Cyberithub

Top 17 passwd and chage Command Examples in Linux

In this article, I will take you through top 10 passwd and chage Command Examples to Manage User Password Expiration and Aging in Linux. passwd tool is generally used to change user account password and chage command are usually used for User account expiration and aging operations. Most of the time you will see both are used together to perform User Account Management Tasks.

Top 17 passwd and chage Command Examples in Linux 1

passwd and chage Examples

Also Read: How to create Network Bonding/Teaming in RedHat/CentOS 7

1. Change root Password on Ubuntu

If you are planning to change your root password, you can do that by simple running passwd command as shown. By default, passwd with no arguments will take currently logged in user as user account whose password needs to be changed. In our case, since we are logged in with root account, so root account password will be changed.

[root@localhost ~]# passwd
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

NOTE:

Please note that running only passwd command will change the current logged in user password. So before running passwd command without any arguments it is very much necessary to verify if you are changing current logged in user account password.

2. Change User Account Password 

If you want to change user john account password, you can do that by simply running passwd john command.

[root@localhost ~]# passwd john
Changing password for user john.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Also Read: Best Examples to Test Port Connectivity in Linux

3. Expire User Password after 45 days

If you want to expire User John password after 45 days, then you need to run chage -M 45 John command to perform this task.

[root@localhost ~]# chage -M 45 john

Check if the expiration day is set or not.

[root@localhost ~]# chage -l john
Last password change : Jan 16, 2020
Password expires : Mar 01, 2020
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 7

4. User Password Expiration Warning

In case you want to provide warning to user for his password expiration, you can do that by running chage -W 15 John command. This command will start providing warning to user before 15 days of Password expiration so that User will be notified that his password is going to expire after 15 days.

[root@localhost ~]# chage -W 15 john

Check if warning is set to 15 days or not for user john.

[root@localhost ~]# chage -l john
Last password change : Jan 16, 2020
Password expires : Mar 01, 2020
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15

5. Lock User Account on Ubuntu

If you want to lock user John account, you can do that by using passwd -l john command.

[root@localhost ~]# passwd -l john
Locking password for user john.
passwd: Success

6. Unlock User Account on Linux Machine

If you want to unlock user John account, you can do that by using passwd -u john command.

[root@localhost ~]# passwd -u john
Unlocking password for user john.
passwd: Success

7. Check User Password Policy

To list out User John current password policy, you need to use chage -l john command.

[root@localhost ~]# chage -l john
Last password change : Jan 16, 2020
Password expires : Mar 01, 2020
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15

8. Check User Password Status

Sometimes you might want to check status of password for a given account. You can do that by using -S option with passwd command. As you can see from below output, User John password is currently set using SHA512 encryption.

[root@localhost ~]# passwd -S john
john PS 2020-01-15 0 45 15 -1 (Password set, SHA512 crypt.)

9. Force User to Change His Password After First Login

If you want user to force change his password after first login, you can do that by using chage -d 0 john command.

[root@localhost ~]# chage -d 0 john

Check if the forceful password change is set or not in User john password policy.

[root@localhost ~]# chage -l john
Last password change : password must be changed
Password expires : password must be changed
Password inactive : password must be changed
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15

10. Forcefully expire User Password

If you want to forcefully expire User john password, you can do that by using below command.

[root@localhost ~]# passwd -e john
Expiring password for user john.
passwd: Success

11. Disable User Account Expiry

If you want to disable User John account expiry, you can do that by executing chage -E -1 John command.

[root@localhost ~]# chage -E -1 john

Check if the account expiry is disabled or not. Notice the output never in Account Expires, this means account expire is successfully set to never.

[root@localhost ~]# chage -l john
Last password change : password must be changed
Password expires : password must be changed
Password inactive : password must be changed
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15

12. Remove User Password

Sometimes you might get into a scenario where you need to remove User Password. That can be achieved by using -d option with passwd command as shown below for John.

[root@localhost ~]# passwd -d john
Removing password for user john.
passwd: Success

13. Set User Account Expiry

If you decided to set user John account expiry on 28th May 2020, then you can do that by using chage -E 2020-05-28 command.

[root@localhost ~]# chage -E 2020-05-28 john

Check if the expiry is set for User John or not.

[root@localhost ~]# chage -l john
Last password change : password must be changed
Password expires : password must be changed
Password inactive : password must be changed
Account expires : May 28, 2020
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15

14. Never allow User Password to become Inactive

If you want to set Password inactive to never for user John, you can do that by using chage -I -1 john command.

[root@localhost ~]# chage -I -1 john

Check if Password Inactive is set to never.

[root@localhost ~]# chage --list john
Last password change : Jan 16, 2020
Password expires : Mar 01, 2020
Password inactive : never
Account expires : May 28, 2020
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15

15. Force User Account to Lock after 7 days of inactivity

If you want User account to be forcefully locked after 7 days of inactivity, then you can use chage -I 7 john command. This command basically means lock user john account if he does not use his account for 7 days.

[root@localhost ~]# chage -I 7 john
[root@localhost ~]# chage -l john
Last password change : Jan 16, 2020
Password expires : Mar 01, 2020
Password inactive : Mar 08, 2020
Account expires : May 28, 2020
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15

16. Set Number of days(Age) between User Password Change

Use below command to set Minimum number of days between password change to 0 for User John.

[root@localhost ~]# chage -m 0 john

Verify and confirm if the minimum number of days between password change is set to 0 or not.

[root@localhost ~]# chage -l john
Last password change : password must be changed
Password expires : password must be changed
Password inactive : password must be changed
Account expires : May 28, 2020
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15

17. Check other options with passwd and chage command

To check all the options available with passwd command, you can run passwd --help command and check.

[root@localhost ~]# passwd --help
Usage: passwd [OPTION...] <accountName>
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only)
-l, --lock lock the password for the named account (root only)
-u, --unlock unlock the password for the named account (root only)
-e, --expire expire the password for the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before password expiration (root only)
-i, --inactive=DAYS number of days after password expiration when an account becomes disabled (root only)
-S, --status report password status on the named account (root only)
--stdin read new tokens from stdin (root only)

Help options:
-?, --help Show this help message
--usage Display brief usage message

To check all the options available with chage command, you can use chage --help command and check.

[root@localhost ~]# chage --help
Usage: chage [options] LOGIN

Options:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximum number of days before password
change to MAX_DAYS
-R, --root CHROOT_DIR directory to chroot into
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS

Also Read : 7 ways to prevent brute for ssh attacks on RedHat/CentOS 7

 

Popular Searches

  • linux change password command
  • ubuntu change password
  • linux change user password
  • linux unlock account
  • ubuntu change user password

Leave a Comment