Howto set or force user to change a password at first login under Linux

Recently I got a question that read as follows:

ADVERTISEMENTS

How do I force user foo to change a password at the first time login using ssh?

As a sys admin you may need this kind of facility. There are many ways to achieve this.

You can set empty/null password and use passwd command to expire password. This will result into immediate password change for the first time.

For example you just need to type following two commands:
# usermod -p “” foo
# chage -d 0 foo

You can also ignore first command if foo is already exists in system.

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
Network Utilitiesdig host ip nmap
Package Managerapk apt
Processes Managementbg chroot disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w

ADVERTISEMENTS
6 comments… add one
  • Dragan Mar 11, 2008 @ 21:36

    Hi, but if you are running a Debian based distro on your server it is necessary to add the ‘shadow’ file into your ‘/etc/’ directory if you want this to work. So, to do this execute the following command ‘pwconv’ from CLI and the ‘/etc/shadow’ file will be automatically created. After that execute the ‘chage -d 0 username’. And that it’s.

    Cheers.

  • Bob Clampett Aug 22, 2008 @ 14:48

    Here are a set of scripts that work with RHEL 5.2. as Bash scripts.

    userlist.txt – Contains a set of UID’s to be created.

    useradd.sh – creates the UID’s

    pass.sh – Changes the password for the uids defined in userlist.txt

    passch.sh – sets the UID password to expire (forces the user the change password @ logon)

    Example:
    userlist.txt:
    bob
    tom
    chickmcgee

    useradd.sh:
    #!/bin/sh

    for i in `more userlist.txt`

    do

    echo ${i}
    adduser ${i
    }
    done

    pass.sh:
    #!/bin/sh

    for i in `more /root/users/userlist.txt `

    do

    echo ${i}
    echo ${i}”1234″ | passwd –stdin ${i}

    echo; echo “User ${i}.s password changed!”

    done

    passch.sh:
    #!/bin/sh

    for i in `more userlist.txt `

    do

    echo $i

    echo ${i} | chage -d 0 ${i}

    echo; echo “User $i will be forced to change password on next login!”

    done

  • Russell Cook Apr 19, 2012 @ 10:25

    The scripts should do a “cat” instead of the “more” … the more command will create a problem if there are more than page it will wait for a keypress.

  • Prabhu Thiyagarajan Aug 30, 2012 @ 1:31

    Hi,

    Thanks for the tips and script.
    But, after executing the above commands to enforce the user to change the password upon first login, I am not able to see this comment (You are required to change your password immediately (root enforced)) in PUTTY screen when I login as the respective user.

    Of course, this works when I directly login on my VM.

  • flo Dec 11, 2014 @ 9:55

    that does no longer work on debian 7!

  • portia Feb 2, 2016 @ 11:28

    Why my email always say it does not exist

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.