The chage (change age) command allows you to modify user accounts for their expiration. Linux allows you to configure your accounts so they expire automatically if either of the following conditions is met:
1. the password was not changed within the specified time period;
2. if the system date exceeds a predetermined date.
These settings are controlled by the chage utility, which has the following syntax:
chage [-l] [-m mindays] [-M maxdays] [-d Lastday] [-I inactivedays]
[-E expired] [-W warndays] username
Displaying information
The -l option lets chage display account expiration information and password duration for a particular user:
$ chage-l mvps
Last password change: Dec 12, 2018
Password expires: never
Password inactive: never
Account expires: never
Minimum number of days between password change: 0
Maximum number of days between password change: 9999
Number of days of warning before password expires: 5
Set the minimum period between password changes
The -m mindays parameter sets the minimum number of days between password changes:
• 0 indicates that the user can change the password as many times as he wants within 24 hours;
• 1 indicates that the user can change the password once a day;
• 2 indicates that the user can change the password once every 2 days; and so on …
Set the maximum time between password changes
The -M maxdays parameter sets the maximum number of days that can pass between password changes. For example, 60 indicates a password change to 2 months.
Setting the last day when the password was changed
The -d lastday parameter shows when the last password was changed. Linux usually maintains this value automatically, but you can use this parameter to artificially alter the date when the password was changed. The lastdays value is expressed as YYYY/MM/DD, MMM/DD/YYY or even an integer showing the number of days that have passed since January 1, 1970.
Set the maximum number of inactive days
The -I inactivedays parameter sets the number of days between the expiration of the password and the deactivation of the account. An account expired can not be used, or it forces the user to change their password immediately after authentication (depending on distribution). A disabled account is completely inactive.
Setting the expiration date
An absolute expiration date with the -E expired parameter can be set. For example, if we write -E 2019/05/14, we will have an account that expires on May 14, 2019. The date may also be expressed as the number of days elapsed since January 1, 1970. The -1 value is an account which will never expire.
Set the number of warning days
The -W warndays parameter sets the number of days before the password expires when the system sends warning messages to the user. It’s a good idea to use this option to alert users to your password expiration. Please note that these warning messages only appear to users logged in to text mode. Users connected via a desktop environment will not receive these warnings.
If a user changes their password before the end date, the counter is reset and reported to the new date.
The chage command is normally only used by the root user. The only exception is when using the -l option (displaying current user password information) – the option allows regular users to learn about expiration of their own account.
Example: Establish that a user’s password will never expire
chage -m 0 -M 9999 username