Once you have created a new user on your Linux system, you may need to prompt them to change the password at the next login to comply with the password policy. This ensures that they set a different password – and a strong one for that matter- to thwart any brute-force attempts by malicious users or hackers. This ensures the safety of the user’s account.
There are two ways of compelling a user to change the password at the next login. We have used Ubuntu 20.04 for demonstration.
Force user to change password using passwd command
The passwd command is mostly used to assign or change a user’s password on a Linux system. For instance, to reset the password of a user called bob, simply execute the command below as root user:
# passwd bob
You will be prompted to provide a new password for the user account and later confirm it as shown.
Aside from setting or changing a user’s password, the passwd command can also be used to compel the user to change the password once they attempt to log in the next time.
This is possible using the syntax provided.
# passwd -e [username]
The -e option (also expressed as –expire) simply expires the user account’s password and forces the user to change the password on the next logon.
For example, to retire bob’s password simply run the command
# passwd -e bob
# passwd -- expire bob
Thereafter, you can verify the password expiry or aging information by running the chage command as shown.
# chage -l bob
From the output, we can clearly observe that the password for user bob need’s to be changed on next logon.
On the next login attempt, the user bob will get a notification that their password has expired and should be changed before proceeding. The user will be required to first provide the previously used password, then enter the new password and then confirm it as shown below.
Force user to change password using chage command
As we have previously, the chage command gives insights about the user’s aging information. You can also use the command to expire a user’s password and force them to change it on next logon.
You can achieve this using the -d option followed by 0 which implies day zeo. Also, you can use the –lastday flag that specifies the number of days since the epoch ( January 1, 1970)
The syntaxes are provided below
# chage -d 0 [username]
# chage --lastday 1970-01-01 [username]
For example, you can expire a user called jack as shown.
# chage -d 0 jack
When user jack tries to log in the next time, he will be required to change his password in the same manner as demonstrated in the first part of this guide.
In this tutorial, we have highlighted two commands that you can conveniently use to force a user to change their password. If you were having such a challenge, it’s our hope that you have gained enough insights on the matter.
Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications including CCNA RS, SCP, and ACE. As an IT engineer and technical author, he writes for various websites.