Linux turn OFF password expiration / aging

by on May 22, 2007 · 17 comments· Last updated June 1, 2007

/etc/shadow stores actual password in encrypted format for user’s account with additional properties related to user password.

The password expiration information for a user is contained in the last 6 fields. Password expiration for a select user can be disabled by editing the /etc/shadow file

However I recommend using chage command. The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.

To list current aging type chage command as follows:
# chage -l vivek
Output:

Last password change                                    : May 22, 2007
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

To disable password aging / expiration for user foo, type command as follows and set:
Minimum Password Age to 0
Maximum Password Age to 99999
Password Inactive to -1
Account Expiration Date to -1
Interactive mode command:
# chage username
OR
# chage -I -1 -m 0 -M 99999 -E -1 username

Updated for accuracy.



You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

{ 17 comments… read them below or add one }

1 meme June 1, 2007 at 1:23 am

thanks a lot!! this really helped me!

Reply

2 Chris Ashdown May 7, 2010 at 8:51 am

Great advice, thanks !!

Reply

3 Ben July 11, 2007 at 10:41 pm

The simplest way to change the command-line version so that it actually works is as follows:
# chage -I \-1 -m 0 -M 99999 -E \-1 username

Most shells (certainly bash) require escaping ‘-’ characters.

Reply

4 Eason April 17, 2008 at 3:49 am

thousand thanks

Reply

5 question April 25, 2008 at 8:04 am

Any solution to set ACCOUNT EXPIRE after x days without login to the system instead of set a fix date?

Reply

6 James July 25, 2008 at 2:17 pm

Is there a way to do this to all user accounts at once? I’ve tried using “*”, but had no luck with that. Thanks.

Reply

7 vivek July 25, 2008 at 3:20 pm

James,

Try something as follows to list permission for all user (backup your /etc/passwd and /etc/shadow before you run following commands) :
awk -F':' '{ if ( $3 >= 1000 ) print $0 }' /etc/passwd | cut -d: -f1 | xargs -I {} chage -l {}

Replace chage -l with ‘chage -I -1 -m 0 -M 99999 -E -1′

awk -F':' '{ if ( $3 >= 1000 ) print $0 }' /etc/passwd | cut -d: -f1 | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}

Reply

8 Walter September 15, 2008 at 4:30 pm

Just to eliminate the unnecessary “cut”, make it:
awk -F':' '{ if ( $3 >= 1000 ) print $1 }' /etc/passwd | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}

Reply

9 praveen yenegalla April 26, 2011 at 4:55 am

Thanks alot.

Reply

10 Sureshkumar January 9, 2009 at 11:16 am

Hi ,

thanx …

Reply

11 Laxman March 25, 2009 at 6:08 am

awk -F’:’ ‘{ if ( $3 >= 1000 ) print $1 }’ /etc/passwd | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}

is helped me

Reply

12 Shankar April 7, 2009 at 2:00 pm

I get this error while executing the command,

[root@lnxtestsrv1 ~]# awk -F ':' '{ if ( $3 >= 1000 ) print $1 }' /etc/passwd | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}
xargs: invalid option -- I
Usage: xargs [-0prtx] [-E eof-str] [-e[eof-str]] [-I replace-str]
       [-i[replace-str]] [-L max-lines] [-l[max-lines]] [-n max-args]
       [-s max-chars] [-P max-procs] [--null] [--eof[=eof-str]]
       [--replace[=replace-str]] [--max-lines[=max-lines]] [--interactive]
       [--max-chars=max-chars] [--verbose] [--exit] [--max-procs=max-procs]
       [--max-args=max-args] [--no-run-if-empty] [--version] [--help]
       [command [initial-arguments]]
Report bugs to .

Reply

13 Vivek Gite April 7, 2009 at 4:28 pm

Can you tell me your UNIX / Linux distro version and xargs version?

Reply

14 Bindi Papadum March 6, 2011 at 5:01 pm

Very useful information. I used it immediately on some IT slobs I was outsourcing.

Reply

15 Mariano April 2, 2012 at 3:18 pm

Better to use ” -M -1 “: 99999 will expire after 99999 days, -1 tells no expiration needed!

Bye

Mariano

Reply

16 shaikmanazar@gmail.com June 4, 2012 at 12:56 pm

we can use ,below command as well for password agin

passwd -x -1 vivek

Reply

17 Nfarrow April 24, 2013 at 9:19 pm

I just use this, “chage -E -1 -M -1 username”

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 8 + 7 ?
Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.



Previous post:

Next post: