The Linux operating system provides its users with comprehensive commands to manage and administer system-related activities. One such command is chage. The chage command, an abbreviation for “change age,” is a crucial command used to modify and manage password expiration policies for user accounts in Linux.
This article will walk you through the various functionalities offered by the chage
command, providing practical examples to illustrate its application. By the end of this guide, you should understand how to effectively use the chage
command to manage password policies.
Table of Contents
What is the ‘chage’ Command?
The “chage” command is a powerful Linux utility that enables administrators to configure various aspects of user account passwords. It provides a simple yet effective way to set expiration dates for passwords, enforce password history, and configure other password-related policies for user accounts.
Understanding the Syntax of the ‘chage’ Command in Linux
Before diving into practical examples, let’s familiarize ourselves with the syntax of the “chage” command:
chage [options] USERNAME
In this syntax:
chage
is the command itself.[options]
represents various parameters that can modify the behavior of thechage
command. Some of the commonly used options include-l
(for listing information),-m
(minimum password age),-M
(maximum password age),-I
(inactive days after password expires), and-E
(account expiration date), among others.user_name
is the name of the user account for which you’re setting the password policy.
In the sections below, we will delve into each of these elements in detail with relevant examples.
Checking Password Expiry Information with the ‘chage’ Command in Linux
To list password and account information for a user, the -l
option can be used in conjunction with the chage
command. For instance, if you need to display password expiration information for the user ‘jdoe’, you would use:
sudo chage -l jdoe
This command will provide detailed information, such as the last password change, password expiration date, password inactive period, and account expiration date, among other details.
Setting Minimum Password Age using the ‘chage’ Command in Linux
The -m
option allows us to set the minimum password age for a user. This age is represented as the number of days. As an illustration, let’s set the minimum password age for user ‘jdoe’ to 7 days:
sudo chage -m 7 jdoe
Following this command, once the user ‘jdoe’ changes their password, they will have to wait for a minimum of 7 days before they are allowed to change it again.
Using the ‘chage’ Command in Linux to Set Maximum Password Age
The maximum password age for a user can be set using the -M
option. This value is also expressed in the number of days. For instance, to enforce a policy where the user ‘jdoe’ must change their password every 90 days, you would use:
sudo chage -M 90 jdoe
With this setting in place, the user ‘jdoe’ will be prompted to change their password every 90 days.
Setting the Inactive Period with the ‘chage’ Command in Linux
You can specify the number of days after password expiration that an account should be locked using the -I
option. For example, to lock the ‘jdoe’ account if its password is not changed within 10 days after its expiry, use:
sudo chage -I 10 jdoe
This policy ensures that inactive accounts are locked after a certain period, providing an additional layer of security.
Using the ‘chage’ Command in Linux to Set Account Expiration Date
To set an expiration date for a user account, use the -E
option. This option accepts the date in the format YYYY-MM-DD
. For instance, to set the account expiration date for ‘jdoe’ to December 31, 2023, you would use:
sudo chage -E 2023-12-31 jdoe
After the specified date, the user ‘jdoe’ will not be able to access their account.
More Examples of the ‘chage’ Command in Linux
Setting Both Minimum and Maximum Password Age Together
In many situations, you may want to set both the minimum and maximum password age at once. This can be done by combining the -m
and -M
options in the same command. For instance, to set the minimum password age to 7 days and the maximum password age to 60 days for user ‘jdoe’, you would use:
sudo chage -m 7 -M 60 jdoe
Setting Password Expiry Warning Days
It’s often useful to warn users a few days before their password is due to expire. This can be accomplished with the -W
option. The following example sets a warning period of 7 days for the user ‘jdoe’:
sudo chage -W 7 jdoe
In this case, the user ‘jdoe’ will start receiving warnings 7 days before their password is due to expire.
Removing Password Expiration
In some cases, you might want to remove the password expiry for a certain user. This can be done using the -M
option with a value of -1
. Here is how you would remove password expiry for the user ‘jdoe’:
sudo chage -M -1 jdoe
Removing Account Expiration
Similar to password expiration, you might also want to remove account expiration for a user. This can be done with the -E
option and passing -1
as the value. For example, to remove account expiration for ‘jdoe’, use:
sudo chage -E -1 jdoe
Interactive Mode
The chage
command also has an interactive mode, which can be used by not specifying any options. In this mode, the command will prompt you for all the information it needs. To enter the interactive mode for the user ‘jdoe’, you would use:
This command will then prompt you to enter the values for the minimum password age, maximum password age, last password change, password expiration warning period, and the account inactive period after the password expiration.
Conclusion: Mastering the ‘chage’ Command in Linux for Better User Management
In Linux system administration, managing user password policies is crucial for maintaining system security. The chage
command provides a robust and efficient way to manage such policies, offering various options to set minimum and maximum password ages, account inactivity periods, and account expiration dates.
By understanding and using the chage
command effectively; you can create a more secure and well-managed system environment. Whether you’re an experienced system administrator or a Linux enthusiast, the chage command is valuable to your Linux command-line toolkit.