Terminal command to change a user password on a Mac

Update May, 2019

Now that there are SecureToken users, the command below no longer works to reset another user’s password. Thanks to mario on the MacAdmins Slack for testing.

Acknowledgements

Just a cleaned-up version of directions from Mac Script to change Administrator password

Changing a user password via terminal command

If you ever want to—perhaps for scripting purposes?—change a user’s password from the command-line (despite what it says in the link above, you don’t have to be logged in as the user to change the user’s password, but you do have to be logged in as an admin user), these are the commands you’d use:

sudo /usr/bin/dscl . -passwd /Users/username newpassword
sudo security set-keychain-password -o oldpassword -p newpassword /Users/username/Library/Keychains/login.keychain

Substitute in the actual user’s username for username, the actual user’s old password for oldpassword and the actual user’s new password for newpassword.

If you don’t know the old password…

If, for some reason, you (and the user both) have forgotten the user’s old password and don’t want to deal with keychains issues, you can also just delete the existing keychain (instead of running the second command to update the keychain password):

sudo rm -r /Users/username/Library/Keychains/*

Security issues

One strong caveat is that the terminal, by default, will save commands to ~/.bash_history in plain text, so you’re essentially storing a user’s password in plain text, unless you temporarily disable bash history or later go into the ~/.bash_history file with a text editor (like nano) and delete the offending lines manually.

If you distribute this as part of a .pkg, nothing will be visible in a .bash_history file, but make sure you keep that .pkg extra secure or delete it after deploying it.


Posted

in

by

Comments

3 responses to “Terminal command to change a user password on a Mac”

  1. Evan Avatar
    Evan

    Thanks so much for this guide! It really came in handy for me after I forgot my admin password and needed to reset it. Luckily, I had given my local user account sudo privileges and was able change the admin password via the terminal using this guide, even though I had no idea what the admin password was! Just another reminder never to give users sudo privilege unless you own both the admin and local account!

  2. Aquib Avatar
    Aquib

    Its not working I tried with my Mac HS

  3. Stephan Avatar
    Stephan

    If you do not want the password to appear in the history and don’t want to mess with the history, try:
    read pass
    sudo /usr/bin/dscl . -passwd /Users/username $pass
    The password will be stored in $pass and instead of the plaintext password just the string “$pass” will apear in the history.

Leave a Reply

Your email address will not be published. Required fields are marked *