Manage User Password Expiration and Aging with Chage Command in Linux

It’s always best practice to keep changing user password at a regular interval. In the production system, it is highly recommended unless it’s hard coded the password in the  application. In this article, we are going to see the usage of chage command in Linux for password aging activities. The command name chage is an acronym for ‘change age‘. chage command abbreviation is similar to chmod, chown etc.

Note: Changes  in /etc/login.defs will affect to globally or every user that is in the system. Always use chage command line tool for specific user to setup different rule. Also note that root (superuser) or sudo access is required to execute chage command for user account. 

Also read :

Linux commands Part-1
Linux commands Part-2
Linux commands Part-3
Linux commands Part-4
Linux commands Part-5

Syntax:
chage [options] LOGIN
1) List user’s last password changed and other related details (Click on picture below to enlarge it). 
# chage -l teclues
In the above command, we used -l option along with chage command to view password aging information. 

2) Set password expiry date for an user after 90 days Click on picture below to enlarge it.

# chage -M 90 helen

In the screenshot above the password expiry has now set to 25-May-2020. The -M option sets the maximum number of days during which password is valid. Please note -M option changes “Password expires” and “Maximum number of days between password change”.
3) Set Account Expire Date for an User.
We will use -E option with a date, and date format should be in YYYY-MM-DD. In below examples we will set account expire date for an user teclues on 2020-03-01 (Click on picture below to enlarge it).
# chage -E 2020-03-01 teclues

4) Set password expiry warning message (Click on picture below to enlarge it).
By default, the number of days of password expiry warning is set to 7 days. -W option allows to set the number of days of warning before a password change is required. As per below command user teclues will start getting password change warning message 7 days prior to his password expiring.
# chage -W 7 teclues

5) Disable password aging for an user (Click on picture below to enlarge it).
Below command turn off the password expiration for an user teclues.
# chage-m 0 -M 99999 -I -1 -E -1 teclues
-m 0 this will set the minimum number of days between password change to 0.
-M 99999 this will set the maximum number of days between password change to 99999.

-I -1 will set the “Password inactive” to never.
-E -1 will set “Account expires” to never.


6) Force user to change password on next logon.
You can force user to change his/her password when they login next time (Click on picture below to enlarge it).

# chage -d 0 helen

In this article, we have seen, how we can manage Linux Password Expiration and Aging using chage command in Linux. Kindly share it with others also follow us on Facebook Official Page.

Leave a Comment