In our last artical we known about password managent by using in passwd command, In this artical we known about that password management by using chage .
Before going through this artical first read password management by using passwd
chage
chage Enables you to modify the parameters surrounding passwords (complexity, age,expiration). We can edit and manage the password expiration details with the chage command. However, a root user can execute chage command for any user account, but not the other users.
Syntax: chage [options] USERNAME
Options:
-d LAST_DAY Indicates the day the password was last changed -E EXPIRE_DATE Sets the account expiration date -I INACTIVE Changes the password in an inactive state after the account expires -l Shows account aging information -m MIN_DAYS Sets the minimum number of days between password changes -M MAX_DAYS Sets the maximum number of days a password is valid -W WARN_DAYS Sets the number of days to warn before the password expires
For example we can find the particular user information by using chage command as follows.
[root@localhost ~]# chage -l root Last password change : Mar 12, 2016 Password expires : Jul 25, 2017 Password inactive : never Account expires : Dec 31, 2025 Minimum number of days between password change : 365 Maximum number of days between password change : 500 Number of days of warning before password expires : 7
How to force users to change their password, may be this is a big question for system administrators to force their users to change password on regular intervals for security basis.
For this we Set Password Expiry Date for an user using chage option -M. Root user can set the password expiry date for any user.
Please note that option -M will update both “Password expires” and “Maximum number of days between password change” entries as shown below.
Syntax: # chage -M number-of-days username
[root@localhost ~]# chage -M 60 root
The above command sets the password expiry to 60days.
[root@localhost ~]# chage -l root Last password change : Mar 12, 2016 Password expires :Jul 25, 2017 Password inactive : never Account expires : Dec 31, 2025 Minimum number of days between password change : 0 Maximum number of days between password change : 60 Number of days of warning before password expires : 7
Set the Account Expiry Date for an User by using -E option
we can also use chage command to set the account expiry date as shown below using option -E. The date given below is in “YYYY-MM-DD” format. This will update the “Account expires” value as shown below.
[root@localhost ~]# chage -E "2017-10-03" root
[root@localhost ~]# chage -l root Last password change : Mar 12, 2016 Password expires : Jul 25, 2017 Password inactive : never Account expires : Oct 03, 2017 Minimum number of days between password change : 0 Maximum number of days between password change : 60 Number of days of warning before password expires : 7
Force the user account to be locked after n number of inactivity days
Typically if the password is expired, users are forced to change it during their next login. You can also set an additional condition, where after the password is expired, if the user never tried to login for 6 days, you can automatically lock their account using option -I as shown below. In this example, the “Password inactive” date is set to 10 days from the “Password expires” value.Once an account is locked, only system administrators will be able to unlock it.
# chage -I 6 root
# chage -l root Last password change : Mar 12, 2016 Password expires : Jul 25, 2017 Password inactive : Aug 31,2017 Account expires : Oct 03, 2017 Minimum number of days between password change : 0 Maximum number of days between password change : 60 Number of days of warning before password expires : 7
How to set Minimum no.of days between password change
we can set the minimum number of days between password change by using the option -m along with chage command as follows.
chage -m 10 USERNAME
[root@localhost ~]# chage -m 10 root
[root@localhost ~]# chage -l root Last password change : Mar 12, 2016 Password expires : Jul 25, 2017 Password inactive : Aug 31,2017 Account expires : Oct 03, 2017 Minimum number of days between password change : 10 Maximum number of days between password change : 60 Number of days of warning before password expires : 7
How to set the number of days of warning before password expires
we can set the number of days of warning before password expires by using the option -W along with chage command
[root@localhost ~]# chage -W 10 root
[root@localhost ~]# chage -l root Last password change : Mar 12, 2016 Password expires : Jul 25, 2017 Password inactive : Aug 31,2017 Account expires : Oct 03, 2017 Minimum number of days between password change : 10 Maximum number of days between password change : 60 Number of days of warning before password expires : 10
How to disable password aging for an user account
To disable password aging for the account for particular account we must set the following on that account.
-m 0 will set the minimum number of days between password change to 0 -M 99999 will set the maximum number of days between password change to 99999 -I -1 (number minus one) will set the “Password inactive” to never -E -1 (number minus one) will set “Account expires” to never.
when we using the chage command to set specifics on an account, do not reset the
password with the passwd command because doing so erases any changes to the account
expiring.
Have a great fun with Linux!