Description

System administration involves numerous tasks including managing users/groups and under user management, some of the minor tasks involved are adding, modifying, suspending, or deactivating user accounts,

We can see in below how to set or change user password expiration and aging in Linux using the chage command.

The chage command is used to modify user password expiry information. It enables you to view user account aging information, change the number of days between password changes and the date of the last password change

Once you have set password expiry and aging information, this information is used by the system to determine when a user must change his/her password.

Normally, companies or organizations have certain security polices that demand users to change passwords regularly: this can be a simple way to enforce such policies as we explained below.

To view a user account aging information, use the -l flag as shown.

# chage -l user

[root@vps~]# chage -l user
Last password change                                : Aug 10, 2018
Password expires                                    : never
Password inactive                                   : never
Account expires                                     : Aug 14, 2018
Minimun number of days between password change      : 0
Minimun number of days between password change      : 99999
Number of days of warning before password expires   : 7

[root@vps~]#

To set the date or number of days (since August 10, 2018) when the password was last changed, use the –d flag as follows.

# chage -d 2018-08-10 user

Next, you can also set the date or number of days (since August 16, 2018) on which the user’s account will no longer be accessible by using the -E switch as shown in the following command.

In this case, once a user’s account is locked, he/she is required to contact the system administrator before being able to use the system again.

# chage -E 2018-08-16 user

Then, the -W option allows you to set the number of days of warning before a password change is required.

Considering the command below, the user ravi will be warned 10 days prior to his password expiring.

# chage -W 10 user

In addition, you can set the number of days of inactivity after a password has expired before the account is locked.

This example means that after user ravi’s password expires, his account will be inactive for 2 days before it is locked.

When the account becomes inactive, he must contact the system administrator before being able to use the system again.

# chage -I 2 user

For more information, refer to the chage man page.

# man chage

You can also change a user’s password expiration and aging information using the usermod command, which is actually intended for modifying a user account.

We hope you’ve found this useful!