Manage User Password Expiration and Aging with Chage Command in Linux

It’s always best practice to keep changing user password at a regular interval. In the production system, it is highly recommended unless it’s hard coded the password in the  application. In this article, we are going to see the usage of chage command in Linux for password aging activities. The command name chage is an acronym for ‘change age‘. chage command abbreviation is similar to chmod, chown etc.

Note: Changes  in /etc/login.defs will affect to globally or every user that is in the system. Always use chage command line tool for specific user to setup different rule. Also note that root (superuser) or sudo access is required to execute chage command for user account. 

Also read :

Linux commands Part-1
Linux commands Part-2
Linux commands Part-3
Linux commands Part-4
Linux commands Part-5

2) Set password expiry date for an user after 90 days Click on picture below to enlarge it.

# chage -M 90 helen

In the screenshot above the password expiry has now set to 25-May-2020. The -M option sets the maximum number of days during which password is valid. Please note -M option changes “Password expires” and “Maximum number of days between password change”.
3) Set Account Expire Date for an User.
We will use -E option with a date, and date format should be in YYYY-MM-DD. In below examples we will set account expire date for an user teclues on 2020-03-01 (Click on picture below to enlarge it).
# chage -E 2020-03-01 teclues

5) Disable password aging for an user (Click on picture below to enlarge it).
Below command turn off the password expiration for an user teclues.
# chage-m 0 -M 99999 -I -1 -E -1 teclues
-m 0 this will set the minimum number of days between password change to 0.
-M 99999 this will set the maximum number of days between password change to 99999.

6) Force user to change password on next logon.
You can force user to change his/her password when they login next time (Click on picture below to enlarge it).