Change days between password change with chage command in Linux
chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change their password.
chage command is installed with the
passwd package, which can be install using the default package manager (apt, yum, pacman, dnf, etc.). The
chage program requires a shadow (
/etc/shadow) password file to be available which stores secure user account information. It's behavior can changed by editing the
/etc/login.defs configuration file.
chage [options] LOGIN
|Set the number of days since the last time the password was updated, which was on January 1st, 1970. The date could alternatively be written in the following format:
YYYY-MM-DD or any other.
--expireda te EXPIRE_DATE
|The user's account will expire on the date you specify, or after the specified number of days starting on January 1, 1970. The date could alternatively be written in the following format:
The account expiration date can be removed by passing
-1 as the
EXPIRE DATE parameter.
|When printing dates, use
|Determine how long an account must go without activity once a password has expired before it is locked. The number of days of inactivity is indicated by the
The account's inactivity can be removed by passing
-1 as the
|Show account aging information. (expiry, change, days, etc.)
MIN DAYS should be set as the minimum number of days between password updates. The user may modify their password at any moment if this field has a value of zero.
|Set the maximum amount of time a password will last. The user will be unable to access their account until they update their password if
MAX DAYS plus
LAST DAY is less than the present day. The
-W (warn days) option gives the user a heads-up so they can prepare for this event in advance and receive a warning.
MAX DAYS will disable verifying the suffix of a password.
|Apply changes in the
CHROOT_DIR directory and use the configuration files from the
|Decide how many days of notice are given before a password change is necessary. The number of days before the password expires that a user will be alerted that their password is about to expire is specified by the
|Display help message and exit.
If none of the options are selected, chage operates in an interactive fashion, prompting the user with the current values for all of the fields. Enter the new value to change the field, or leave the line blank to use the current value. The current value is displayed between a pair of
[ ] marks.
It is restricted to the root user, except for the
-l option, which may be used by an unprivileged user to determine when their password or account is due to expire.
Exit codes for
|can't find the shadow password file (
|permission denied (Try again with root permissions.)
|invalid command syntax
Example use cases of
List password information for the user:
Here, we have used
chage command to list password expiry information for the specified user name: "
$ chage --list username
Enable password expiration in 10 days:
We can set a maximum number of days between password change with
--maxdays flag to the
chage command as follows:
$ sudo chage --maxdays 10 username
Disable password expiration:
To disable password expiration, we can specify a negative value (
-1) to maxdays parameter (
chage command in Linux:
$ sudo chage --maxdays -1 username
Set account expiration date:
Set an account expiration date with
chage command using the
--expirydate flag as follows:
$ sudo chage --expiredate YYYY-MM-DD username
Force user to change password on next log in:
To expire a password immediately and set new with
chage command in Linxu terminal, we can use
--lastday flag as follows:
$ sudo chage --lastday 0 username