chage command Linux – Ensure Password Aging For Better Security!

The chage command Linux changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password. The /etc/login.defs file defines the site-specific configuration for the shadow password suite including password aging configuration.

To disable password aging, enter:

chage -M 99999 userName

To get password expiration information, enter:

chage -l userName

Finally, you can also edit the /etc/shadow file in the following fields:

{userName}:{password}:{lastpasswordchanged}:{Minimum_days}:{Maximum_days}:{Warn}:{Inactive}:{Expire}:

Where,

  • Minimum_days: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password.
  • Maximum_days: The maximum number of days the password is valid (after that user is forced to change his/her password).
  • Warn : The number of days before password is to expire that user is warned that his/her password must be changed.
  • Expire : Days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used.

I recommend chage command Linux instead of editing the /etc/shadow file by hand:

chage -M 120 -m 7 -W userName

To read many such informative articles, click here.