Linux Chage Command to Set Password Aging for User

The command name ‘chage’ is an acronym for ‘change age’. This command is used to change the user's password's aging/expiry information. Any user can execute this command with the ‘-l’ option to view their password and aging information. No other unauthorized users can view the password's aging/expiry information. As the root user, you can execute this command to modify the aging information.

Syntax

 

chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] user

We can go through some examples to get a better understanding of this command.

1) List the password aging information of a user

chage –l testuser
Output:
Last password change : May 01, 2012
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

As you can see, password expiration is disabled for this user.

2) Disable password aging for a user

chage -I -1 -m 0 -M 99999 -E -1 testuser

• -I -1 : This will set the “Password inactive” to never

• -m 0 : This will set the minimum number of days between password change to 0

• -M 99999 : This will set the maximum number of days between password change to 99999

• -E -1 : This will set “Account expires” to never.

This will disable the password expiry of a user if it is already enabled.

3) Enable password expiry date of a user

In most cases, as an administrator, you need to set a password expiry date for all users for the purpose of better security. Once you enable password expiry date for a user, the user will be forced to change their password at the time of the next login after the expiry date.

chage -M 20 testuser
Output
Last password change : May 01, 2012
Password expires : May 21, 2012
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7

4) Set the Account expiry date in the format ‘YYYY-MM-DD’

chage –E “2012-05-28”

Output
Last password change : May 01, 2012
Password expires : May 21, 2012
Password inactive : never
Account expires : May 28, 2012
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7

5) Set the password expiry warning message

By default, this value is set to 7. So, when a user logs in prior to 7 days of expiry, they will start getting warning about the looming password expiry. If you want to change it to 10 days, you can do it as follows:

chage –W 10 testuser

6) Forcing the users to change the password on next logon

When you create a new user account, you can set it to force the user to change the password when they login for the first time as follows:

chage –d 0 testuser

This will reset “Last Password Change” to “Password must be changed”.

Hope this helps and let us know your thoughts on the above 6 chage command examples.

 
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
HowTo: Create CSR using OpenSSL Without Prompt (Non-Interactive)
Viewed 11546 times since Mon, Feb 18, 2019
RHCS: Configure an active/backup pacemaker cluster
Viewed 6041 times since Sun, Jun 3, 2018
Linux Kernel /etc/sysctl.conf Security Hardening
Viewed 21578 times since Fri, Aug 3, 2018
How to Clear RAM Memory Cache, Buffer and Swap Space on Linux
Viewed 744 times since Mon, Nov 23, 2020
Using stunnel and TinyProxy to obfuscate HTTP traffic
Viewed 3022 times since Fri, Sep 28, 2018
HowTo: Kill TCP Connections in CLOSE_WAIT State
Viewed 6567 times since Thu, Feb 14, 2019
How to encrypt a partition using LUKS?
Viewed 917 times since Fri, Jul 13, 2018
Fake A Hollywood Hacker Screen in Linux Terminal linux FUN
Viewed 2285 times since Thu, Apr 18, 2019
Linux Network (TCP) Performance Tuning with Sysctl
Viewed 7459 times since Fri, Aug 3, 2018
Using etckeeper with git
Viewed 5293 times since Sun, Jun 3, 2018