Linux turn OFF password expiration / aging
/etc/shadow stores actual password in encrypted format for user’s account with additional properties related to user password.
The password expiration information for a user is contained in the last 6 fields. Password expiration for a select user can be disabled by editing the /etc/shadow file
However I recommend using chage command. The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.
To list current aging type chage command as follows:
# chage -l vivek
Output:
Last password change : May 22, 2007 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
To disable password aging / expiration for user foo, type command as follows and set:
Minimum Password Age to 0
Maximum Password Age to 99999
Password Inactive to -1
Account Expiration Date to -1
Interactive mode command:
# chage username
OR
# chage -I -1 -m 0 -M 99999 -E -1 username
Updated for accuracy.
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- FreeBSD: Password expiry / aging policy
- Linux set default password expiry for all new users
- Shell script to check / monitor domain renew / expiration date
- Howto: Protect account against a password cracking attack
- New LPI policy sucks
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
thanks a lot!! this really helped me!
The simplest way to change the command-line version so that it actually works is as follows:
# chage -I \-1 -m 0 -M 99999 -E \-1 username
Most shells (certainly
bash) require escaping ‘-’ characters.thousand thanks
Any solution to set ACCOUNT EXPIRE after x days without login to the system instead of set a fix date?
Is there a way to do this to all user accounts at once? I’ve tried using “*”, but had no luck with that. Thanks.
James,
Try something as follows to list permission for all user (backup your /etc/passwd and /etc/shadow before you run following commands) :
awk -F':' '{ if ( $3 >= 1000 ) print $0 }' /etc/passwd | cut -d: -f1 | xargs -I {} chage -l {}Replace chage -l with ‘chage -I -1 -m 0 -M 99999 -E -1′
awk -F':' '{ if ( $3 >= 1000 ) print $0 }' /etc/passwd | cut -d: -f1 | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}