chage command in Linux
Do not miss this exclusive book on Binary Tree Problems. Get it now for free.
In this article we cover the chage command which is used to view and modify a user's account and password information.
Table of contents.
- Introduction.
- Syntax.
- Commands.
- Summary.
- References.
Introduction.
The chage(Change age) command is used to view and modify a user's account and password information.
It is used by system administrators to change aging information of a user e.g changing the password expiry date, days between password changes, date of last password change and account expiry date.
Syntax.
The syntax is as follows,
chage [OPTIONS] username
Commands.
- Create an account as a test account for this article,
sudo adduser bob
- To view user bob's account information, we write,
$ chage -l bob
- It is often required that users change their passwords after a specified time period for security reasons. With chage we can determine the last date a user changed the account's password.
We modify last password change date as follows,
chage -d YYYY-MM-DD username
Assuming bob's date is,
Last password change : Jan 27, 2020
We can change it as follows,
$ sudo chage -d 2022-03-10 bob
$ sudo chage -l bob
Last password change : Mar 10, 2022
- We can also specify a date which a password will expire and the user is required to reset it as follows,
$ sudo chage -E 2022-07-06 bob
Password expires : Jul 06, 2022
We can also decide that the password never expires using -1 as follows,
$ sudo chage -M -1 bob
Password expires : never
Password inactive : never
- Some users in the system are temporary and require accounts, so we create them but we might forget to delete them after their work is done. We can use chage command to give an account an expiry date so that after it expires the temporary user will not have access to the system.
$ sudo chage -E 2022-03-10 bob
$ sudo chage -l bob
Account expires : Mar 10, 2022
To test this out we can write,
$ sudo chage -E $(date -d 'yesterday' +%F) bob
This states that the account expired yesterday, Let's try to login as bob,
su bob
Password:
Your account has expired; please contact your system administrator.
su: Authentication failure
If you execute chage -l bob you will notice the date has changed to yesterday's date.
To remove an expiry date from an account we write,
$ sudo chage -E -1 bob
$ sudo chage -l bob
Account expires : never
- We can also specify a grace period within which a user will be warned of account's password expiry as follows,
$ sudo chage -W 10 bob
Number of days of warning before password expires : 10
In this case we have set 10 days whereby the user will be notified that the password is about to expire so as to take appropriate action.
- We can also define the minimum and maximum number of days between password changes.
To set the minimum we write,
$ sudo chage -m 10 bob
Minimum number of days between password change : 10
This means that bob cannot change his password again until 10 days have passed this prevents repeated changing of passwords.
To set the maximum we write,
$ sudo chage -M 20 bob
Maximum number of days between password change : 20
This means that bob will be required to change his password after every 20 days.
- We can also lock an account after a time period of inactivity as follows,
$ sudo chage -I 30 bob
This means that after 30 days of inactivity on bob's account he won't be able to login.
- We can also execute chage command without any options and run it interactively whereby we are prompted for details,
$ sudo chage bob
Changing the aging information for bob
Enter the new value, or press ENTER for the default
Minimum Password Age [10]: 10
Maximum Password Age [20]: 30
Last Password Change (YYYY-MM-DD) [2022-06-16]:
Password Expiration Warning [5]:
Password Inactive [30]: 10
Account Expiration Date (YYYY-MM-DD) [2022-12-13]:
Summary.
In this article we have discussed how to use the chage command to define the minimum and maximum number of days between password change, how to set the date for the last password change, how to set an expiration date on both the password and the user accounts, how to set the number of days an account will remain inactive before it is locked and set a grace period after which a password will expire and notify a user to take necessary action.
We have also shown how to run this command interactively.
References.
- Execute man chage for the manual page or chage --help.
Sign up for FREE 3 months of Amazon Music. YOU MUST NOT MISS.