BEST LINUX CHAGE COMMAND WITH EXAMPLES – A LINUX PASSWORD EXPIRATION MANAGEMENT TOOL
Introduction
In this article we are going to learn about Linux chage command. chage command can be pronounce as Change Age. Linux chage command is used manage the Linux Password Expiration and Aging of User Accounts and Passwords.
We will able to manage below listed settings using chage command :
- Set Expiry Date for a User Account.
- Set Warning alert before Password Expires.
- Set Password Inactive after Password Expiration.
- Set Maxinum Number of days before Password Change.
- Set Minimum Number of days before Password Change.
- Force User to change Password at their first login.
- Set Last Password Change.
Linux chage command (A tool for linux password expiration Management) with Examples :
List the Current Aging Information of User
To list the current aging information of a user we can use chage command with argument -l. Here I am checking aging information of user elinuxbook.
[root@localhost ~]# chage -l elinuxbook # Listing Aging Information of a User
Last password change : May 24, 2017
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Set/Change Expiry Date of a User Account using Linux chage Command
To set/change Expiry date of a User you can use chage command with argument -E. Syntax to set/change expiry date of a User Account :
Syntax : chage -E [DATE] [Username]
Date Format should be like this : YYYY-MM-DD. Refer the command below.
[root@localhost ~]# chage -E 2018-03-15 elinuxbook # Set/Change Expiry Date of a User Account # Confirm the Setting [root@localhost ~]# chage -l elinuxbook Last password change : May 19, 2017 Password expires : never Password inactive : never Account expires : Mar 15, 2018 Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Set Password Expiry Warning Alert
You can use chage command to set Warning Alert before Password expiry. To do so you can use chage command with argument -W. Here I am going to set 5 days as Password Alert for user elinuxbook that means user elinuxbook will get alert message to change the password 5 days before password expiration.
[root@localhost ~]# chage -W 5 elinuxbook # Set Password Change Alert for User # Confirm the Setting [root@localhost ~]# chage -l elinuxbook Last password change : May 21, 2017 Password expires : Jun 20, 2017 Password inactive : Jun 27, 2017 Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 5
Also Read :
- MANAGING USERS AND GROUPS IN LINUX – A COMPLETE GUIDE FOR BEGINNERS
- COMPLETE UNIX COMMANDS AND BASIC LINUX COMMANDS WITH EXAMPLES FOR BEGINNERS
- CREATE & MANAGE USERS USING USERADD LINUX COMMAND
Set Password Inactive after Password Expiration
chage command with argument -I will set Password Inactive. That means user can able to login the system with same username and and password for next allowed days (eg : 10 Days) even after Pasword Expiry. Here I am allowing 10 days as a Password Inactive for User elinuxbook. That means user eliuxbook can use the same password for next 10 days. After that the User will get Locked. Refer the command below.
[root@localhost ~]# chage -I 10 elinuxbook # Set Password Inactivity # Confirm the Setting [root@localhost ~]# cat /etc/shadow | grep elinuxbook elinuxbook:$1$/Qiw/iiX$zufQoDJV.LwZ.ggvRkABz.:17310:0:99999:7:10::
Set Maximum Number of Days between Password Change
You can set Maximum Number of days between password change means Here you can allow the users that How many maximum days the user can use the current password. Within the maximum allowed days user must change the password otherwise the account will lock. To Set maximum allowed days you can use chage command with argument -M.
Note : When you set the Maximum Number of days for Password for any user the Password Expires date will also get updates. It’s totally depend on your value of maximum allowed days.
For Example : Here I am allowing 10 days as a Maximum password age for the user elinuxbook. That means user elinuxbook able to use the current password for next 10 days only and before 10 days the password should change otherwise on 11th day the user account elinuxbook will get lock.
[root@localhost ~]# chage -M 10 john # Allow Maximum days between Password Change # Confirm the Setting [root@localhost ~]# chage -l john Last password change : May 24, 2017 Password expires : Jun 03, 2017 Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 10 Number of days of warning before password expires : 7
Set Minimum Number of Days between Password Change
You can also set Minimum Number of days between password change. That means user cannot change the password till the minimum allowed days completed. For Example : Here I set 5 days as a minimum password age for the user elinuxbook That means user elinuxbook have to use the current password for atleast 5 days and cannot change the password withing these 5 days. To set minimum days you can use chage command with argument -m. Refer the command below.
Note : If you set 0 as a Minimum Password days then user can change his password any time.
[root@localhost ~]# chage -m 5 john # Allow Minimum days between Password Change # Confirm the Setting [root@localhost ~]# chage -l john Last password change : May 24, 2017 Password expires : Jun 03, 2017 Password inactive : never Account expires : never Minimum number of days between password change : 5 Maximum number of days between password change : 10 Number of days of warning before password expires : 7
Set Last Change Password using Linux chage Command
Now we are going to discuss on Last Password Change. We can set Last Password Change by using chage command with argument -d.
Syntax : chage -d [DATE] [USERNAME]
Note : Date should be in YYYY-MM-DD format.
Here I am going to set Last change Password for user ricky.
[root@localhost ~]# chage -d 2017-05-20 ricky # Set Last Change Password # Confirm the Setting [root@localhost ~]# chage -l ricky Last password change : May 20, 2017 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Note : One more thing we have to notice is When we set the Last Change Password date as shown above, at that time one more setting get updated i.e. Password Expires. and it’s totally depend on the Maximum Number days between Password Change Value.
When we set/reset password of any user at that time also the Last Password Change setting get Update. For Example I reset the Password of user elinuxbook on 25 May 2017 then the Last Password Change Setting will get update to Date 2017-05-25. Refer the Sample output below.
[root@localhost ~]# passwd elinuxbook
Changing password for user elinuxbook.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# chage -l elinuxbook
Last password change : May 25, 2017
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Force User to Change Password at Next Login
You can also use chage command with argument -d to force the user to change the Password on next login. for that you have to set the Number of days as 0. Refer the command below.
[root@localhost ~]# chage -d 0 ricky # Force User to Change Password # Confirm the Setting [root@localhost ~]# chage -l ricky Last password change : password must be changed Password expires : password must be changed Password inactive : password must be changed Account expires : May 27, 2017 Minimum number of days between password change : 0 Maximum number of days between password change : 10 Number of days of warning before password expires : 7
As you can see above all three options i.e. Last Password Change, Password Expires and Password Inactive showing Password must be changed. That means when user will login for first time system will force to set his own password and at that time all above settings will get update as per that date.
Now when you login the system by ricky user you will get below message.
As you can see on snapshot above system enforces the user ricky to change the Password.
More Linux chage Command Help
For more Linux chage command options you can refer below command.
[root@localhost ~]# chage --help # Help Page of Linux chage command
Usage: chage [options] [LOGIN]
Options:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximim number of days before password
change to MAX_DAYS
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
Linux chage Command Manual Page
OR Refer the Manual Page of chage using below command.
[root@localhost ~]# man chage # Manual Page of Linux chage Command
If you found this article useful then Like Us, Share Us, Subscribe our Newsletter OR if you have something to say then feel free to comment on the comment box below.