Best Linux Chage Command with Examples – A Linux Password Expiration Management Tool

In this article, we’ll learn about the Linux chage command. The chage command can be pronounced as a change age. The Linux chage command is used to manage the expiration and aging of Linux passwords for user accounts and passwords.

We can manage the settings below using the chage command:

  • Set the expiration date for a user account.
  • Set the warning message before the password expires.
  • Set the password to inactive after the password has expired.
  • Set the maximum number of days before the password change.
  • Set the minimum number of days before the password change.
  • Force the user to change the password the first time they log in.
  • Set the last password change.

Best Linux Chage Command with Examples – A Linux Password Expiration Management Tool

Linux chage command (a tool for managing the expiration of Linux passwords) with examples:

List the user’s current age information

We can use this to list a user’s current aging information chage Command with argument -l, Here I check the user’s aging information itsmarttricks,

[[email protected] ~]# chage -l itsmarttricks   # Listing Aging Information of a User
Last password change                                    : May 24, 2019
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Set / change the expiration date of a user account with the Linux command chage

To set / change a user’s expiration date, you can use the chage command with an argument -E, Syntax for setting / changing the expiry date of a user account:

Syntax: chage -E [DATE] [Username]

The date format should look like this: YYYY-MM-DD, See the following command.

[[email protected] ~]# chage -E 2020-03-15 itsmarttricks# Set/Change Expiry Date of a User Account

# Confirm the Setting

[[email protected] ~]# chage -l itsmarttricks
Last password change                                    : May 19, 2019
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : Mar 15, 2020
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Set the password expiration warning

You can use the chage command to set the warning before the password expires. You can use the chage command with an argument -W, Here I will set 5 days as a password warning for itsmarttricks users, ie itsmarttricks users will receive a warning message to change the password 5 days before the password expires.

[[email protected] ~]# chage -W 5 itsmarttricks # Set Password Change Alert for User

# Confirm the Setting

[[email protected] ~]# chage -l itsmarttricks
Last password change                                    : May 21, 2019
Password expires                                        : Jun 20, 2019
Password inactive                                       : Jun 27, 2019
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 5

Also Read: Managing Users and Groups on Linux – A Complete Beginner’s Guide

Set the password to inactive after the password has expired

Chage command with argument -I sets the password inactive. This means that the user can log on to the system with the same user name and password for the next few days (e.g .: 10 days) even after the password has expired. Here I allow 10 Days inactive as a password for users itsmarttricks, This means that itsmarttricks user can use the same password for the next 10 days. The user is then blocked. See the following command.

[[email protected] ~]# chage -I 10  itsmarttricks   # Set Password Inactivity

# Confirm the Setting

[[email protected] ~]# cat /etc/shadow | grep itsmarttricks
itsmarttricks:$1$/Qiw/iiX$zufQoDJV.LwZ.ggvRkABz.:17310:0:99999:7:10::

Set the maximum number of days between password changes

You can set the maximum number of days between password change agents. Here you can allow users the maximum number of days the user can use the current password. The user must change the password within the maximum permitted days, otherwise the account will be blocked. To set the maximum allowed days, you can use the chage command with an argument -M,

Note: If you set the maximum number of days for a user to have a password, the password expiration date is also updated. It depends entirely on your value of the maximum days allowed.

For example: Here I allow 10 days as the maximum password age for itsmarttricks user. This means that itsmarttricks users can only use the current password for the next 10 days and that the password should change 10 days ago, otherwise the itsmarttricks user account will be blocked on the 11th day.

[[email protected] ~]# chage -M 10 john  # Allow Maximum days between Password Change

# Confirm the Setting

[[email protected] ~]# chage -l john
Last password change                                    : May 24, 2019
Password expires                                        : Jun 03, 201
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

Set the minimum number of days between password changes

You can also set the minimum number of days between password changes. This means that the user can only change the password after the minimum number of days. For example: Here I have set a minimum password age of 5 days for itsmarttricks user. This means that itsmarttricks user must use the current password for at least 5 days and cannot change the password within these 5 days. To set the minimum number of days, you can use the chage command with an argument -m, See the following command.

