• Home
  • Disclaimer
  • Contact
  • Archives
  • About
  • Subscribe
  • Support
  • Advertise

Kernel Talks

Unix, Linux, & Cloud!

  • How-to guides
    • Howto
    • Disk management
    • Configurations
    • Troubleshooting
  • OS
    • HPUX
    • Linux
  • Miscellaneous
    • Software & Tools
    • Cloud Services
    • System services
    • Virtualization
  • Certification Preparations
    • AWS Certified Solutions Architect – Associate
    • AWS Certified Solutions Architect – Professional
    • AWS Certified SysOps Administrator – Associate
    • AWS Certified Cloud Practitioner
    • Certified Kubernetes Administrator
    • Hashicorp Certified Terraform Associate
    • Oracle Cloud Infrastructure Foundations 2020 – Associate
  • Tips & Tricks
  • Linux commands
You are here: Home / Commands

chage command in Linux for password aging control

Published: December 30, 2016 | Modified: June 20, 2020



Learn chage command in Linux with several examples. View, edit password aging parameters using chage command to secure your Linux accounts.

Controlling password aging of user accounts is very much important for the security of the server. This ensures users are always updated with passwords and there are no old passwords or accounts living on the server which are vulnerable to compromise.

Read also: Linux user account policies

chage command aims at viewing and editing password aging information. This command is capable of editing below password attributes :

  • Last change date
  • Expiry date
  • Minimum days
  • Maximum days
  • Warning days
  • Inactivity period
  • View attributes

Let’s see all of the above, one by one :

1. Last change date

This is the number of days from Unix date i.e. 1 Jan 1970 when the password was last changed. Normally this date changes automatically when the user changes his password. But, if you want to change it manually you can use chage command with -d switch like below :

# chage -d 2016-03-12 user4  << YYYY-MM-DD format

You can view change in date by comparing before and after the output of chage -l <user> command. This date is displayed against the “Last password change” attribute in the output. We will see this output in detail in the last part of this post.

2. Expiry date

This is the date on which account will expire and the user won’t be able to log in until he changes his account password. It can also be set as YYYY-MM-DD format with -E option as below :

# change -E 2016-12-05 user4

This date changes automatically whenever the user changes his password. It checks the maximum days attribute and adds those many days to the current date (date of password change); the resulting date will be an expiry date.

Setting this to -1 removes the account password expiry. That account will have a non-expiry password and never need to change the password in the future.

3. Minimum days

These are a number of days a user must wait to make another password change on his account. For example, if this is set to 7 then once a user changes the password, he can not change the password again until 7 days. This can be set using -m option.

# chage -m 7 user4

Setting this parameter to 0 enables the user to change his password at any time (no restriction).

4. Maximum days

These are a number of days users can use the same password. For example, if this is set to 20 days then the user must change the password after 20 days. This value decides the password expiration date we saw above. This can be set using -M option

# chage -M 30 user4

If you want to remove this restriction and want to use the same password forever then you need to set the expiration date to -1 which we saw earlier.

5. Warning days

These are a number of days before the password expiry date, the user starts seeing a warning on his login screen about password expiry. User warning will be shown post-login like below :

login as: user4
user4@10.10.2.5's password:
Warning: your password will expire in 6 days
Last login: Thu Dec 29 17:17:32 2016 from 10.10.2.10
#

You can set this attribute using -W option

# chage -W 7 user4

6. Inactivity period

These are a number of days the account can remain inactive after the password is expired. After which account will be locked for security reasons since idle accounts vulnerable to compromise. This can be set using -I option.

# chage -I 10 user4

If you set this to -1 then this restriction will be waived off from that account.

7. Viewing all the above attributes

To view all the above attributes you can use -l option :

# chage -l user4
Last password change                                    : Mar 12, 2016
Password expires                                        : Jun 10, 2016
Password inactive                                       : never
Account expires                                         : Nov 30, 2016
Minimum number of days between password change          : 0
Maximum number of days between password change          : 90
Number of days of warning before password expires       : 7

In above output:

  • Last password change is Last change date -d
  • Account expires is the expiry date -E
  • Password inactive is Inactivity period -I
  • Account expires is the expiry date for the account. Last change date plus maximum days.
  • Minimum number of days……. is minimum days -m
  • Maximum number of days……. is maximum days -M
  • Number of days of warning …… is warning days -W

You can check this output before changing any attribute using the above commands. Check change in attribute post command execution again!

Let us know queries, suggestions, feedback, corrections in the comments below.

⇠ Previous article
9 Linux account password policies explained
Next article ⇢
How to do safe and graceful Measureware service restart in HPUX

Related stuff:

  • Understanding /etc/shadow file
  • How to create an Amazon Cognito User pool for ALB authentication
  • sar command (Part I): All you need to know with examples
  • Command alias in Linux, Unix
  • YUM automatic updates! Save your valuable time!
  • Beginner’s guide: 4 Linux group management commands
  • How to save top command output in file
  • How to replay Linux session recorded by the script command
  • Understanding /etc/group file
  • Amazing “who” command
  • Finger command in Linux
  • Linux user management (useradd, userdel, usermod)

Filed Under: Commands, User management Tagged With: Altering password policies in linux, chage command, How to set account expiry date, how to set max password days, how to set min password days, how to set warning days

If you like my tutorials and if they helped you in any way, then

  • Consider buying me a cup of coffee via paypal!
  • Subscribe to our newsletter here!
  • Like KernelTalks Facebook page.
  • Follow us on Twitter.
  • Add our RSS feed to your feed reader.

Share Your Comments & Feedback: Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get fresh content from KernelTalks

  • Email
  • Facebook
  • RSS
  • Twitter

Get Linux & Unix stuff right into your mailbox. Subscribe now!

* indicates required

This work is licensed under a CC-BY-NC license · Privacy Policy
© Copyright 2016-2023 KernelTalks · All Rights Reserved.
The content is copyrighted to Shrikant Lavhate & can not be reproduced either online or offline without prior permission.