Step-by-Step Password Aging: Using chage Command in Linux for Beginners

chage-command-in-linux-to-set-expiry-password-for-a-user

The chage command stands for ‘Change Age’. The chage command in Linux is used to change the aging/expiry information of any user’s password.

If you are working as a system administrator in any organization, it is your task to enforce users for changing password due to security reasons.

So that after a certain period of time, users will be compelled to reset their passwords.

Only the root user can view the password’s aging/expiry information, the unauthorized user can’t see this information of other users.

As the root user, you can execute this command to modify the aging information of the user password.

Actually, you can also force the user to change their password periodically via /etc/login.defs file.

But, if you make changes in /etc/login.defs, it will affect every user registered in the system. If you want to set up a different password aging/expiry policy to a different user, then you can use chage command in Linux. it is the perfect tool for you in this situation.

Article Contents

The basic syntax of chage command in Linux

The syntax for chage command is given below:

chage [options] USER_LOGIN

chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] user

If you want to view the list of available options for chage command then you can use chage command followed by -h or –help option.

See example below:

chage -h

[root@localhost ~]# chage -h
Usage: chage [options] LOGIN

Options:
  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -h, --help                    display this help message and exit
  -I, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --list                    show account aging information
  -m, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -M, --maxdays MAX_DAYS        set maximum number of days before password
                                change to MAX_DAYS
  -R, --root CHROOT_DIR         directory to chroot into
  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS

[root@localhost ~]# 

View the password aging information of a user

You can view the password expiry details of a user by using chage command followed by -l and user name.

See the complete command syntax below:

chage -l vijay

[root@localhost ~]# chage -l vijay
Last password change					: Apr 25, 2020
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7
[root@localhost ~]# 

In the above example, targeted user was vijay

Disable password aging for a user

Do you want to disable the password expiry of a user? then you will have a close look on the following facts and options. Following command is useful for you.

chage -I -1 -m 0 -M 99999 -E -1 vijay

  • -I -1 : This option is used to set the “Password inactive” to never
  • -m 0 : This option is used to set the minimum number of days between password change to 0
  • -M 99999 : You can use this option to set the maximum number of days between password change to 99999
  • -E -1 : This will set “Account expires” to never.

Output of the above command as follows:

[root@localhost ~]# chage -I -1 -m 0 -M 99999 -E -1 vijay
[root@localhost ~]# chage -l vijay
Last password change					: Apr 25, 2020
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7
[root@localhost ~]# 

Enable password expiry date of a user

If you are an administrator, you need to set expiry date for all user’s password for the purpose of better security.

Once you set password expiry date for a user, the user will be forced to change their password at the time of the next login after the expiry date.

Without changing the password he will not able to get into the system.

You can set the password to expire after 30 days/1 Month Ah, that is good time.

For this, we’ll use the -m option as shown below:

chage -M 30 vijay

[root@localhost ~]# chage -M 30 vijay
[root@localhost ~]# chage -l vijay
Last password change					: Apr 25, 2020
Password expires					: May 25, 2020
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 30
Number of days of warning before password expires	: 7
[root@localhost ~]# 

Set the Account expiry date for a user

You can set the specific password expirty date for a user. Example of specific date is YYYY-MM-DD 30th April 2020 or 28th June 2020 etc.

You can perform this action with the help of -E option with chage command. You must use the format of the data is YYYY-MM-DD. You can’t change this format.

The command below shows us that password for user ‘vijay’ will expire on 30th May 2020.

chage -E “2020-05-30” vijay

[root@localhost ~]# chage -E "2020-05-30" vijay
[root@localhost ~]# chage -l vijay
Last password change					: Apr 25, 2020
Password expires					: May 25, 2020
Password inactive					: never
Account expires						: May 30, 2020
Minimum number of days between password change		: 0
Maximum number of days between password change		: 30
Number of days of warning before password expires	: 7
[root@localhost ~]# 

Set the password expiry warning message

By default, this expiry warning message value is set to 7. It means, when a user logs in prior to 7 days of expiry date, they will start getting a warning about the looming password expiry at every login.

You can set these days as per your suitability and requiremeents.

For Example, If you want to change it to 12 days, you can do it as follows:

chage –W 12 vijay

[root@localhost ~]# chage -W 12 vijay
[root@localhost ~]# chage -l vijay
Last password change					: Apr 25, 2020
Password expires					: May 25, 2020
Password inactive					: never
Account expires						: May 30, 2020
Minimum number of days between password change		: 0
Maximum number of days between password change		: 30
Number of days of warning before password expires	: 12
[root@localhost ~]# 

Forcing the users to change the password on next logon

When you create a new user account, you can set it to force the user to change the password.

In other cases, you can force the user to change the password on the next login. when they log in for the first time, They will have to change their password.

You can perform this action by using following command:

chage –d 0 vijay

[root@localhost ~]# chage -d 0 vijay
[root@localhost ~]# chage -l vijay
Last password change					: password must be changed
Password expires					: password must be changed
Password inactive					: password must be changed
Account expires						: May 30, 2020
Minimum number of days between password change		: 0
Maximum number of days between password change		: 30
Number of days of warning before password expires	: 12
[root@localhost ~]# 

This will reset “Last Password Change” to “Password must be changed”.

Conclusion

I’ve tried my best to cover most of the basic uses of chage command in Linux to set the aging /expiry date of the password for a user.

For more detailed information, you can check the manual page. To display the manual page use man command from the terminal.

If I’ve missed any important command, please do share it with me via the comment section.

If you like our content, please consider buying us a coffee.
Thank you for your support!