Best Linux chage Command With Examples – A Linux Password Expiration Management Tool

In this article, we are going to learn about the Linux chage command. chage command can be pronounced as Change Age. Linux chage command is used to manage the Linux Password Expiration and Aging of User Accounts and Passwords.

We will able to manage the below-listed settings using chage command :

  • Set Expiry Date for a User Account.
  • Set Warning alert before Password Expires.
  • Set Password Inactive after Password Expiration.
  • Set Maximum Number of days before Password Change.
  • Set Minimum Number of days before Password Change.
  • Force User to change Password at their first login.
  • Set Last Password Change.
Best Linux Chage Command With Examples – A Linux Password Expiration Management Tool
Best Linux Chage Command With Examples – A Linux Password Expiration Management Tool

Linux chage command (A tool for Linux password expiration Management) with Examples :

List the Current Aging Information of User

To list the current aging information of a user we can use chage command with argument -l. Here I am checking the aging information of user itsmarttricks.

[root@localhost ~]# chage -l itsmarttricks   # Listing Aging Information of a User
Last password change                                    : May 24, 2019
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Set/Change Expiry Date of a User Account using Linux chage Command

To set/change the Expiry date of a User you can use chage command with argument -E. Syntax to set/change the expiry date of a User Account :

Syntax : chage -E [DATE] [Username]

Date Format should be like this: YYYY-MM-DD. Refer to the command below.

[root@localhost ~]# chage -E 2020-03-15 itsmarttricks# Set/Change Expiry Date of a User Account

# Confirm the Setting

[root@localhost ~]# chage -l itsmarttricks
Last password change                                    : May 19, 2019
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : Mar 15, 2020
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Set Password Expiry Warning Alert

You can use chage command to set Warning Alert before Password expiry. To do so you can use chage command with argument -W.  Here I am going to set 5 days as Password Alert for user itsmarttricks that means user itsmarttricks will get an alert message to change the password 5 days before password expiration.

[root@localhost ~]# chage -W 5 itsmarttricks # Set Password Change Alert for User

# Confirm the Setting

[root@localhost ~]# chage -l itsmarttricks
Last password change                                    : May 21, 2019
Password expires                                        : Jun 20, 2019
Password inactive                                       : Jun 27, 2019
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 5

Also Read : Managing Users And Groups In Linux – A Complete Guide For Beginners

Set Password Inactive after Password Expiration

chage command with argument -I will set Password Inactive. That means the user can able to log in to the system with the same username and password for the next allowed days (eg: 10 Days)  even after Password Expiry. Here I am allowing 10 days as a Password Inactive for User itsmarttricks. That means user itsmarttricks can use the same password for the next 10 days. After that, the User will get Locked. Refer to the command below.

[root@localhost ~]# chage -I 10  itsmarttricks   # Set Password Inactivity

# Confirm the Setting

[root@localhost ~]# cat /etc/shadow | grep itsmarttricks
itsmarttricks:$1$/Qiw/iiX$zufQoDJV.LwZ.ggvRkABz.:17310:0:99999:7:10::

Set Maximum Number of Days between Password Change

You can set the Maximum Number of days between password change means Here you can allow the users How many maximum days the user can use the current password. Within the maximum allowed days, the user must change the password otherwise the account will lock. To Set maximum allowed days, you can use chage command with argument -M.

Note: When you set the Maximum Number of days for Password for any user the Password Expires date will also get updates. It totally depends on your value of maximum allowed days.

For Example: Here I am allowing 10 days as a Maximum password age for the user itsmarttricks. That means user itsmarttricks able to use the current password for the next 10 days only and before 10 days the password should change otherwise on the 11th day the user account itsmarttricks will get a lock.

[root@localhost ~]# chage -M 10 john  # Allow Maximum days between Password Change

# Confirm the Setting

[root@localhost ~]# chage -l john
Last password change                                    : May 24, 2019
Password expires                                        : Jun 03, 201
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

Set Minimum Number of Days between Password Change

You can also set the Minimum Number of days between password change. That means the user cannot change the password until the minimum allowed days completed. For Example: Here I set 5 days as a minimum password age for the user itsmarttricks That means user itsmarttricks have to use the current password for at least 5 days and cannot change the password within these 5 days. To set minimum days you can use chage command with argument -m. Refer to the command below.

Note: If you set 0 as a Minimum Password day then the user can change his password any time.

[root@localhost ~]# chage -m 5 john  # Allow Minimum days between Password Change

# Confirm the Setting

[root@localhost ~]# chage -l john
Last password change                                    : May 24, 2019
Password expires                                        : Jun 03, 2019
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 5
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

Set Last Change Password using Linux chage Command

Now we are going to discuss Last Password Change. We can set Last Password Change by using chage command with argument -d.

Syntax : chage -d [DATE] [USERNAME]

Note: The date should be in the YYYY-MM-DD format.

Here I am going to set the Last change Password for user Ricky.

[root@localhost ~]# chage -d 2019-05-20 ricky   # Set Last Change Password

# Confirm the Setting

[root@localhost ~]# chage -l ricky
Last password change                                    : May 20, 2019
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Note: One more thing we have to notice is When we set the Last Change Password date as shown above, at that time one more setting gets updated i.e. Password Expires. and it totally depends on the Maximum Number of days between Password Change Value.

When we set/reset the password of any user at that time also the Last Password Change setting gets Update. For Example, I reset the Password of user itsmarttricks on 25 May 2019 then the Last Password Change Setting will get an update to Date 2019-05-25. Refer to the sample output below.

[root@localhost ~]# passwd itsmarttricks
Changing password for user itsmarttricks.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@localhost ~]# chage -l itsmarttricks
Last password change                                    : May 25, 2019
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Force User to Change Password at Next Login

You can also use chage command with argument -d to force the user to change the password on the next login. for that, you have to set the number of days as 0. Refer to the command below.

[root@localhost ~]# chage -d 0 ricky   # Force User to Change Password

# Confirm the Setting

[root@localhost ~]# chage -l ricky
Last password change                                    : password must be changed
Password expires                                        : password must be changed
Password inactive                                       : password must be changed
Account expires                                         : May 27, 2019
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

Also Read : How to Create and Manage Users Using Useradd Linux Command

As you can see above all three options i.e. Last Password ChangePassword Expires and Password Inactive showing Password must be changed. That means when a user will log in for the first time system will force to set his own password and at that time all the above settings will get an update as per that date.

Now when you log in to the system by Ricky user you will get the below message.

BEST LINUX CHAGE COMMAND WITH EXAMPLES – A LINUX PASSWORD EXPIRATION MANAGEMENT TOOL
Login Through User Ricky

As you can see on the snapshot above system enforces the user Ricky to change the Password.

More Linux chage Command Help

For more Linux chage command options you can refer to below command.

[root@localhost ~]# chage --help   # Help Page of Linux chage command
Usage: chage [options] [LOGIN]

Options:
  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -h, --help                    display this help message and exit
  -I, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --list                    show account aging information
  -m, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -M, --maxdays MAX_DAYS        set maximim number of days before password
                                change to MAX_DAYS
  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS

Linux chage Command Manual Page

OR Refer to the Manual Page of chage using the below command.

[root@localhost ~]# man chage   # Manual Page of Linux chage Command

Also Read : Best Linux Usermod Command With Examples

That’s all, In this article, we have explained Best Linux Chage Command With Examples – A Linux Password Expiration Management Tool. I hope you enjoy this article. If you like this article, then just share it. If you have any questions about this article, please comment.

Share this:
WhatsApp Channel Join Now
Telegram Channel Join Now
Instagram Channel Join Now

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.