In this tutorial, we cover the basics of using the chage command on a Linux-based distribution.
The chage command is extremely useful for viewing and altering a user’s password expiry information. You can alter settings such as password expiry date, expiry warning, and more. It is a useful command to know if you administrate a multi-user system.
If you need to change the actual password, you will need to use the passwd command instead. The chage command simply deals with how the system handles if and how passwords expire.
This tutorial will run you through a wide range of different topics around the chage command. For example, we will cover topics such as viewing the password expiry information and making changes to the information. The command is super easy to understand and may come in handy if you need to handle expiring passwords.
Table of Contents
- chage Command Syntax
- chage Command Options
- Using the chage Command
- More Help
- Conclusion
chage Command Syntax
The syntax of the chage command is pretty straightforward. Simply write chage
followed by any optional options and the user’s name you wish to view or edit. We touch on some of the options you can use below.
chage [OPTIONS] [LOGIN]
[OPTIONS] is where you can specify options that you would like to run with the command. You can use options to alter the behavior of the command.
[LOGIN] is the user’s username that you wish to view or edit. You will need to be the root user if you wish to edit someone else’s account.
chage Command Options
-d LAST_DAY
or--lastday LAST_DAY
allows you to change the last password change date to a new date.-E EXPIRE_DATE
or--expiredate EXPIRE_DATE
will set the account expiry date.-i
or--iso8601
will use YYYY-MM-DD instead of MM DD, YYY when printing dates.-I INACTIVE
or--inactive INACTIVE
allows you to set the number of days after a password has expired before an account is locked.-l
or--list
displays a list of the account’s password expiry settings.-m MIN_DAYS
or--mindays MIN_DAYS
allows you to set the minimum number of days between password changes.-M MAX_DAYS
or--maxdays MAX_DAYS
lets you set the maximum number of days a password is valid. Users will be required to change their password once the elapsed days since the last password change exceeds this setting.-W WARN_DAYS
or--warndays WARN_DAYS
will warn the user a set number of days before password expiry that a password change is required.
You might want to use a few other options with this command. You can view more information on these options using some of the inbuilt help methods in Linux.
Using the chage command
Using this command is pretty straightforward, so it shouldn’t take too long to understand the options available to you. Throughout this tutorial, I am logged into the root environment using sudo su
.
If you use the command without any options and simply enter a user, you will be prompted with a series of questions.
chage dev
In the example below, you can see each of the questions you will be asked. Pressing enter will simply use the default.
root@pimylifeup:/home/dev# chage dev
Changing the aging information for dev
Enter the new value, or press ENTER for the default
Minimum Password Age [0]:
Maximum Password Age [99999]:
Last Password Change (YYYY-MM-DD) [2022-01-13]:
Password Expiration Warning [7]:
Password Inactive [-1]:
Account Expiration Date (YYYY-MM-DD) [-1]:
You can change each setting individually by using options alongside the command. Changing each setting individually might make things easier, especially when making changes in bulk.
If you want to view the current settings, you can use the -l
option, which I explain below.
View Current Password Expiry Settings
To view all of a user’s current password expiry settings, you can use the -l
option with the chage command. Below is an example of using the chage command to view the settings set for the user “dev”.
chage -l dev
Below is the output for our user dev. You can see all the current settings for the user. Throughout this tutorial, we will explain each of these settings and how you can alter them.
root@pimylifeup:/home/dev# chage -l dev
Last password change : Jan 13, 2022
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Update Last Password Change
You can change the date for when the password was last changed. To do this, you can use the -d
or --lastday
options.
This option will accept days or an exact date. If you use days, it starts the count from January 1st, 1970, so to get to January 1st, 2023, you will need to enter 18993. It is much easier to enter the date in the format of YYYY-MM-DD.
In the example below, we change the last password change to the 1st of May 2022.
chage -d 2022-05-01 pi
We can confirm the last password change date has been updated by using the -l
option with the chage command.
root@pimylifeup:/home/dev# chage -l pi
Last password change : May 01, 2022
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Set an Account Expiry Date
On Linux, you can set an account to expire on a specific date. Once an account has expired, the user will need to contact a system administrator to unlock it. It’s perfect if you need to allow guest users onto your system but want to restrict access past a certain date.
To set the expiry date, you will need to use either the -E EXPIRE_DATE
or --expiredate EXPIRE_DATE
option. The EXPIRE_DATE
will need to be in the format of YYYY-MM-DD
.
