How to use Chage Command in Linux with Examples
In the realm of Linux system administration, ensuring strong security measures is paramount. A crucial aspect of this responsibility involves managing user password policies effectively. Enter the ‘chage‘ command. chage command is used to view and change the user password expiry options. In this article, we will talk about how to use ‘chage’ command in linux, understand its functionality, and showcase various examples to illustrate its usage thoroughly.
Understanding the ‘chage’ Command:
The ‘chage’ command in Linux stands for “change age.” Its primary purpose is to modify the aging properties of user accounts, such as password expiration and other settings. Administrators can use this command to enhance system security by enforcing regular password changes and configuring other password-related attributes.
How to use Chage Command in Linux?
The basic syntax for the ‘chage’ command is as follows:
chage [options] [username]Common Options:
-lor--list: Displays the current aging information for the specified user.-Eor--expiredate: Sets the account expiration date in YYYY-MM-DD format.-dor--lastday: Sets the last day the password is valid in YYYY-MM-DD format.-Mor--maxdays: Sets the maximum number of days a password is valid.-mor--mindays: Sets the minimum number of days required between password changes.-Ior--inactive: Sets the number of days of inactivity allowed before locking the account.-Wor--warndays: Sets the number of days before password expiration to display a warning message.
Examples:
Display User Aging Information:
To view the current aging information for a specific user (e.g., ‘john’), use the following command
chage -l johnSet Password Expiration Date:
To set an expiration date for a user account (e.g., ‘mary’) using the ‘chage’ command:
chage -E 2023-12-31 maryConfigure Maximum Days and minimum Password Change Policy:
To enforce a maximum password age of 90 days and a minimum password age of 7 days for the user ‘jane’:
chage -M 90 -m 7 janeDisable Passowrd Expiration
To disable password expiration for a user (for example John), use the following command
chage -M -1 johnSet Password Warning Days:
To display a warning message 14 days before a user’s password expires (e.g., ‘joe’):
chage -W 14 joeLock an Account After Inactivity:
To lock a user account (‘david’) after 30 days of inactivity:
chage -I 30 davidSet up Accounts to not to expire
You can setup accounts to not to expire by using chage command as following. In this example user account named bob will have no expiry date.
chage -E -1 bobConclusion:
The ‘chage’ command is an indispensable tool for Linux administrators to manage user password policies and enhance system security. By understanding its various options and functionality, administrators can ensure that user accounts are subject to robust password policies, reducing the risk of unauthorized access and data breaches. As with any powerful command, it is essential to exercise caution when using ‘chage,’ and always verify your actions to avoid unintentional consequences. By mastering the ‘chage’ command, system administrators can fortify their Linux systems and protect sensitive information from potential security threats. As always, feel free to check out the man page of chage command.
