Managing user account password expiration is an essential task for Linux system administrators to ensure system security and compliance with organizational policies. The chage command is a powerful tool that allows you to view and modify password expiration settings for user accounts.
In this guide, we’ll explore how to check password expiration details, set expiration dates, and extend expiration periods for user accounts.
Viewing Password Expiry Details
To see the password expiry date and other related parameters for a specific user, use the following command:
chage -l <username>
Example:
[root@localhost]# chage -l jose
Last password change : May 17, 2020
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Key Outputs Explained:
- Last password change: The date when the password was last updated.
- Password expires: The date when the password will expire (or
neverif no expiration is set). - Password inactive: The date after which the account becomes inactive if the password expires.
- Account expires: The date when the account will no longer be accessible.
- Minimum/Maximum number of days: Specifies the minimum and maximum interval between password changes.
- Warning days: The number of days before the password expires that the user will receive a warning.
Setting a Password Expiration Date
To set a specific password expiration date for a user, use the -E option followed by the desired date in the YYYY-MM-DD format:
chage -E YYYY-MM-DD <username>
Example:
[root@localhost]# chage -E 2024-01-01 jose
[root@localhost]# chage -l jose
Last password change : Sep 11, 2023
Password expires : never
Password inactive : never
Account expires : Jan 01, 2024
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
In this example, the account for the user jose will expire on January 1, 2024.
Extending Password Expiry
If you want to extend the password expiry by a specific duration (e.g., 90 days from today), you can use the -M and -d options with the chage command:
chage -M 90 -d $(date +%F) <username>
Example:
[root@localhost]# chage -M 90 -d $(date +%F) jose
[root@localhost]# chage -l jose
Last password change : Dec 14, 2023
Password expires : Mar 13, 2024
Password inactive : never
Account expires : Jan 01, 2024
Minimum number of days between password change : 0
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
In this example, the password for the user jose is set to expire on March 13, 2024, which is 90 days after the current date.
Practical Use Cases for chage
- Security Compliance: Enforce password expiration policies to comply with security standards.
- Account Management: Set account expiration dates for temporary or contract-based users.
- User Notifications: Configure warning periods to notify users about upcoming password expirations.
Additional Resources
For more information, refer to the official Linux documentation:
Linux Password Management Documentation
Conclusion
The chage command is a versatile tool for managing user account password expirations in Linux. Whether you’re enforcing security policies or managing temporary accounts, understanding how to use chage ensures better control over user account settings.