Linux Chage Command to Set Password Aging for User

The command name ‘chage’ is an acronym for ‘change age’. This command is used to change the user's password's aging/expiry information. Any user can execute this command with the ‘-l’ option to view their password and aging information. No other unauthorized users can view the password's aging/expiry information. As the root user, you can execute this command to modify the aging information.

Syntax

 

chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] user

We can go through some examples to get a better understanding of this command.

1) List the password aging information of a user

chage –l testuser
Output:
Last password change : May 01, 2012
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

As you can see, password expiration is disabled for this user.

2) Disable password aging for a user

chage -I -1 -m 0 -M 99999 -E -1 testuser

• -I -1 : This will set the “Password inactive” to never

• -m 0 : This will set the minimum number of days between password change to 0

• -M 99999 : This will set the maximum number of days between password change to 99999

• -E -1 : This will set “Account expires” to never.

This will disable the password expiry of a user if it is already enabled.

3) Enable password expiry date of a user

In most cases, as an administrator, you need to set a password expiry date for all users for the purpose of better security. Once you enable password expiry date for a user, the user will be forced to change their password at the time of the next login after the expiry date.

chage -M 20 testuser
Output
Last password change : May 01, 2012
Password expires : May 21, 2012
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7

4) Set the Account expiry date in the format ‘YYYY-MM-DD’

chage –E “2012-05-28”

Output
Last password change : May 01, 2012
Password expires : May 21, 2012
Password inactive : never
Account expires : May 28, 2012
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7

5) Set the password expiry warning message

By default, this value is set to 7. So, when a user logs in prior to 7 days of expiry, they will start getting warning about the looming password expiry. If you want to change it to 10 days, you can do it as follows:

chage –W 10 testuser

6) Forcing the users to change the password on next logon

When you create a new user account, you can set it to force the user to change the password when they login for the first time as follows:

chage –d 0 testuser

This will reset “Last Password Change” to “Password must be changed”.

Hope this helps and let us know your thoughts on the above 6 chage command examples.

 
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
RHCS6: Extend an existing Logical Volume / GFS2 filesystem
Viewed 1643 times since Sun, Jun 3, 2018
How setting the TZ environment variable avoids thousands of system calls
Viewed 8272 times since Mon, May 21, 2018
Jak wygenerować silne hasła jednorazowe w Linuksie?
Viewed 1269 times since Thu, May 24, 2018
How log rotation works with logrotate
Viewed 2569 times since Fri, Nov 30, 2018
6 rsync Examples to Exclude Multiple Files and Directories using exclude-from
Viewed 1768 times since Wed, Oct 31, 2018
Linux Health Check Commands
Viewed 1248 times since Fri, Jun 8, 2018
Red Hat Enterprise Linux - Allow Root Login From a Specific IP Address Only
Viewed 1238 times since Wed, Oct 3, 2018
chrt command: Set / Manipulate Real Time Attributes of a Linux Process
Viewed 9316 times since Mon, Feb 17, 2020
RHEL: How to change a USER/GROUP UID/GID and all owned files
Viewed 12529 times since Sat, Jun 2, 2018
Linux / UNIX: DNS Lookup Command
Viewed 8606 times since Sun, Sep 30, 2018