Note: when you hire 0 As a minimum password day, the user can then change his password at any time.

[[email protected] ~]# chage -m 5 john  # Allow Minimum days between Password Change

# Confirm the Setting

[[email protected] ~]# chage -l john
Last password change                                    : May 24, 2019
Password expires                                        : Jun 03, 2019
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 5
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

Set the last change password using the Linux chage command

Now we will deal with the last password change. We can set the last password change using the chage command with an argument -d,

Syntax: chage -d [DATE] [USERNAME]

Note: The date should be in the YYYY-MM-DD Format.

Here I set the password for the last change for the user Ricky,

[[email protected] ~]# chage -d 2019-05-20 ricky   # Set Last Change Password

# Confirm the Setting

[[email protected] ~]# chage -l ricky
Last password change                                    : May 20, 2019
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Note: Another thing we have to consider is when we stop that Last password change Date as shown above, at this time another setting is updated, i.e. Password expires, and it totally depends on them Maximum number of days between password change values,

When setting / resetting the password of any user at this time, the Last password change Setting is updated. For example, I reset the password of itsmarttricks to May 25, 2019 Then the “Last password change” setting is updated to “Date” 2019-05-25, See the following sample output.

[[email protected] ~]# passwd itsmarttricks
Changing password for user itsmarttricks.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[[email protected] ~]# chage -l itsmarttricks
Last password change                                    : May 25, 2019
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

Force users to change password the next time they log in

You can also use the chage command with an argument -d to force the user to change the password the next time they log in. To do this, you must set the number of days to 0. See the following command.

[[email protected] ~]# chage -d 0 ricky   # Force User to Change Password

# Confirm the Setting

[[email protected] ~]# chage -l ricky
Last password change                                    : password must be changed
Password expires                                        : password must be changed
Password inactive                                       : password must be changed
Account expires                                         : May 27, 2019
Minimum number of days between password change          : 0
Maximum number of days between password change          : 10
Number of days of warning before password expires       : 7

Read also: How to create and manage users with the Useradd Linux command

As you can see above, there are three options, i.e. Last password change. Password expires and Password inactive shows Password needs to be changed, That is, when a user logs on for the first time, the system is forced to set their own password and at that point all of the above settings are updated to that date.

If you now log on to the system with Ricky as a user, the following message is displayed.

BEST LINUX CHAGE COMMAND WITH EXAMPLES - A LINUX PASSWORD EXPIRATION MANAGEMENT TOOL

Login via user Ricky

As you can see from the snapshot above, user Ricky is forced to change the password.

More help on Linux chage Command

For more options on the Linux chage command, see Command.

[[email protected] ~]# chage --help   # Help Page of Linux chage command
Usage: chage [options] [LOGIN]

Options:
  -d, --lastday LAST_DAY        set date of last password change to LAST_DAY
  -E, --expiredate EXPIRE_DATE  set account expiration date to EXPIRE_DATE
  -h, --help                    display this help message and exit
  -I, --inactive INACTIVE       set password inactive after expiration
                                to INACTIVE
  -l, --list                    show account aging information
  -m, --mindays MIN_DAYS        set minimum number of days before password
                                change to MIN_DAYS
  -M, --maxdays MAX_DAYS        set maximim number of days before password
                                change to MAX_DAYS
  -W, --warndays WARN_DAYS      set expiration warning days to WARN_DAYS

Linux chage command guide

OR Call up the Manual Page of Chage with the following command.

[[email protected] ~]# man chage   # Manual Page of Linux chage Command

Read also: Best Linux Usermod Command with Examples

That’s all. In this article, we explained best Linux Chage command with examples – A Linux tool for managing password expiration. I hope you like this article. If you like this article, just share it. If you have any questions about this article, please comment.

Sidebar