Linux Troubleshooting & Tips

Use Linux ‘passwd’ Command Non‑Interactively via Stdin

Photo of author

sood

linux, shell bash, ubuntu

Automating tasks in Linux often requires managing user authentication efficiently. However, the passwd command typically prompts for manual input, making automation difficult. Fortunately, you can bypass interactive prompts using tools like chpasswd, echo, or expect.

In this guide, you’ll learn multiple methods to automate password changes, improve security practices, and integrate these techniques into your DevOps or IT workflows.

Why Automate Password Changes?

Automating password updates can save time and reduce manual work in cases like:

  • Provisioning new systems or users – Set initial passwords during setup.
  • Bulk password resets – Quickly update credentials for multiple accounts at once.
  • Integration with automation tools – Scripts for Ansible, Puppet, or other tools require non-interactive methods.

If you manage Linux servers or cloud environments, these techniques will help you enforce security best practices while making password management more efficient.

Non-Interactive Password Changes Using chpasswd

The chpasswd command is one of the simplest ways to update passwords without user interaction. It’s designed for bulk updates and integrates well with automation.

Step 1: Create a User-Password File

Prepare a file containing username-password pairs, separated by a colon (:) and save the file as user_passwords.txt:

user1:password123  
user2:mysecurepassword

👉 This file should be stored securely to avoid exposing credentials.

Step 2: Apply Password Updates

Run the following command to update all user passwords at once:

sudo chpasswd < user_passwords.txt

This will update all listed accounts instantly.

Why Use chpasswd?

  • Simple and efficient – Perfect for batch password changes.
  • More secure – Avoids exposing passwords in the terminal.
  • Fast and reliable – Processes multiple accounts in seconds.

🚀 Best Practice: Always encrypt password files using gpg or a secure vault before storing them.

If you’re managing multiple accounts, you might also need to find files owned by a specific user in Linux, especially when troubleshooting access issues after a password reset.

How to Use passwd Without Interaction

For single-user password changes, you can use echo to pass the new password directly into passwd. Here’s a quick example:

echo "newpassword" | sudo passwd --stdin username

Here’s how it works:

  • echo "newpassword" – Outputs the new password as text.
  • | – Pipes that output into the next command.
  • sudo passwd --stdin username – Accepts the password from standard input and updates the user’s credentials.

This pipes the password into passwd, eliminating the need for manual input.

Alternative for Debian-Based Systems

Debian and Ubuntu don’t support the --stdin option. Instead, you can use chpasswd or automate the process with the expect command.

For more automation tips, check out how to run a script at startup in Linux, which can help streamline system setup tasks.

Automating Password Changes with expect

The expect tool is a powerful way to automate interactive programs like passwd. It simulates user input, making it useful when --stdin is not available.

Example expect Script

#!/usr/bin/expect  # Use Expect as the script interpreter

set timeout -1  # Disable timeout to ensure the script completes without interruption

set username "user1"  # Define the username whose password will be changed
set password "newpassword"  # Set the new password

spawn passwd $username  # Start the passwd command for the specified user

expect "New password:"  # Wait for the system prompt asking for the new password
send "$password\r"  # Send the new password followed by a carriage return

expect "Retype new password:"  # Wait for the confirmation prompt
send "$password\r"  # Re-enter the password to confirm

expect eof  # Wait for the passwd command to finish and exit

Save it as change_passwd.exp and run it like this:

sudo ./change_passwd.exp

Why Choose expect?

  • Works universally – Even when --stdin isn’t supported.
  • Handles interactive prompts – Ideal for password policies requiring confirmation.
  • Can be integrated into automation tools like Ansible, SaltStack, or Jenkins pipelines.

Tips for Keeping It Secure

Security is crucial when automating password changes. Here are some best practices to keep credentials safe:

  • Restrict file access – Use proper file permissions to limit who can read password files or scripts. A good rule is: chmod 600 user_passwords.txt This ensures only the file owner can access it.
  • Avoid storing passwords in plain text – Instead of hardcoding credentials, use encrypted vaults or environment variables. Tools like gpg, pass, or Ansible Vault can help.
  • Monitor system logs – Regularly audit authentication logs (/var/log/auth.log or /var/log/secure) to detect unauthorized access or exposed credentials.

Frequently Asked Questions

Can I change multiple user passwords at once using passwd?

No, the passwd command is designed for single-user password changes. To update multiple accounts at once, use chpasswd, which processes a file with username-password pairs. This method is more efficient for bulk updates and integrates well with automation tools.

Is it safe to pass passwords through echo?

Passing passwords via echo is risky because they may appear in shell history or process lists. A safer alternative is using chpasswd or a password manager like Ansible Vault. If echo must be used, ensure the shell history is cleared and avoid running the command on shared systems.

How can I automate password updates on Debian-based systems?

Since Debian does not support passwd –stdin, use chpasswd or expect. Chpasswd is simple for batch updates, while expect automates interactive commands. Both methods allow non-interactive password changes, ensuring automation works smoothly without manual input.

What’s the best way to secure password files?

Set strict file permissions using chmod 600 to ensure only the owner can read and write. For added security, store passwords in encrypted vaults instead of plain text. Regularly audit file access and use secure deletion methods to remove sensitive data when it’s no longer needed.

Why does passwd prompt for the old password when run as a normal user?

By default, passwd requires the current password to prevent unauthorized changes. To bypass this, use sudo, which grants administrative privileges. Without sudo, a user can only change their own password, not others. This security measure helps prevent accidental or unauthorized updates.

Wrapping Up

Automating password updates on Linux doesn’t have to be hard. Whether you’re using chpasswd, passwd with a twist, or the versatile expect, there’s a method that fits your needs. These techniques are perfect for setting up new systems, managing users, or integrating with automation tools. Start streamlining your workflows today and make password management a breeze!

Photo of author

ABOUT THE AUTHOR

As Editor in Chief of HeatWare.net, Sood draws on over 20 years in Software Engineering to offer helpful tutorials and tips for MySQL, PostgreSQL, PHP, and everyday OS issues. Backed by hands-on work and real code examples, Sood breaks down Windows, macOS, and Linux so both beginners and power-users can learn valuable insights. For questions or feedback, he can be reached at sood@heatware.net.