In our example below, we set the expiry to the 31st of May 2022.
chage -E 2022-05-31 pi
Using the -l
option with chage, we can check that the account expiry has been set.
root@pimylifeup:/home/dev# chage -l pi
Last password change : May 01, 2022
Password expires : never
Password inactive : never
Account expires : May 31, 2022
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
Set the Minimum Number of Days Between Password Changes
If you do not want a user changing their password often, you can set a wait time between password changes. By using the -m MIN_DAYS
or --mindays MIN_DAYS
, you can set the number of days before a user can change their password again.
In our example below, we set it so that the user can only change their password once every 2 days.
chage -m 2 pi
Using chage
, you can confirm that your changes have been set correctly.
root@pimylifeup:/home/dev# chage -l pi
Last password change : May 01, 2022
Password expires : never
Password inactive : never
Account expires : May 31, 2022
Minimum number of days between password change : 2
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
To remove the minimum number of days to wait before changing a password, simply use 0 as the number of days.
chage -m 0 pi
Set the Maximum Number of Days for a Valid Password
If you want to force a password change, you can set the number of days a password will remain valid. Once the password is invalid, the user will be forced to change their password.
To set how long a password stays valid, use the -M MAX_DAYS
or --maxdays MAX_DAYS
options. Replace max_days
with the number of days you want a password to stay valid.
chage -m 28 pi
The output below shows that the maximum days setting has updated to our new value. So now, every 28 days after the last password change, the account will require a new password.
root@pimylifeup:/home/dev# chage -l pi
Last password change : May 01, 2022
Password expires : May 29, 2022
Password inactive : never
Account expires : May 31, 2022
Minimum number of days between password change : 2
Maximum number of days between password change : 28
Number of days of warning before password expires : 7
Set Number of Days Before Account Becomes Inactive
You can set the number of days after an expired password that an account should be set to inactive. Once an account is inactive, the user will need to contact the system administrator to be able to log in again. It is perfect for ensuring dormant accounts become inaccessible.
It is important to note that you will need to have the maximum number of days set for the password in order for this option to work.
To set the number of days for an account to become inactive, simply use the -I INACTIVE_DAYS
or --inactive INACTIVE_DAYS
option. Replace INACTIVE_DAYS
with the number of days you wish to use.
Our example below sets our account to become inactive 60 days after a password has expired.
chage -I 60 pi
By using the -l
option, you can see that the account will now go inactive on the 28th of July 2022.
root@pimylifeup:/home/dev# chage -l pi
Last password change : May 01, 2022
Password expires : May 29, 2022
Password inactive : Jul 28, 2022
Account expires : May 31, 2022
Minimum number of days between password change : 2
Maximum number of days between password change : 28
Number of days of warning before password expires : 7
To remove the inactivity rule, simply run the command with -1
for the number of days.
chage -I -1 pi
Set Expiry Warning
The last option we are looking at is setting an expiry warning. If you want to warn your users about their password expiring soon, you can do so using the -W WARN_DAYS
or --warndays WARN_DAY
. WARN_DAY
is the number of days before expiry.
In our example below, we set the warning to display 10 days before the password expires.
chage -W 10 pi
In our output below, you can see the password expiry warning is now set to 10.
root@pimylifeup:/home/dev# chage -l pi
Last password change : May 01, 2022
Password expires : May 29, 2022
Password inactive : Jul 28, 2022
Account expires : May 31, 2022
Minimum number of days between password change : 2
Maximum number of days between password change : 28
Number of days of warning before password expires : 10
More Help
If you require more information on the chage command and its options, you can use either the man command or the inbuilt help information.
To access the manual page using the man command, simply write man
followed by chage
.
man chage
Simply use the q key to exit from the manual once you are done.
You can also use the command’s inbuilt help functionality to bring up some basic information on how to use it. Simply use the –help or -h option after the chage command to bring up the information.
chage --help
Conclusion
By now, you should have a decent idea of how to use the chage command effectively. It is unlikely you will need to use this command often unless you are dealing with a large number of users.
If you do plan on using Linux distributions a lot, you will find it beneficial to learn as many Linux commands as possible. They make life a lot easier when it comes to maintaining a Linux or Unix distribution.
Please let us know if you notice a mistake or if an important topic is missing from this guide.