Linux Chage Command to Set Password Aging for User
The command name ‘chage’ is an acronym for ‘change age’. This command is used to change the user's password's aging/expiry information. Any user can execute this command with the ‘-l’ option to view their password and aging information. No other unauthorized users can view the password's aging/expiry information. As the root user, you can execute this command to modify the aging information.
Syntax
chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] user
We can go through some examples to get a better understanding of this command.
1) List the password aging information of a user
chage –l testuser
Output:
Last password change : May 01, 2012
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
As you can see, password expiration is disabled for this user.
2) Disable password aging for a user
chage -I -1 -m 0 -M 99999 -E -1 testuser
• -I -1 : This will set the “Password inactive” to never
• -m 0 : This will set the minimum number of days between password change to 0
• -M 99999 : This will set the maximum number of days between password change to 99999
• -E -1 : This will set “Account expires” to never.
This will disable the password expiry of a user if it is already enabled.
3) Enable password expiry date of a user
In most cases, as an administrator, you need to set a password expiry date for all users for the purpose of better security. Once you enable password expiry date for a user, the user will be forced to change their password at the time of the next login after the expiry date.
chage -M 20 testuser
Output
Last password change : May 01, 2012
Password expires : May 21, 2012
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7
4) Set the Account expiry date in the format ‘YYYY-MM-DD’
chage –E “2012-05-28”
Output
Last password change : May 01, 2012
Password expires : May 21, 2012
Password inactive : never
Account expires : May 28, 2012
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7
5) Set the password expiry warning message
By default, this value is set to 7. So, when a user logs in prior to 7 days of expiry, they will start getting warning about the looming password expiry. If you want to change it to 10 days, you can do it as follows:
chage –W 10 testuser
6) Forcing the users to change the password on next logon
When you create a new user account, you can set it to force the user to change the password when they login for the first time as follows:
chage –d 0 testuser
This will reset “Last Password Change” to “Password must be changed”.
Hope this helps and let us know your thoughts on the above 6 chage command examples.