Linux password expired off

How to Manage User Password Expiration and Aging in Linux

System administration involves numerous tasks including managing users/groups and under user management, some of the minor tasks involved are adding, modifying, suspending, or deactivating user accounts, and many more.

This article will explain one of the critical user account management functions, how to set or change user password expiration and aging in Linux using the chage command.

The chage command is used to modify user password expiry information. It enables you to view user account aging information, change the number of days between password changes and the date of the last password change.

Once you have set password expiry and aging information, this information is used by the system to determine when a user must change his/her password. Normally, companies or organizations have certain security polices that demand users to change passwords regularly: this can be a simple way to enforce such policies as we explained below.

To view a user account aging information, use the -l flag as shwon.

View User Password Aging Information

To set the date or number of days (since January 1, 1970) when the password was last changed, use the -d flag as follows.

Next, you can also set the date or number of days (since January 1, 1970) on which the user’s account will no longer be accessible by using the -E switch as shown in the following command.

In this case, once a user’s account is locked, he/she is required to contact the system administrator before being able to use the system again.

Then, the -W option allows you to set the number of days of warning before a password change is required. Considering the command below, the user ravi will be warned 10 days prior to his password expiring.

In addition, you can set the number of days of inactivity after a password has expired before the account is locked. This example means that after user ravi’s password expires, his account will be inactive for 2 days before it is locked.

When the account becomes inactive, he must contact the system administrator before being able to use the system again.

For more information, refer to the chage man page.

Note that you can also change a user’s password expiration and aging information using the usermod command, which is actually intended for modifying a user account.

That’s it for now. Hoping you find this article informative and useful, if you have any questions to ask, use the feedback form below.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

We are thankful for your never ending support.

Источник

Linux turn OFF password expiration / aging

/etc/shadow stores actual password in encrypted format for user’s account with additional properties related to user password.

The password expiration information for a user is contained in the last 6 fields. Password expiration for a select user can be disabled by editing the /etc/shadow file

However I recommend using chage command. The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

To list current aging type chage command as follows:
# chage -l vivek
Output:

To disable password aging / expiration for user foo, type command as follows and set:
Minimum Password Age to 0
Maximum Password Age to 99999
Password Inactive to -1
Account Expiration Date to -1
Interactive mode command:
# chage username
OR
# chage -I -1 -m 0 -M 99999 -E -1 username

Updated for accuracy.

Category	List of Unix and Linux commands
Documentation	help • mandb • man • pinfo
Disk space analyzers	df • duf • ncdu • pydf
File Management	cat • cp • less • mkdir • more • tree
Firewall	Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Linux Desktop Apps	Skype • Spotify • VLC 3
Modern utilities	bat • exa
Network Utilities	NetHogs • dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • glances • gtop • jobs • killall • kill • pidof • pstree • pwdx • time • vtop
Searching	ag • grep • whereis • which
Shell builtins	compgen • echo • printf
Text processing	cut • rev
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

Comments on this entry are closed.

thanks a lot!! this really helped me!

Great advice, thanks !!

The simplest way to change the command-line version so that it actually works is as follows:
# chage -I -1 -m 0 -M 99999 -E -1 username

Most shells (certainly bash ) require escaping ‘-‘ characters.

wow this is the most retarded thing i have read today.
“-” does not need to be escaped in any shell as it has no special meaning, it is just a convention used in most unix programs to identify option parameters (it is a slash under most windows utils, e.g. “ipconfig /a”). characters you may need to escape are ” or ‘ or $ or ` and so on (see http://www.gnu.org/software/bash/manual/bashref.html#Quoting ).
you ‘may’ need to tell a program to not read a for example a file name “rm -my_file_name.txt” as an option via “rm — -my_file_name.txt” but thats about it.

the original code snippet /actually/ works without any escaping.

Источник

Turning off password expiration on Linux

I see a lot documents suggesting to use chage on Debian and Ubuntu, but apt-get update && apt-get install chage does not install the package. For example,

I found that I need to edit /etc/shadow . How exactly do I need to edit the root line below, so that my Linux does not ask me to change the password on the each log in?

I edited the root line as deong suggested

It stills asks for a password on log in.

What do I need to edit to remove password must be changed ? I also did chage -I -1 -m 0 -M 99999 -E -1 root , but it did not help.

1 Answer 1

describes the format of that file. Quoting from there, the fifth field is the maximum password age.

maximum password age The maximum password age is the number of days after which the user will have to change her password.

After this number of days is elapsed, the password may still be valid. The user should be asked to change her password the next time she will log in.

An empty field means that there are no maximum password age, no password warning period, and no password inactivity period (see below).

If the maximum password age is lower than the minimum password age, the user cannot change her password.

In your case, you’ve already hit the trigger, so you also need to get rid of the prompt to immediately change the password on the next login. Again consulting the man page.

date of last password change The date of the last password change, expressed as the number of days since Jan 1, 1970.

The value 0 has a special meaning, which is that the user should change her password the next time she will log in the system.

An empty field means that password aging features are disabled.

So you should also delete the zero from the third field. And once you’ve disabled that, there’s no need for the fourth one either.

So you should be able to delete the fifth field entirely to achieve what you want. As in

That said, I would generally advise against directly editing files like this unless you’re 100% sure you know what you’re doing.

Edit: Also, it appears that chage is part of the passwd package on Ubuntu, which I would have assumed you already had installed.

Источник

Linux Check User Password Expiration Date and Time

Linux check user password expiration using chage

1. Open the terminal application
2. Type chage -l userName command to display password expiration information for Linux user account.
3. The -l option passed to the change show account aging information.
4. Check tom user’s password expiry time, run: sudo chage -l tom

Let us see some examples and usage information in details.

View account again information on Linux

To see account aging information such as expiry date and time, enter:

To see account aging info for usernamed vivek, enter:
$ chage -l vivek
Sample outputs:

The above outputs indicates that password aging disabled.

Check the user account password expiry information on Linux

Let us try one more example:
$ sudo chage -l raj
Sample outputs:

It seems that user account scheduled to expire on 01/Jan/2013. You can use the grep command to filter out info too:
$ sudo chage -l raj | grep ‘Password expires’

Change password expiry date

You can set the maximum number of days during which a password is valid. For example, make sure password is valid for 90 days for user named jerry:
sudo chage -M 90 jerry
sudo chage -l jerry
Please note that passing the number -1 will remove checking a password’s validity:
sudo chage -M -1 tom
You can also set the minimum number of days between password changes:
sudo chage -m 30 jerry
However, a value of zero indicates that the user may change his/her password at any time:
sudo chage -m 0 marlena

Set expire date

The syntax is:
sudo chage -E EXPIRE_DATE userName
One can set the date or number of days since January 1, 1970 on which the user’s account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more mmonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.
sudo chage -E 2020-03-31 sai
Passing the number -1 as the EXPIRE_DATE will remove an account expiration date:
sudo chage -E -1 tristan

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Set warning for the user before password expires

Try using the following syntax to set the number of days of warning before a password change is required:
sudo chage -W WARN_DAYS userName
sudo chage -W 30 raj
The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire. Verify info with following command:
sudo chage -l raj

Conclusion

The chage command changes the number of days between password changes and the date of the last password change. The same command also check user password expiration date and time on Linux. See chage man page for more information here.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник