Home Discussions Write at Opengenus IQ
×

Search anything:

chage command in Linux

Binary Tree book by OpenGenus

Open-Source Internship opportunity by OpenGenus for programmers. Apply now.

In this article we cover the chage command which is used to view and modify a user's account and password information.

Table of contents.

  1. Introduction.
  2. Syntax.
  3. Commands.
  4. Summary.
  5. References.

Introduction.

The chage(Change age) command is used to view and modify a user's account and password information.

It is used by system administrators to change aging information of a user e.g changing the password expiry date, days between password changes, date of last password change and account expiry date.

Syntax.

The syntax is as follows,

chage [OPTIONS] username

Commands.

  • Create an account as a test account for this article,
sudo adduser bob
  • To view user bob's account information, we write,
$ chage -l bob
  • It is often required that users change their passwords after a specified time period for security reasons. With chage we can determine the last date a user changed the account's password.
    We modify last password change date as follows,
chage -d YYYY-MM-DD username

Assuming bob's date is,

Last password change                                    : Jan 27, 2020

We can change it as follows,

$ sudo chage -d 2022-03-10 bob

$ sudo chage -l bob

Last password change                                    : Mar 10, 2022
  • We can also specify a date which a password will expire and the user is required to reset it as follows,
$ sudo chage -E 2022-07-06 bob

Password expires                                        : Jul 06, 2022

We can also decide that the password never expires using -1 as follows,

$ sudo chage -M -1 bob

Password expires                                        : never
Password inactive                                       : never
  • Some users in the system are temporary and require accounts, so we create them but we might forget to delete them after their work is done. We can use chage command to give an account an expiry date so that after it expires the temporary user will not have access to the system.
$ sudo chage -E 2022-03-10 bob

$ sudo chage -l bob 

Account expires                                         : Mar 10, 2022

To test this out we can write,

$ sudo chage -E $(date -d 'yesterday' +%F) bob

This states that the account expired yesterday, Let's try to login as bob,

su bob
Password: 
Your account has expired; please contact your system administrator.
su: Authentication failure

If you execute chage -l bob you will notice the date has changed to yesterday's date.

To remove an expiry date from an account we write,

$ sudo chage -E -1 bob

$ sudo chage -l bob

Account expires                                         : never
  • We can also specify a grace period within which a user will be warned of account's password expiry as follows,
$ sudo chage -W 10 bob

Number of days of warning before password expires       : 10

In this case we have set 10 days whereby the user will be notified that the password is about to expire so as to take appropriate action.

  • We can also define the minimum and maximum number of days between password changes.
    To set the minimum we write,
$ sudo chage -m 10 bob

Minimum number of days between password change          : 10

This means that bob cannot change his password again until 10 days have passed this prevents repeated changing of passwords.

To set the maximum we write,

$ sudo chage -M 20 bob

Maximum number of days between password change          : 20

This means that bob will be required to change his password after every 20 days.

  • We can also lock an account after a time period of inactivity as follows,
$ sudo chage -I 30 bob

This means that after 30 days of inactivity on bob's account he won't be able to login.

  • We can also execute chage command without any options and run it interactively whereby we are prompted for details,
$ sudo chage bob

Changing the aging information for bob
Enter the new value, or press ENTER for the default

        Minimum Password Age [10]: 10
        Maximum Password Age [20]: 30
        Last Password Change (YYYY-MM-DD) [2022-06-16]: 
        Password Expiration Warning [5]: 
        Password Inactive [30]: 10
        Account Expiration Date (YYYY-MM-DD) [2022-12-13]:

Summary.

In this article we have discussed how to use the chage command to define the minimum and maximum number of days between password change, how to set the date for the last password change, how to set an expiration date on both the password and the user accounts, how to set the number of days an account will remain inactive before it is locked and set a grace period after which a password will expire and notify a user to take necessary action.

We have also shown how to run this command interactively.

References.

  1. Execute man chage for the manual page or chage --help.
chage command in Linux
Share this