• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : Managing password ageing for users using chage (with practical Examples)

by admin

For security reasons, it is good practice to require users to change their passwords periodically. To configure password expiration for a user from a shell prompt, use the chage command. The basic syntax of the chage command is :

# chage [option] [username]

The table below lists out the command line options that can be used with the chage command.
chage Command Line Options

Option Description
-m days Specify the minimum number of days between which the user must change passwords. If the value is 0, the password does not expire.
-M days Specify the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the -d option is less than the current day, the user must change passwords before using the account.
-d days Specify the number of days since January 1, 1970 the password was changed.
-I days Specify the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires.
-E date Specify the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used.
-W days Specify the number of days before the password expiration date to warn the user.
Note: Shadow passwords must be enabled to use the chage command.

Examples:

1. To force users to change their passwords the maxdays variable has to be set for that user. An example of how to do this can be found below:

# chage -M 30 [user]

The above will expire the associated users password every 30 days.

2. This can also be done when first assigning a password to a user when creating their account with the command below:

# passwd -x 30 [user]

3. It would also be wise to warn users that their account password is about to expire. This can be done by changing the warndays variable shown below.

# chage -W 4 [user]

This will warn the user 4 days before their password expires that they will need to change their password.

4. To retrieve expiry information about an existing account, use the command below:

# chage -l [user]
         Minimum:        0
         Maximum:        30
         Warning:        4
         Inactive:       -1
         Last Change:            Mar 03, 2005
         Password Expires:       Apr 02, 2005
         Password Inactive:      Never
         Account Expires:        Never
CentOS / RHEL : How to configure a user account to never expire

Filed Under: Linux

Some more articles you might also be interested in …

  1. lastb: command not found
  2. aptitude: command not found
  3. How to disable NetworkManager on CentOS / RHEL 7
  4. locale Command Examples in Linux
  5. authconfig: command not found
  6. pvdisplay Command Examples in Linux
  7. conky: command not found
  8. dumpe2fs Command Examples in Linux
  9. bpftool Command Examples in Linux
  10. How to resolve the error “-bash: xclock: command not found” in CentOS / RHEL

You May Also Like

Primary Sidebar

Recent Posts

  • protonvpn-cli Command Examples in Linux
  • protonvpn-cli connect Command Examples
  • procs Command Examples in Linux
  • prlimit: command not found

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright