chage is a tool and command used to change user password expiry information in Linux, BSD, Unix systems. With this command we can set password change time, lock status, activity or inactivity of the user account.
Syntax
We will use following syntax for chage command.
chage [options] LOGIN
Help
$ chage -h
Show Password And Related Information For A User
We may want to get detailed password and related information about the user account. This will not list the password of user account. We will use -l or --list options. In this example we will look user account name ismail
$ chage -l ismail
Last password changewill show when the password is changed last timePassword expiresshows when will password expirePassword inactiveshows when will be password inactiveAccount expiresshows when will account will expireMinimum number of days between password changeshows how many day the password will changeMaximum number of days between password changeshows how many day the password will changeNumber of days of warning before password expireshow how much day before the password expire warning will be shown
Set Password Expiry Date For A User
In order to set user account password expire date we need to have root privileges. We will use -M option to specify number of days to password expire. In this example we will set password expiry date for user ismail to 10 days.
$ chage -M 10 ismail
Set Password Expiry Warning Message
Before the user accounts password expires some warning messages are shown to the user. The time the warning message will be shown is by default 7 days. We can set this warning start days with -W option. In this example we will start showing message before 10 days of password expire for user account ismail
$ chage -W 10 ismail
Set Account Expiry Date
Another useful feature of chage is expiring a user account. Expiring user account will lock the account and can not connect remotely. We will use -E option with a date. This date is in YYYY-MM-DD format. In this example we will set account expire date for user ismail at 2017-05-05 .
$ chsudoage -E 2017-05-05 ismail
Set Lock Period For In Activity of User
Normally after password is expired the user is forced to change password. What is the user is not trying to change or not login to the system. This shows us an inactivity where user is not active. We can set some security measure if the user is not change his password in specified days. After the period is expired the user account is locked and only root can activate this account. We will use -I option with number of days for inactivity.
$ chsudoage -I 20 ismail
Disable Password Aging For User
Some times we do not need any security measure. We only want to run account without any lock, password expiry etc. In this situations we can use previously examined options to disable them. This will reset all user account related security measures to the default.
$ chsudoage -m 0 -M 99999 -I -1 -E -1 ismail
