manage user password expiration

How to Manage User Password Expiry & Aging in Linux

System administrators need to frequently perform user management tasks such as creating new users, adding them to user groups, changing their passwords, etc. Sometimes they may also need to add, modify, suspend, or deactivate user accounts. In this article, we will learn how to set or change user password expiration as well as aging. We will use chage command for this purpose.

How to Manage User Password Expiry & Aging in Linux

The chage command is used to modify user password expiry information. It also allows you to view user account aging information, change no. of days between password change, and date of last password change. Once you set the password expiration and aging information, users will automatically forced to renew their passwords on those dates. All this is handled by your Linux system automatically, once you make changes using chage command. It is a useful tool used by system administrators, IT departments and organizations to enforce security policies that require users to regularly change passwords.

Here is the basic command to view a user’s account aging information, using -l option.

# chage -l test

To set the date or number of days since Jan 1, 1970 when the password was changed, use the -d flag.

# chage -d 2022-02-11 test

You can also use -E option to lock the user account after a specific date. In this case, the user will need to contact system administrator to get back system access.

# chage -E 2022-02-16 test

If you want the system to display a warning message a few days before the password expires, then you need to use -W option followed by the number of days prior to password expiry when you want to display the message. Here is the command to display warning message to user test to change password starting 10 days prior to password expiry.

# chage -W 10 test

You can also set an inactive period after password expiry after which the account is locked. Here is an example to set inactive period to 2 days after password expiry, after which the account will be locked. During this period the account will remain inactive.

# chage -I 2 test

In this article, we have learnt how to set user password expiration and aging in Linux. You can also use this command from a shell script in case you want to automatically set password expiry for users.

Also read:

How to Remove Yum Repositories
How to Undo or Redo Yum Install
How to Fix Password Authentication Token Manipulation
How to Create Multiple User Accounts in Linux
How to Find PHP.ini

Leave a Reply

Your email address will not be published.