1 - With
sudo passwd -n <MIN> <username> you can lock the <username> password for <MIN> days (<username> is the login-name of the user). To be sure users cannot change password you can use
sudo passwd -n 10 -x 1 <username> since if tha minimum (-n) is greater than the maximum (-x) the user cannot change the password.
2 - you can do it with
sudo passwd <username> (<username> is the login-name of the user)
3 - adding that line you allws
User to use duso and run all commands.
4 - visiblepw is set OFF by default. Read this about
visiblepw