How to Reset Linux Password to Expire after Number of Days

Best System administration practice requires a periodic change of passwords for any operating system, and Linux is no exception. This is for security reasons. However, most users do not take heed of this and continue to use the same passwords for prolonged periods of time. As a system administrator, it's your task to enforce password changing policies so that after a certain period of time, users will be compelled to reset their passwords. In this article, we are going to see how to reset passwords to expire after a number of days with the help of chage command.

Read AlsoLinux Chage Command to Set Password Aging for User

If you are using  Ubuntu System, check whether chage is installed using the following command

dpkg -l | grep "chage"

If not installed, run the following command to install it.

apt-get install chage

Listing password status of a user

To view the password expiry  details of a user, run the command below

chage -l username

or

chage --list username

For example, you can list password information of a user called james in a Linux system by running

chage -l james

Output

Last password change                                    : Feb 24, 2018
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Reset passwords to expire after a number of days

The chage command can be used to set password expiry date of a user. This is achieved using the -E option as shown below. Note that the format of the date is YYYY-MM-DD. The command below shows us that password for user james will expire on 31st March 2018.

chage -E "2018-03-31" james

We can also set the password to expire after a certain number of days. For this, we'll use the -m option as shown

 chage -M number-of-days username

For example, If we want to set the password for user james to expire after 7 days, we'll run

chage -M 7 james

To verify that changes have been effected, run

chage -l james

Output

Last password change : Feb 24, 2018
Password expires : Mar 03, 2018
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 7
Number of days of warning before password expires : 7

We can go further and set a warning at login to inform the user of the number of days remaining before the password expires.

Set up a Password expiry warning prompt for a user

To accomplish this, we use the -W option as shown below

chage -W 3 james

The command above sets the expiry warning when the user logins in 3 days or less to the expiry of his password.
To verify this run

chage -l james

Output

Last password change                                    : Feb 24, 2018
Password expires                                        : Mar 03, 2018
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 7
Number of days of warning before password expires       : 3

We can see on the last line that the number of days of warning before the user's password expires has been set to 3 days.

A few points to note as I wrap up

  1. A root user can change and view password information for any user but a non-root user can only view and change his password information.
  2. After the password expires, the user will not be able to login into the system until he/she sets up a new password. The system will prompt the user to enter the old password and later prompt him for a new password and later confirm it.

Feel free to try out the commands above and let us have your thoughts on this. Thank you.

Jamie Arthur 12:05 am

About Jamie Arthur

Hey, I'm James, a passionate Linux Systems administrator, and a tech enthusiast. I derive immense gratification in conducting research on Linux systems and keeping myself up to date with the latest in the technology world.

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.