Linux command line offers several tools for user management (some of which we’ve already discussed). One such utility is chage, which lets you tweak password expiry information. In this tutorial, we will discuss this tool using some easy to understand examples. But before we dive in, it’s worth mentioning that all examples here have been tested on an Ubuntu 18.04 LTS machine.
Linux chage command
The chage command, as already explained above, lets you tweak user password expiry information. Following is its syntax:
chage [options] LOGIN
And here’s what the man page says about it:
The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.
Following are some Q&A-styled examples that should give you a good idea on how the chage command works:
Q1. How to view current password expiry info?
To view current password expiry date info for a user, use the -l command line option.
chage -l [USERNAME]
Here’s an example:
chage -l himanshu
And following is the output it produced on my system:
Last password change : Jul 26, 2018 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
So currently, the password is set to expire ‘never’.
Q2. How to change password expiry date?
This you can do using the -M command line option, which requires you to pass a number (which refers to the maximum number of days during which a password is valid).
chage -M 1000 himanshu
Note that this operation requires root privileges.
So you can see in the screenshot above, the password expiry has now been set to April 21, 2021.
Note that you can also use the -m command line option, which is used to set the minimum number of days between password changes. The -M option we discussed above sets the maximum number of days during which a password is valid.
Q3. How to change last password change date?
You can tweak the last password change date using the -d command line option. As input, you can either pass a number to this option, or a complete date. Here’s how the man page explains it:
-d, --lastday LAST_DAY Set the number of days since January 1st, 1970 when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area).
Following is an example:
So you can see the value of the ‘Last password change’ field was changed successfully.
Q4. How to warn user before password expires?
The chage command also lets you set the number of days of warning before a password change is required. This can be done using the -W command line option.
-W, --warndays WARN_DAYS Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire.
chage -W 10 himanshu
This command will make sure that user gets to see password expiry warning 10 days before the password is set to expire.
Q5. How to lock an account?
Use the -E command line option to lock an account. The way it accepts input is similar to the -W option we discussed above. For your reference, here’s how the man page explains it:
-E, --expiredate EXPIRE_DATE Set the date or number of days since January 1, 1970 on which the user's account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.
Passing the number -1 as the EXPIRE_DATE will remove an account
chage -E 2019-06-21 himanshu
This above command will make sure the account for user ‘himanshu’ will become inaccessible starting June 21, 2019.
Q6. What happens if chage is used without any option?
Here’s what happens in this case:
If none of the options are selected, chage operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of [ ] marks.
If you are a Linux system admin, or someone who is responsible for user management on Linux machines, this command is worth keeping in your kitty. We’ve covered several chage command line options here. To learn more, head to the chage man page.