How to Manage User Password Expiration and Aging in Linux

System administration involves numerous tasks including managing users/groups and under user management, some of the minor tasks involved are adding, modifying, suspending, or deactivating user accounts, and many more.

This article will explain one of the critical user account management functions, how to set or change user password expiration and aging in Linux using the chage command.

Read Also: How to Manage Users and Groups in Linux

The chage command is used to modify user password expiry information. It enables you to view user account aging information, change the number of days between password changes and the date of the last password change.

Once you have set password expiry and aging information, this information is used by the system to determine when a user must change his/her password. Normally, companies or organizations have certain security polices that demand users to change passwords regularly: this can be a simple way to enforce such policies as we explained below.

To view a user account aging information, use the -l flag as shwon.

# chage -l ravi
View User Password Aging Information
View User Password Aging Information

To set the date or number of days (since January 1, 1970) when the password was last changed, use the -d flag as follows.

# chage -d 2018-02-11 ravi

Next, you can also set the date or number of days (since January 1, 1970) on which the user’s account will no longer be accessible by using the -E switch as shown in the following command.

In this case, once a user’s account is locked, he/she is required to contact the system administrator before being able to use the system again.

# chage -E 2018-02-16 ravi

Then, the -W option allows you to set the number of days of warning before a password change is required. Considering the command below, the user ravi will be warned 10 days prior to his password expiring.

# chage -W 10 ravi

In addition, you can set the number of days of inactivity after a password has expired before the account is locked. This example means that after user ravi’s password expires, his account will be inactive for 2 days before it is locked.

When the account becomes inactive, he must contact the system administrator before being able to use the system again.

# chage -I 2 ravi

For more information, refer to the chage man page.

# man chage

Note that you can also change a user’s password expiration and aging information using the usermod command, which is actually intended for modifying a user account.

Also check out:

  1. Managing Users & Groups, File Permissions & Attributes on User Accounts
  2. 11 Ways to Find User Account Info and Login Details in Linux

That’s it for now. Hoping you find this article informative and useful, if you have any questions to ask, use the feedback form below.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

4 Comments

Leave a Reply
  1. I have been trying to work with the chage command to modify accounts expiration date but all it brings is a command not found, any help?

    Reply
  2. How to set account expiry universal for all users instead of doing it for one user. For E.g. I want every user which I create should expire after 90 days. which file I need to edit to achieve this.

    Reply
    • @Shuj,

      To setup default password expiry for all new users in Linux

      Open file /etc/login.defs using text editor and set the following values as per your requirements.

      PASS_MAX_DAYS 90
      PASS_MIN_DAYS 1
      PASS_WARN_AGE 7
      
      Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.