CentOS / RHEL : Managing password ageing for users using chage (with practical Examples)

For security reasons, it is good practice to require users to change their passwords periodically. To configure password expiration for a user from a shell prompt, use the chage command. The basic syntax of the chage command is :

# chage [option] [username]

The table below lists out the command line options that can be used with the chage command.
chage Command Line Options

Option	Description
-m days	Specify the minimum number of days between which the user must change passwords. If the value is 0, the password does not expire.
-M days	Specify the maximum number of days for which the password is valid. When the number of days specified by this option plus the number of days specified with the -d option is less than the current day, the user must change passwords before using the account.
-d days	Specify the number of days since January 1, 1970 the password was changed.
-I days	Specify the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires.
-E date	Specify the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used.
-W days	Specify the number of days before the password expiration date to warn the user.

Note: Shadow passwords must be enabled to use the chage command.

Examples:

1. To force users to change their passwords the maxdays variable has to be set for that user. An example of how to do this can be found below:

# chage -M 30 [user]

The above will expire the associated users password every 30 days.

2. This can also be done when first assigning a password to a user when creating their account with the command below:

# passwd -x 30 [user]

3. It would also be wise to warn users that their account password is about to expire. This can be done by changing the warndays variable shown below.

# chage -W 4 [user]

This will warn the user 4 days before their password expires that they will need to change their password.

4. To retrieve expiry information about an existing account, use the command below:

# chage -l [user]
         Minimum:        0
         Maximum:        30
         Warning:        4
         Inactive:       -1
         Last Change:            Mar 03, 2005
         Password Expires:       Apr 02, 2005
         Password Inactive:      Never
         Account Expires:        Never

CentOS / RHEL : How to configure a user account to never expire

Next Read: CentOS / RHEL 6 : How to setup yum repository using locally mounted DVD »

Vanilla OS 2 Released: A New Era for Linux Enthusiasts
Introduction On November 15, 2024, the highly anticipated release of Vanilla OS 2, codenamed "Orchid,"…
mk Command Examples
mk is a task runner tool commonly used for controlling the compilation process of executables…
mixxx Command Examples
Mixxx is a free and open-source DJ software designed for DJs of all skill levels.…
mix Command Examples
Mix is a versatile build tool designed specifically for Elixir projects. It offers a wide…
mitmproxy Command Examples
mitmproxy is an interactive HTTP proxy tool that operates as a man-in-the-middle (MITM) between a…