Linux chage Command with Practical Examples

Introduction

In this lab, you will learn how to use the chage command in Linux to modify a user's password expiration date and enforce password expiration policies. The chage command allows you to view and manage various password aging information, such as the last password change date, password expiration date, password expiration warning period, and the minimum and maximum number of days between password changes. You will learn how to use the chage command to set a new password expiration date for a user and ensure that passwords are regularly updated to maintain system security.

Linux Commands Cheat Sheet

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("`Linux`")) -.-> linux/UserandGroupManagementGroup(["`User and Group Management`"]) linux(("`Linux`")) -.-> linux/SystemInformationandMonitoringGroup(["`System Information and Monitoring`"]) linux/UserandGroupManagementGroup -.-> linux/useradd("`User Adding`") linux/UserandGroupManagementGroup -.-> linux/passwd("`Password Changing`") linux/UserandGroupManagementGroup -.-> linux/sudo("`Privilege Granting`") linux/SystemInformationandMonitoringGroup -.-> linux/date("`Date/Time Displaying`") subgraph Lab Skills linux/useradd -.-> lab-422593{{"`Linux chage Command with Practical Examples`"}} linux/passwd -.-> lab-422593{{"`Linux chage Command with Practical Examples`"}} linux/sudo -.-> lab-422593{{"`Linux chage Command with Practical Examples`"}} linux/date -.-> lab-422593{{"`Linux chage Command with Practical Examples`"}} end

Understand the chage Command

In this step, you will learn about the chage command in Linux, which is used to modify a user's password expiration date and other password aging information.

The chage command allows you to view and modify the following password aging information for a user account:

Last password change date
Password expiration date
Password expiration warning period
Minimum number of days between password changes
Maximum number of days between password changes

To view the current password aging information for a user, you can use the chage command with the -l option:

$ sudo chage -l labex
Last password change                                    : Jan 01, 2023
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

This output shows that the user labex has no password expiration date set, and the password will never expire.

To modify the password expiration date for a user, you can use the chage command with the -E option followed by the new expiration date in the format YYYY-MM-DD. For example, to set the password expiration date for the labex user to 30 days from now:

$ sudo chage -E $(date -d "+30 days" '+%Y-%m-%d') labex

Example output:

$ sudo chage -l labex
Last password change                                    : Jan 01, 2023
Password expires                                        : Feb 01, 2023
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

The chage command provides several other options to manage password aging policies. You can explore them using the man chage command.

Modify User Password Expiration Date

In this step, you will learn how to modify the password expiration date for a user account using the chage command.

First, let's check the current password expiration date for the labex user:

$ sudo chage -l labex
Last password change                                    : Jan 01, 2023
Password expires                                        : Feb 01, 2023
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

As you can see, the password for the labex user is set to expire on February 1, 2023.

To modify the password expiration date, you can use the chage command with the -E option followed by the new expiration date in the format YYYY-MM-DD. For example, to set the password expiration date to 90 days from now:

$ sudo chage -E $(date -d "+90 days" '+%Y-%m-%d') labex

Now, let's verify the new password expiration date:

$ sudo chage -l labex
Last password change                                    : Jan 01, 2023
Password expires                                        : Apr 01, 2023
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

The output shows that the password expiration date has been updated to April 1, 2023.

Enforce Password Expiration Policy

In this step, you will learn how to enforce a password expiration policy for user accounts using the chage command.

First, let's check the current password expiration policy for the labex user:

$ sudo chage -l labex
Last password change                                    : Jan 01, 2023
Password expires                                        : Apr 01, 2023
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

As you can see, the password for the labex user is set to expire on April 1, 2023.

To enforce a password expiration policy, you can use the chage command with the following options:

-M: Set the maximum number of days a password is valid
-m: Set the minimum number of days between password changes
-W: Set the number of days of warning before a password expires

For example, to set the password expiration policy for the labex user as follows:

Maximum password age: 90 days
Minimum password age: 7 days
Password expiration warning: 7 days

You can run the following commands:

$ sudo chage -M 90 -m 7 -W 7 labex

Now, let's verify the updated password expiration policy:

$ sudo chage -l labex
Last password change                                    : Jan 01, 2023
Password expires                                        : Apr 01, 2023
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 7
Maximum number of days between password change          : 90
Number of days of warning before password expires       : 7

The output shows that the password expiration policy has been updated as expected.

Summary

In this lab, you learned about the chage command in Linux, which is used to modify a user's password expiration date and other password aging information. You explored how to view the current password aging information for a user, and how to modify the password expiration date for a user. You also learned how to enforce a password expiration policy by setting the password expiration date for a user.