Description

The chage command, lets you tweak user password expiry information

Following is its syntax:

chage [options] LOGIN

And here’s what the man page says about it:

The chage command changes the number of days between password changes and the date of the last password change.

This information is used by the system to determine when a user must change his/her password.

Following are some examples that should give you a good idea on how the chage command works:

To view current password expiry info

To view current password expiry date info for a user, use the -l command line option.

chage -l [USERNAME]

Here’s an example:

chage -l test

And following is the output it produced on my system:

Last password change : Oct 16, 2019
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

So currently, the password is set to expire ‘never’.

To change password expiry date

This you can do using the -M command line option, which requires you to pass a number (which refers to the maximum number of days during which a password is valid).

For example:

chage -M 1000 test

Note that this operation requires root privileges.

Note that you can also use the -m command line option, which is used to set the minimum number of days between password changes.

The -M option we discussed above sets the maximum number of days during which a password is valid.

To change last password change date

You can tweak the last password change date using the -d command line option.

As input, you can either pass a number to this option, or a complete date. Here’s how the man page explains it:

-d, –lastday LAST_DAY
Set the number of days since January 1st, 1970 when the password
was last changed. The date may also be expressed in the format
YYYY-MM-DD (or the format more commonly used in your area).

To warn user before password expires

The chage command also lets you set the number of days of warning before a password change is required.

This can be done using the -W command line option.

-W, –warndays WARN_DAYS
Set the number of days of warning before a password change is
required. The WARN_DAYS option is the number of days prior to the
password expiring that a user will be warned his/her password is
about to expire.

For example:

chage -W 10 test

This command will make sure that user gets to see password expiry warning 10 days before the password is set to expire.

To lock an account

Use the -E command line option to lock an account.

The way it accepts input is similar to the -W option we discussed above.

For your reference, here’s how the man page explains it:

-E, –expiredate EXPIRE_DATE
Set the date or number of days since January 1, 1970 on which the
user’s account will no longer be accessible. The date may also be
expressed in the format YYYY-MM-DD (or the format more commonly
used in your area). A user whose account is locked must contact the
system administrator before being able to use the system again.

Passing the number -1 as the EXPIRE_DATE will remove an account
expiration date.

For example:

chage -E 2019-06-21 test

If chage is used without any option

Here’s what happens in this case:

If none of the options are selected, chage operates in an interactivefashion, prompting the user with the current values for all of thefields. Enter the new value to change the field, or leave the lineblank to use the current value. The current value is displayed betweena pair of [ ] marks.

If you are a Linux system admin, or someone who is responsible for user management on Linux machines, this command is worth keeping in your kitty.

We hope you’ve found this useful!