Chage command syntax
chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] user
We can go through some examples to get a better understanding of this command.
TASK 1: Use chage command to list the password aging information of a user
chage –l testuser
Output:
Last password change : May 01, 2012
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
As you can see, password expiration is disabled for this user.
TASK 2: Disable password aging for a user
chage -I -1 -m 0 -M 99999 -E -1 testuser
• -I -1 : This will set the “Password inactive” to never
• -m 0 : This will set the minimum number of days between password change to 0
• -M 99999 : This will set the maximum number of days between password change to 99999
• -E -1 : This will set “Account expires” to never.
This will disable the password expiry of a user if it is already enabled.
TASK 3: Enable password expiry date of a user
In most cases, as an administrator, you need to set password expiry for all users for better security. Once you enable password expiry date for a user, the user will be forced to change their password from the next login after the expiry date.
chage -M 20 testuser
Output
Last password change : May 01, 2012
Password expires : May 21, 2012
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7
TASK 4 : Set the Account expiry date in the format ‘YYYY-MM-DD’
chage –E “2012-05-28”
Output
Last password change : May 01, 2012
Password expires : May 21, 2012
Password inactive : never
Account expires : May 28, 2012
Minimum number of days between password change : 0
Maximum number of days between password change : 20
Number of days of warning before password expires : 7
TASK 5: Set the password expiry warning message
By default, this value is set to 7. So, when a user logins prior to 7 days of expiry, he will start to get warning about password expiry. If you want it to change to 10 days, you can do it as follows.
chage –W 10 testuser
TASK 6: Forcing the users to change the password on next logon
When you create a new user account, you can set it to force the user to change the password when he login for the first time as follows,
chage –d 0 testuser
This will reset “Last Password Change” to “Password must be changed”