The chage command is used to manage password expiry date in Linux. The chage command can be used to view, enable, disable or set dates for the user and group passwords. Password security is an important part of Cyber Security and the usage time of the passwords should be limited and changed periodically. The chage command can be used to implement this password change policy in Linux for users and groups.
chage Command Syntax
The chage command has following simple syntax.
chage OPTION USER
- OPTION is used to set or list different password related parameters.
- USER is the username we want to list or set password parameters.
As an administrative command the chage command requires root privileges in general. So using the chage command with the sudo is required in most of the cases. Alternatively the chage command can be executed in the root shell.
Display chage Command Help
The options and help information about the chage command can be listed with the -h or –help option.
Usage: chage [options] LOGIN Options: -d, --lastday LAST_DAY set date of last password change to LAST_DAY -E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE -h, --help display this help message and exit -i, --iso8601 use YYYY-MM-DD when printing dates -I, --inactive INACTIVE set password inactive after expiration to INACTIVE -l, --list show account aging information -m, --mindays MIN_DAYS set minimum number of days before password change to IN_DAYS -M, --maxdays MAX_DAYS set maximum number of days before password change to MAX_DAYS -R, --root CHROOT_DIR directory to chroot into -W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
List User Password Change Dates and Policy
User password policy provides and sets information about the last password change, password expires date, account expires date, etc. The user or account password change dates and policy can be displayed with the -l option and the user account name. In the following example, we list the user’s ismail password change dates and policy information.
chage -l ismail
Set Date For User Password Change
From the security point of view, users should change their passwords regularly in order to prevent stolen password vulnerabilities. The change command can be used to set the password change date for a user with the -M option by specifying days from the current time. In the following example, we set 50 days later from now as the user password change date.
sudo chage -M 50 ismail
Set User Password Expire Date
The user password change date can be specified with the -d option. Just provide the date in YYYY-MM-DD format. In the following example, the user ismail password expires in 2021-03-01.
sudo change -d 2021-03-01 ismail
Set User Account Expire Date
Also, the user account expires date can be specified. The user account expires date is different from the user password expiration date. The -E option is used to specify the user account expire date in YYYY-MM-DD . In the following example we set the user ismail account expire date as 2021-03-01.
sudo chage -E 2021-03-01 ismail
Set User Account Lock/Inactive Warning Time
We can warn the user before the password change date. This can be very helpfull to inform the user that he/she should change password before the specified date. The -W or –warndays option can be used to specified days before the password expire. In the following exapmle we will set the warning days as 5.
sudo chage -W 5 ismail
Alternatively the long form option –warndays can be used like below.
sudo chage --warndays 5 ismail
chage Interactive Mode To Set All Options
If no option is specified for the chage command it starts the interactive mode. In interactive mode, all related values are asked and set step by step. If you do not want to change the current default value and use it just leave it empty and press enter.
sudo chage ismail