Table of Contents
In this article, I will take you through top 10 passwd and chage Command Examples to Manage User Password Expiration and Aging in Linux. passwd tool is generally used to change user account password and chage command are usually used for User account expiration and aging operations. Most of the time you will see both are used together to perform User Account Management Tasks.
passwd and chage Examples
Also Read: How to create Network Bonding/Teaming in RedHat/CentOS 7
1. Change root Password on Ubuntu
If you are planning to change your root password, you can do that by simple running passwd command as shown. By default, passwd with no arguments will take currently logged in user as user account whose password needs to be changed. In our case, since we are logged in with root account, so root account password will be changed.
[root@localhost ~]# passwd
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
NOTE:
2. Change User Account Password
If you want to change user john account password, you can do that by simply running passwd john command.
[root@localhost ~]# passwd john
Changing password for user john.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Also Read: Best Examples to Test Port Connectivity in Linux
3. Expire User Password after 45 days
If you want to expire User John password after 45 days, then you need to run chage -M 45 John command to perform this task.
[root@localhost ~]# chage -M 45 john
Check if the expiration day is set or not.
[root@localhost ~]# chage -l john
Last password change : Jan 16, 2020
Password expires : Mar 01, 2020
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 7
4. User Password Expiration Warning
In case you want to provide warning to user for his password expiration, you can do that by running chage -W 15 John command. This command will start providing warning to user before 15 days of Password expiration so that User will be notified that his password is going to expire after 15 days.
[root@localhost ~]# chage -W 15 john
Check if warning is set to 15 days or not for user john.
[root@localhost ~]# chage -l john
Last password change : Jan 16, 2020
Password expires : Mar 01, 2020
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15
5. Lock User Account on Ubuntu
If you want to lock user John account, you can do that by using passwd -l john command.
[root@localhost ~]# passwd -l john
Locking password for user john.
passwd: Success
6. Unlock User Account on Linux Machine
If you want to unlock user John account, you can do that by using passwd -u john command.
[root@localhost ~]# passwd -u john
Unlocking password for user john.
passwd: Success
7. Check User Password Policy
To list out User John current password policy, you need to use chage -l john command.
[root@localhost ~]# chage -l john
Last password change : Jan 16, 2020
Password expires : Mar 01, 2020
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15
8. Check User Password Status
Sometimes you might want to check status of password for a given account. You can do that by using -S option with passwd command. As you can see from below output, User John password is currently set using SHA512 encryption.
[root@localhost ~]# passwd -S john
john PS 2020-01-15 0 45 15 -1 (Password set, SHA512 crypt.)
9. Force User to Change His Password After First Login
If you want user to force change his password after first login, you can do that by using chage -d 0 john command.
[root@localhost ~]# chage -d 0 john
Check if the forceful password change is set or not in User john password policy.
[root@localhost ~]# chage -l john
Last password change : password must be changed
Password expires : password must be changed
Password inactive : password must be changed
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15
10. Forcefully expire User Password
If you want to forcefully expire User john password, you can do that by using below command.
[root@localhost ~]# passwd -e john
Expiring password for user john.
passwd: Success
11. Disable User Account Expiry
If you want to disable User John account expiry, you can do that by executing chage -E -1 John command.
[root@localhost ~]# chage -E -1 john
Check if the account expiry is disabled or not. Notice the output never in Account Expires, this means account expire is successfully set to never.
[root@localhost ~]# chage -l john
Last password change : password must be changed
Password expires : password must be changed
Password inactive : password must be changed
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15
12. Remove User Password
Sometimes you might get into a scenario where you need to remove User Password. That can be achieved by using -d option with passwd command as shown below for John.
[root@localhost ~]# passwd -d john
Removing password for user john.
passwd: Success
13. Set User Account Expiry
If you decided to set user John account expiry on 28th May 2020, then you can do that by using chage -E 2020-05-28 command.
[root@localhost ~]# chage -E 2020-05-28 john
Check if the expiry is set for User John or not.
[root@localhost ~]# chage -l john
Last password change : password must be changed
Password expires : password must be changed
Password inactive : password must be changed
Account expires : May 28, 2020
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15
14. Never allow User Password to become Inactive
If you want to set Password inactive to never for user John, you can do that by using chage -I -1 john command.
[root@localhost ~]# chage -I -1 john
Check if Password Inactive is set to never.
[root@localhost ~]# chage --list john
Last password change : Jan 16, 2020
Password expires : Mar 01, 2020
Password inactive : never
Account expires : May 28, 2020
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15
15. Force User Account to Lock after 7 days of inactivity
If you want User account to be forcefully locked after 7 days of inactivity, then you can use chage -I 7 john command. This command basically means lock user john account if he does not use his account for 7 days.
[root@localhost ~]# chage -I 7 john [root@localhost ~]# chage -l john Last password change : Jan 16, 2020 Password expires : Mar 01, 2020 Password inactive : Mar 08, 2020 Account expires : May 28, 2020 Minimum number of days between password change : 0 Maximum number of days between password change : 45 Number of days of warning before password expires : 15
16. Set Number of days(Age) between User Password Change
Use below command to set Minimum number of days between password change to 0 for User John.
[root@localhost ~]# chage -m 0 john
Verify and confirm if the minimum number of days between password change is set to 0 or not.
[root@localhost ~]# chage -l john
Last password change : password must be changed
Password expires : password must be changed
Password inactive : password must be changed
Account expires : May 28, 2020
Minimum number of days between password change : 0
Maximum number of days between password change : 45
Number of days of warning before password expires : 15
17. Check other options with passwd and chage command
To check all the options available with passwd command, you can run passwd --help command and check.
[root@localhost ~]# passwd --help
Usage: passwd [OPTION...] <accountName>
-k, --keep-tokens keep non-expired authentication tokens
-d, --delete delete the password for the named account (root only)
-l, --lock lock the password for the named account (root only)
-u, --unlock unlock the password for the named account (root only)
-e, --expire expire the password for the named account (root only)
-f, --force force operation
-x, --maximum=DAYS maximum password lifetime (root only)
-n, --minimum=DAYS minimum password lifetime (root only)
-w, --warning=DAYS number of days warning users receives before password expiration (root only)
-i, --inactive=DAYS number of days after password expiration when an account becomes disabled (root only)
-S, --status report password status on the named account (root only)
--stdin read new tokens from stdin (root only)
Help options:
-?, --help Show this help message
--usage Display brief usage message
To check all the options available with chage command, you can use chage --help command and check.
[root@localhost ~]# chage --help
Usage: chage [options] LOGIN
Options:
-d, --lastday LAST_DAY set date of last password change to LAST_DAY
-E, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-h, --help display this help message and exit
-I, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-l, --list show account aging information
-m, --mindays MIN_DAYS set minimum number of days before password
change to MIN_DAYS
-M, --maxdays MAX_DAYS set maximum number of days before password
change to MAX_DAYS
-R, --root CHROOT_DIR directory to chroot into
-W, --warndays WARN_DAYS set expiration warning days to WARN_DAYS
Also Read : 7 ways to prevent brute for ssh attacks on RedHat/CentOS 7
Popular Searches
- linux change password command
- ubuntu change password
- linux change user password
- linux unlock account
- ubuntu change user password