5+ chage Command Examples in Linux

Description :

chage changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change her password. The chage command is restricted to the root user, except for the -l option, which may be used by an unprivileged user to determine when her password or account is due to expire.

Usage :

chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] user
OR
chage -l user

Options :

-m days
Specify the minimum number of days between which the user must change passwords. If the value is 0, the password does not expire.
-M days
Specify the maximum number of days for which the password is valid.
-d days
Specify the number of days since January 1, 1970 the password was changed.
-I days
Specify the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires.
-E date
Specify the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used.
-W days
Specify the number of days before the password expiration date to warn the user.
-l user
It may be used by an unprivileged user to determine when her password or account is due to expire.

Examples :

1. List the password and its related details for an user

$ chage -l abc
Last password change                                    : Apr 01, 2013
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Note: A user can inquire this info about himself only, if he/she wants to try this command for other user, root access is required.

2. Set Password Expiry Date for an user using chage option -M

Root user (system administrators) can set the password expiry date for any user.

Please note that option -M will update both “Password expires” and “Maximum number of days between password change” entries as shown below.

 
# chage -M 10 abc
 
# chage -l abc
Last password change                                    : Apr 23, 2014
Password expires                                        : May 03, 2014
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

3. Password Expiry Warning message during login

By default the number of days of warning before password expires is set to 7. So, in the above example, when the user dhinesh tries to login on Apr 30, 2014 — he’ll get the following message.

$ ssh abc@testingserver
abc@testingserver's password:
Warning: your password will expire in 3 days

4. User Forced to Change Password after Expiry Date

In this example, find the UID and all groups associated with a user called ‘root’, enter:

$ ssh abc@testingserver
abc@testingserver's password:
 
You are required to change your password immediately (password aged)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for abc
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:

5. Set the Account Expiry Date for an User

You can also use chage command to set the account expiry date as shown below using option -E. The date given below is in “YYYY-MM-DD” format. This will update the “Account expires” value as shown below.

# chage -E "2014-05-31" abc
 
# chage -l abc
Last password change                                    : Apr 23, 2014
Password expires                                        : May 03, 2014
Password inactive                                       : never
Account expires                                         : May 31, 2014
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

6. Force the user account to be locked after X number of inactivity days

Typically if the password is expired, users are forced to change it during their next login. You can also set an additional condition, where after the password is expired, if the user never tried to login for 10 days, you can automatically lock their account using option -I as shown below.

# chage -I 10 abc
 
# chage -l abc
Last password change                                    : Apr 23, 2014
Password expires                                        : May 03, 2014
Password inactive                                       : May 13, 2014
Account expires                                         : May 31, 2014
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

7. How to disable password aging for an user account

To turn off the password expiration for an user account, set the following:

-m 0 will set the minimum number of days between password change to 0
-M 99999 will set the maximum number of days between password change to 99999
-I -1 (number minus one) will set the “Password inactive” to never
-E -1 (number minus one) will set “Account expires” to never.

# chage -m 0 -M 99999 -I -1 -E -1 abc
 
# chage --list dhinesh
Last password change                                    : Apr 23, 2014
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7