chage(change user password expiry information) command is used to implement a password aging policy. The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change their password – This article is all about How to Configure Password Aging on Linux.
How to Configure Password Aging on Linux
To view testuser‘s password aging information, use the following command:
# chage -l testuser Last password change : Aug 12, 2023 Password expires : Aug 11, 2024 Password inactive : Sep 10, 2024 Account expires : never Minimum number of days between password change : 1 Maximum number of days between password change : 365 Number of days of warning before password expires : 7
Set minimum age, maximum age, warning period, and inactivity period of the user’s password
To set minimum age, maximum age, warning period, and inactivity period of the testuser‘s password, use the following command:
# chage -m 0 -M 45 -W 7 -I 14 testuser # chage -l testuser Last password change : Aug 12, 2023 Password expires : Sep 26, 2023 Password inactive : Oct 10, 2023 Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 45 Number of days of warning before password expires : 7
The preceding chage command uses the -m, -M, -W, and -I options to set the:
-m – minimum age – 0 days-M – maximum age – 45 days-W – warning period – 7 days-I – inactivity period of the user’s password – 14 days
To force testuser to update its password on the next login, Â use the following command:
# chage -d 0 testuser # chage -l testuser Last password change : password must be changed Password expires : password must be changed Password inactive : password must be changed Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 45 Number of days of warning before password expires : 7
Another alternative is to use -E, –expiredate (EXPIRE_DATE) parameter to set the date or number of days since January 1, 1970 on which the user’s account will no longer be accessible.
# chage -E 2023-10-30 testuser # chage -l testuser Last password change : Aug 12, 2023 Password expires : Sep 26, 2023 Password inactive : Oct 10, 2023 Account expires : Oct 30, 2023 Minimum number of days between password change : 0 Maximum number of days between password change : 45 Number of days of warning before password expires : 7
The above command causes the testuser‘s account to expire on 2023-10-30 (in YYYY-MM-DD format).
Note: The date command can be used to calculate a date in the future. The -u option reports the time in UTC.
# date -d "+45 days" -u Tue Sep 26 04:54:16 PM UTC 2023
The -u option reports the time in UTC.
Read More:
