The chage command stands for ‘Change Age’. The chage command in Linux is used to change the aging/expiry information of any user’s password.
If you are working as a system administrator in any organization, it is your task to enforce users for changing password due to security reasons.
So that after a certain period of time, users will be compelled to reset their passwords.
Only the root user can view the password’s aging/expiry information, the unauthorized user can’t see this information of other users.
As the root user, you can execute this command to modify the aging information of the user password.
Actually, you can also force the user to change their password periodically via /etc/login.defs file.
But, if you make changes in /etc/login.defs, it will affect every user registered in the system. If you want to set up a different password aging/expiry policy to a different user, then you can use chage command in Linux. it is the perfect tool for you in this situation.
Article Contents
- The basic syntax of chage command in Linux
- View the password aging information of a user
- Disable password aging for a user
- Enable password expiry date of a user
- Set the Account expiry date for a user
- Set the password expiry warning message
- Forcing the users to change the password on next logon
- Conclusion
The basic syntax of chage command in Linux
The syntax for chage command is given below:
chage [options] USER_LOGIN
chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] user
If you want to view the list of available options for chage command then you can use chage command followed by -h or –help option.
See example below:
chage -h
[root@localhost ~]# chage -h
Usage: chage [options] LOGIN
Options:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximum number of days before password
change to MAX_DAYS
-R, --root CHROOT_DIR directory to chroot into
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
[root@localhost ~]#
View the password aging information of a user
You can view the password expiry details of a user by using chage command followed by -l and user name.
See the complete command syntax below:
chage -l vijay
[root@localhost ~]# chage -l vijay Last password change : Apr 25, 2020 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 [root@localhost ~]#
In the above example, targeted user was vijay
Disable password aging for a user
Do you want to disable the password expiry of a user? then you will have a close look on the following facts and options. Following command is useful for you.
chage -I -1 -m 0 -M 99999 -E -1 vijay
- -I -1 : This option is used to set the “Password inactive” to never
- -m 0 : This option is used to set the minimum number of days between password change to 0
- -M 99999 : You can use this option to set the maximum number of days between password change to 99999
- -E -1 : This will set “Account expires” to never.
Output of the above command as follows:
[root@localhost ~]# chage -I -1 -m 0 -M 99999 -E -1 vijay [root@localhost ~]# chage -l vijay Last password change : Apr 25, 2020 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 [root@localhost ~]#
Enable password expiry date of a user
If you are an administrator, you need to set expiry date for all user’s password for the purpose of better security.
Once you set password expiry date for a user, the user will be forced to change their password at the time of the next login after the expiry date.
Without changing the password he will not able to get into the system.
You can set the password to expire after 30 days/1 Month Ah, that is good time.
For this, we’ll use the -m option as shown below:
chage -M 30 vijay
[root@localhost ~]# chage -M 30 vijay [root@localhost ~]# chage -l vijay Last password change : Apr 25, 2020 Password expires : May 25, 2020 Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 30 Number of days of warning before password expires : 7 [root@localhost ~]#
Set the Account expiry date for a user
You can set the specific password expirty date for a user. Example of specific date is YYYY-MM-DD 30th April 2020 or 28th June 2020 etc.
You can perform this action with the help of -E option with chage command. You must use the format of the data is YYYY-MM-DD. You can’t change this format.
The command below shows us that password for user ‘vijay’ will expire on 30th May 2020.
chage -E “2020-05-30” vijay
[root@localhost ~]# chage -E "2020-05-30" vijay [root@localhost ~]# chage -l vijay Last password change : Apr 25, 2020 Password expires : May 25, 2020 Password inactive : never Account expires : May 30, 2020 Minimum number of days between password change : 0 Maximum number of days between password change : 30 Number of days of warning before password expires : 7 [root@localhost ~]#
Set the password expiry warning message
By default, this expiry warning message value is set to 7. It means, when a user logs in prior to 7 days of expiry date, they will start getting a warning about the looming password expiry at every login.
You can set these days as per your suitability and requiremeents.
For Example, If you want to change it to 12 days, you can do it as follows:
chage –W 12 vijay
[root@localhost ~]# chage -W 12 vijay [root@localhost ~]# chage -l vijay Last password change : Apr 25, 2020 Password expires : May 25, 2020 Password inactive : never Account expires : May 30, 2020 Minimum number of days between password change : 0 Maximum number of days between password change : 30 Number of days of warning before password expires : 12 [root@localhost ~]#
Forcing the users to change the password on next logon
When you create a new user account, you can set it to force the user to change the password.
In other cases, you can force the user to change the password on the next login. when they log in for the first time, They will have to change their password.
You can perform this action by using following command:
chage –d 0 vijay
[root@localhost ~]# chage -d 0 vijay [root@localhost ~]# chage -l vijay Last password change : password must be changed Password expires : password must be changed Password inactive : password must be changed Account expires : May 30, 2020 Minimum number of days between password change : 0 Maximum number of days between password change : 30 Number of days of warning before password expires : 12 [root@localhost ~]#
This will reset “Last Password Change” to “Password must be changed”.
Conclusion
I’ve tried my best to cover most of the basic uses of chage command in Linux to set the aging /expiry date of the password for a user.
For more detailed information, you can check the manual page. To display the manual page use man command from the terminal.
If I’ve missed any important command, please do share it with me via the comment section.