Linux Check User Password Expiration Date and Time

last updated in Categories , , , , ,

How do I check the user account password expiry information on Linux? How do I check users password expiry information under Linux operating systems?

One can easily check the user account password expiry information on Linux. The /etc/shadow files stores actual password in encrypted format for user’s account. You need to use the chage command. It can display password expiry information as well as changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.

Linux check user password expiration using chage

  1. Open the terminal application
  2. Type chage -l userName command to display password expiration information for Linux user account.
  3. The -l option passed to the change show account aging information.
  4. Check tom user’s password expiry time, run: sudo chage -l tom

Let us see some examples and usage information in details.

View account again information on Linux

To see account aging information such as expiry date and time, enter:

chage -l {userNameHere}
chage -l userNameHere

To see account aging info for usernamed vivek, enter:
$ chage -l vivek
Sample outputs:

Last password change					: Jan 10, 2012
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

The above outputs indicates that password aging disabled.

Check the user account password expiry information on Linux

Let us try one more example:
$ sudo chage -l raj
Sample outputs:

Last password change					: May 21, 2012
Password expires					: Jun 20, 2012
Password inactive					: never
Account expires						: Jan 01, 2013
Minimum number of days between password change		: 7
Maximum number of days between password change		: 30
Number of days of warning before password expires	: 7

It seems that user account scheduled to expire on 01/Jan/2013. You can use the grep command to filter out info too:
$ sudo chage -l raj | grep 'Password expires'

Change password expiry date

You can set the maximum number of days during which a password is valid. For example, make sure password is valid for 90 days for user named jerry:
sudo chage -M 90 jerry
sudo chage -l jerry

Please note that passing the number -1 will remove checking a password’s validity:
sudo chage -M -1 tom
You can also set the minimum number of days between password changes:
sudo chage -m 30 jerry
However, a value of zero indicates that the user may change his/her password at any time:
sudo chage -m 0 marlena

Set expire date

The syntax is:
sudo chage -E EXPIRE_DATE userName
One can set the date or number of days since January 1, 1970 on which the user’s account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more mmonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.
sudo chage -E 2020-03-31 sai
Passing the number -1 as the EXPIRE_DATE will remove an account expiration date:
sudo chage -E -1 tristan

Set warning for the user before password expires

Try using the following syntax to set the number of days of warning before a password change is required:
sudo chage -W WARN_DAYS userName
sudo chage -W 30 raj

The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire. Verify info with following command:
sudo chage -l raj
Linux Check User Password Expiration Date Time with chage

Conclusion

The chage command changes the number of days between password changes and the date of the last password change. The same command also check user password expiration date and time on Linux. See chage man page for more information here.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Notable Replies

  1. Use the chage command.

    chage -l root

    Last password change : Oct 26, 2018
    Password expires : never
    Password inactive : never
    Account expires : never
    Minimum number of days between password change : 0
    Maximum number of days between password change : 99999
    Number of days of warning before password expires : 7

Continue the discussion www.nixcraft.com

Participants

Historical Comment Archive

9 comment

  1. Is there a way to list just the expiration date ? (or any of the other specific fields reported by chage ?)

  2. Is it possible to get the time in addition to the date. On AIX, the password expiration warning includes the date and time. My password will expire tomorrow. It would be helpful to know what time it will expire so that I can determine how much time I’ll have tomorrow before it expires? If it’s going to expire early in the day, I may want to change it today. If it expires late in the day I may wait until tomorrow morning.

    Thanks.

    Jerry

  3. I have the same question as Jerry. Is it possible to know the last password change time in Linux?

  4. for account in $(cut -f1 -d: /etc/passwd); do echo "ACCOUNT: $account , EXPIRES: `chage -l $account | grep 'Account expires' | awk '{print $4, $5, $6}'`, CHANGED: `chage -l $account | grep 'Last password change' | awk '{print $5, $6, $7}'`"; done
    
  5. How do we check the same info when the linux server is connected to Active Directory and there is no value in /etc/passwd?

    Still, have a question? Get help on our forum!