In this article, we are going to learn about the Linux chage command. chage command can be pronounced as Change Age. Linux chage command is used to manage the Linux Password Expiration and Aging of User Accounts and Passwords.
We will able to manage the below-listed settings using chage command :
- Set Expiry Date for a User Account.
- Set Warning alert before Password Expires.
- Set Password Inactive after Password Expiration.
- Set Maximum Number of days before Password Change.
- Set Minimum Number of days before Password Change.
- Force User to change Password at their first login.
- Set Last Password Change.
Linux chage command (A tool for Linux password expiration Management) with Examples :
List the Current Aging Information of User
To list the current aging information of a user we can use chage command with argument -l. Here I am checking the aging information of user itsmarttricks.
[root@localhost ~]# chage -l itsmarttricks # Listing Aging Information of a User Last password change : May 24, 2019 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Set/Change Expiry Date of a User Account using Linux chage Command
To set/change the Expiry date of a User you can use chage command with argument -E. Syntax to set/change the expiry date of a User Account :
Syntax : chage -E [DATE] [Username]
Date Format should be like this: YYYY-MM-DD. Refer to the command below.
[root@localhost ~]# chage -E 2020-03-15 itsmarttricks# Set/Change Expiry Date of a User Account # Confirm the Setting [root@localhost ~]# chage -l itsmarttricks Last password change : May 19, 2019 Password expires : never Password inactive : never Account expires : Mar 15, 2020 Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Set Password Expiry Warning Alert
You can use chage command to set Warning Alert before Password expiry. To do so you can use chage command with argument -W. Here I am going to set 5 days as Password Alert for user itsmarttricks that means user itsmarttricks will get an alert message to change the password 5 days before password expiration.
[root@localhost ~]# chage -W 5 itsmarttricks # Set Password Change Alert for User # Confirm the Setting [root@localhost ~]# chage -l itsmarttricks Last password change : May 21, 2019 Password expires : Jun 20, 2019 Password inactive : Jun 27, 2019 Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 5
Also Read : Managing Users And Groups In Linux – A Complete Guide For Beginners
Set Password Inactive after Password Expiration
chage command with argument -I will set Password Inactive. That means the user can able to log in to the system with the same username and password for the next allowed days (eg: 10 Days) even after Password Expiry. Here I am allowing 10 days as a Password Inactive for User itsmarttricks. That means user itsmarttricks can use the same password for the next 10 days. After that, the User will get Locked. Refer to the command below.
[root@localhost ~]# chage -I 10 itsmarttricks # Set Password Inactivity # Confirm the Setting [root@localhost ~]# cat /etc/shadow | grep itsmarttricks itsmarttricks:$1$/Qiw/iiX$zufQoDJV.LwZ.ggvRkABz.:17310:0:99999:7:10::
Set Maximum Number of Days between Password Change
You can set the Maximum Number of days between password change means Here you can allow the users How many maximum days the user can use the current password. Within the maximum allowed days, the user must change the password otherwise the account will lock. To Set maximum allowed days, you can use chage command with argument -M.
Note: When you set the Maximum Number of days for Password for any user the Password Expires date will also get updates. It totally depends on your value of maximum allowed days.
For Example: Here I am allowing 10 days as a Maximum password age for the user itsmarttricks. That means user itsmarttricks able to use the current password for the next 10 days only and before 10 days the password should change otherwise on the 11th day the user account itsmarttricks will get a lock.
[root@localhost ~]# chage -M 10 john # Allow Maximum days between Password Change # Confirm the Setting [root@localhost ~]# chage -l john Last password change : May 24, 2019 Password expires : Jun 03, 201 Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 10 Number of days of warning before password expires : 7
Set Minimum Number of Days between Password Change
You can also set the Minimum Number of days between password change. That means the user cannot change the password until the minimum allowed days completed. For Example: Here I set 5 days as a minimum password age for the user itsmarttricks That means user itsmarttricks have to use the current password for at least 5 days and cannot change the password within these 5 days. To set minimum days you can use chage command with argument -m. Refer to the command below.
Note: If you set 0 as a Minimum Password day then the user can change his password any time.
[root@localhost ~]# chage -m 5 john # Allow Minimum days between Password Change # Confirm the Setting [root@localhost ~]# chage -l john Last password change : May 24, 2019 Password expires : Jun 03, 2019 Password inactive : never Account expires : never Minimum number of days between password change : 5 Maximum number of days between password change : 10 Number of days of warning before password expires : 7
Set Last Change Password using Linux chage Command
Now we are going to discuss Last Password Change. We can set Last Password Change by using chage command with argument -d.
Syntax : chage -d [DATE] [USERNAME]
Note: The date should be in the YYYY-MM-DD format.
Here I am going to set the Last change Password for user Ricky.
[root@localhost ~]# chage -d 2019-05-20 ricky # Set Last Change Password # Confirm the Setting [root@localhost ~]# chage -l ricky Last password change : May 20, 2019 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Note: One more thing we have to notice is When we set the Last Change Password date as shown above, at that time one more setting gets updated i.e. Password Expires. and it totally depends on the Maximum Number of days between Password Change Value.
When we set/reset the password of any user at that time also the Last Password Change setting gets Update. For Example, I reset the Password of user itsmarttricks on 25 May 2019 then the Last Password Change Setting will get an update to Date 2019-05-25. Refer to the sample output below.
[root@localhost ~]# passwd itsmarttricks Changing password for user itsmarttricks. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@localhost ~]# chage -l itsmarttricks Last password change : May 25, 2019 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Force User to Change Password at Next Login
You can also use chage command with argument -d to force the user to change the password on the next login. for that, you have to set the number of days as 0. Refer to the command below.
[root@localhost ~]# chage -d 0 ricky # Force User to Change Password # Confirm the Setting [root@localhost ~]# chage -l ricky Last password change : password must be changed Password expires : password must be changed Password inactive : password must be changed Account expires : May 27, 2019 Minimum number of days between password change : 0 Maximum number of days between password change : 10 Number of days of warning before password expires : 7
Also Read : How to Create and Manage Users Using Useradd Linux Command
As you can see above all three options i.e. Last Password Change, Password Expires and Password Inactive showing Password must be changed. That means when a user will log in for the first time system will force to set his own password and at that time all the above settings will get an update as per that date.
Now when you log in to the system by Ricky user you will get the below message.
As you can see on the snapshot above system enforces the user Ricky to change the Password.
More Linux chage Command Help
For more Linux chage command options you can refer to below command.
[root@localhost ~]# chage --help # Help Page of Linux chage command
Usage: chage [options] [LOGIN]
Options:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password
change to MAX_DAYS
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
Linux chage Command Manual Page
OR Refer to the Manual Page of chage using the below command.
[root@localhost ~]# man chage # Manual Page of Linux chage Command
Also Read : Best Linux Usermod Command With Examples
That’s all, In this article, we have explained Best Linux Chage Command With Examples – A Linux Password Expiration Management Tool. I hope you enjoy this article. If you like this article, then just share it. If you have any questions about this article, please comment.