6 Examples Linux Chage Command : Set Password Aging For User

May 2, 2011 | By
| Reply More

The command name ‘chage’ is an acronym for ‘change age’. This command is used to change the user's password's aging / expiry information. Any user can execute this command with the ‘-l’ option to view their password and aging information. No other unauthorised users can view the password's aging/expiry information. As the root user, you can execute this command to modify the aging information.

Chage command syntax

chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] user

We can go through some examples to get a better understanding of this command.

TASK 1: Use chage command to list the password aging information of a user

chage –l testuser
Output:
Last password change : May 01, 2012
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

As you can see, password expiration is disabled for this user.

TASK 2: Disable password aging for a user

chage -I -1 -m 0 -M 99999 -E -1 testuser

• -I -1 : This will set the “Password inactive” to never

• -m 0 : This will set the minimum number of days between password change to 0

• -M 99999 : This will set the maximum number of days between password change to 99999

• -E -1 : This will set “Account expires” to never.

This will disable the password expiry of a user if it is already enabled.

TASK 3: Enable password expiry date of a user

In most cases, as an administrator, you need to set a password expiry date for all users for the purpose of better security. Once you enable password expiry date for a user, the user will be forced to change their password at the time of the next login after the expiry date.

chage -M 20 testuser
Output
Last password change : May 01, 2012
Password expires : May 21, 2012
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7

TASK 4 : Set the Account expiry date in the format ‘YYYY-MM-DD’

chage –E “2012-05-28”

Output
Last password change : May 01, 2012
Password expires : May 21, 2012
Password inactive : never
Account expires : May 28, 2012
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7

TASK 5: Set the password expiry warning message

By default, this value is set to 7. So, when a user logs in prior to 7 days of expiry, they will start getting warning about the looming password expiry. If you want to change it to 10 days, you can do it as follows:

chage –W 10 testuser

TASK 6: Forcing the users to change the password on next logon

When you create a new user account, you can set it to force the user to change the password when they login for the first time as follows:

chage –d 0 testuser

This will reset “Last Password Change” to “Password must be changed”.

Hope this helps.

Filed Under : LINUX COMMANDS, LINUX HOWTO

Tagged With :

Free Linux Ebook to Download

Leave a Reply

Commenting Policy:
Promotion of your products ? Comment gets deleted.
All comments are subject to moderation.