu. 16 00:01:32,750 --> 00:01:38,930 Now password settings themselves are written to the etc shadow file. Let's have a look. 17 00:01:39,870 --> 00:01:43,530 First thing that I would like to do is sudo change for lynda. 18 00:01:44,730 --> 00:01:49,745 So here we see that change is prompting for the different settings for user lynda 19 00:01:49,745 --> 00:01:54,760 minimum password age I want Linda to use her password at least for 3 days. 20 00:01:55,379 --> 00:01:57,260 Maximum password days. 21 00:01:58,019 --> 00:02:02,140 Let's make that a month. So she will be forced to change the password every month. 22 00:02:02,939 --> 00:02:05,959 Last password change is the system setting. Don't change it. 23 00:02:06,459 --> 00:02:12,419 Password expiration warning I want one day before the password expires. The user gets a message. 24 00:02:12,419 --> 00:02:18,379 I'm not sending it to inactive, but I will expire the account on 2028 12. 25 00:02:23,699 --> 00:02:29,939 And now my user has changed. So can we see that? Well, if I use sudo grab 26 00:02:29,939 --> 00:02:36,180 Linda on etc shadow then you see the values behind the scene that have been modified. 27 00:02:36,819 --> 00:02:41,919 What's all of this? Well, this here, this long string is the hash of the encrypted password. 28 00:02:42,539 --> 00:02:48,713 This here is the number of days since January 1, 1970 that the user was 29 00:02:48,713 --> 00:02:54,886 created. And here we have the minimum password, the maximum password date, the expiration, and 30 00:02:54,886 --> 00:03:01,060 we have the account expiration date as a number of days since January 1, 1970. 31 00:03:04,379 --> 00:03:10,939 I also like to demonstrate this option to change passwords without an interactive prompt. 32 00:03:11,460 --> 00:03:16,305 So echo password pipe sudo 33 00:03:16,305 --> 00:03:21,150 pass WD standardin Bob. 34 00:03:27,129 --> 00:03:31,840 Oh boy, I see that I'm doing something wrong. The password 35 00:03:31,840 --> 00:03:36,550 fills the dictionary check it's based on a dictionary word. 36 00:03:37,349 --> 00:03:43,064 So did it change it? Well, when we use sudo grab bob on etc shadow 37 00:03:43,064 --> 00:03:48,780 then we see that, well, despite the error message, it did change the password. So 38 00:03:48,780 --> 00:03:54,495 that's good news. Anyway, the thing is, when you use a bad password you get 39 00:03:54,495 --> 00:04:00,210 a warning, but as you are using your sudo superpowers, it's doing it anyway. 40 00:04:00,849 --> 00:04:02,710 Now, what is the Ubuntu alternative? 41 00:04:03,430 --> 00:04:09,936 Well, first let's check for a couple of users that don't have a password set yet. So I'm 42 00:04:09,936 --> 00:04:16,443 using sudo till on etc shadow and I'm looking for users that in the second field have an 43 00:04:16,443 --> 00:04:22,949 exclamation mark that means that password has not yet been set. So that is Lisa and Lori. 44 00:04:23,569 --> 00:04:30,149 So I'm going to use echo lisa colon password pipe sudo chpasswd and 45 00:04:30,149 --> 00:04:36,729 that's how you can also do it. An echo lorry colon password that 46 00:04:36,730 --> 00:04:43,310 makes that all of my users at this point have a password. 47 00:04:44,069 --> 00:04:49,904 As I mentioned, chpasswdo exists on red hat as well as Ubuntu paswd standard 48 00:04:49,904 --> 00:04:55,740 in only exists on red hat, so probably you're better off using chpasswd.