Select Page

Linux command line offers several tools for user management (some of which we’ve already discussed). One such utility is chage, which lets you tweak password expiry information. In this tutorial, we will discuss this tool using some easy to understand examples. But before we dive in, it’s worth mentioning that all examples here have been tested on an Ubuntu 18.04 LTS machine.

Linux chage command

The chage command, as already explained above, lets you tweak user password expiry information. Following is its syntax:

chage [options] LOGIN

And here’s what the man page says about it:

       The chage command changes the number of days between password changes
       and the date of the last password change. This information is used by
       the system to determine when a user must change his/her password.

Following are some Q&A-styled examples that should give you a good idea on how the chage command works:

Q1. How to view current password expiry info?

To view current password expiry date info for a user, use the -l command line option.

chage -l [USERNAME]

Here’s an example:

chage -l himanshu

And following is the output it produced on my system:

Last password change                    : Jul 26, 2018
Password expires                        : never
Password inactive                       : never
Account expires                         : never
Minimum number of days between password change        : 0
Maximum number of days between password change        : 99999
Number of days of warning before password expires     : 7

So currently, the password is set to expire ‘never’.

Q2. How to change password expiry date?

This you can do using the -M command line option, which requires you to pass a number (which refers to the maximum number of days during which a password is valid).

For example:

chage -M 1000 himanshu

Note that this operation requires root privileges.

How to change password expiry date

So you can see in the screenshot above, the password expiry has now been set to April 21, 2021.

Note that you can also use the -m command line option, which is used to set the minimum number of days between password changes. The -M option we discussed above sets the maximum number of days during which a password is valid.

Q3. How to change last password change date?

You can tweak the last password change date using the -d command line option. As input, you can either pass a number to this option, or a complete date. Here’s how the man page explains it:

 -d, --lastday LAST_DAY
           Set the number of days since January 1st, 1970 when the password
           was last changed. The date may also be expressed in the format
           YYYY-MM-DD (or the format more commonly used in your area).

Following is an example:

How to change last password change date

So you can see the value of the ‘Last password change’ field was changed successfully.

Q4. How to warn user before password expires?

The chage command also lets you set the number of days of warning before a password change is required. This can be done using the -W command line option.

-W, --warndays WARN_DAYS
           Set the number of days of warning before a password change is
           required. The WARN_DAYS option is the number of days prior to the
           password expiring that a user will be warned his/her password is
           about to expire.

For example:

chage -W 10 himanshu

This command will make sure that user gets to see password expiry warning 10 days before the password is set to expire.

Q5. How to lock an account?

Use the -E command line option to lock an account. The way it accepts input is similar to the -W option we discussed above. For your reference, here’s how the man page explains it:

-E, --expiredate EXPIRE_DATE
           Set the date or number of days since January 1, 1970 on which the
           user's account will no longer be accessible. The date may also be
           expressed in the format YYYY-MM-DD (or the format more commonly
           used in your area). A user whose account is locked must contact the
           system administrator before being able to use the system again.

Passing the number -1 as the EXPIRE_DATE will remove an account
expiration date.

For example:

chage -E 2019-06-21 himanshu

This above command will make sure the account for user ‘himanshu’ will become inaccessible starting June 21, 2019.

Q6. What happens if chage is used without any option?

Here’s what happens in this case:

       If none of the options are selected, chage operates in an interactive
       fashion, prompting the user with the current values for all of the
       fields. Enter the new value to change the field, or leave the line
       blank to use the current value. The current value is displayed between
       a pair of [ ] marks.

What happens if chage is used without any option

Conclusion

If you are a Linux system admin, or someone who is responsible for user management on Linux machines, this command is worth keeping in your kitty. We’ve covered several chage command line options here. To learn more, head to the chage man page.