One can easily check the user account password expiry information on Linux. The /etc/shadow files stores actual password in encrypted format for user’s account. You need to use the chage command. It can display password expiry information as well as changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.
Linux check user password expiration using chage
- Open the terminal application
- Type chage -l userName command to display password expiration information for Linux user account.
- The -l option passed to the change show account aging information.
- Check tom user’s password expiry time, run: sudo chage -l tom
Let us see some examples and usage information in details.
View account again information on Linux
To see account aging information such as expiry date and time, enter:
chage -l {userNameHere} chage -l userNameHere
To see account aging info for usernamed vivek, enter:
$ chage -l vivek
Sample outputs:
Last password change : Jan 10, 2012 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
The above outputs indicates that password aging disabled.
Check the user account password expiry information on Linux
Let us try one more example:
$ sudo chage -l raj
Sample outputs:
Last password change : May 21, 2012 Password expires : Jun 20, 2012 Password inactive : never Account expires : Jan 01, 2013 Minimum number of days between password change : 7 Maximum number of days between password change : 30 Number of days of warning before password expires : 7
It seems that user account scheduled to expire on 01/Jan/2013. You can use the grep command to filter out info too:
$ sudo chage -l raj | grep 'Password expires'
Change password expiry date
You can set the maximum number of days during which a password is valid. For example, make sure password is valid for 90 days for user named jerry:
sudo chage -M 90 jerry
sudo chage -l jerry
Please note that passing the number -1 will remove checking a password’s validity:
sudo chage -M -1 tom
You can also set the minimum number of days between password changes:
sudo chage -m 30 jerry
However, a value of zero indicates that the user may change his/her password at any time:
sudo chage -m 0 marlena
Set expire date
The syntax is:
sudo chage -E EXPIRE_DATE userName
One can set the date or number of days since January 1, 1970 on which the user’s account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more mmonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.
sudo chage -E 2020-03-31 sai
Passing the number -1 as the EXPIRE_DATE will remove an account expiration date:
sudo chage -E -1 tristan
Set warning for the user before password expires
Try using the following syntax to set the number of days of warning before a password change is required:
sudo chage -W WARN_DAYS userName
sudo chage -W 30 raj
The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire. Verify info with following command:
sudo chage -l raj
Conclusion
The chage command changes the number of days between password changes and the date of the last password change. The same command also check user password expiration date and time on Linux. See chage man page for more information here.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 10 comments... add one ↓
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Is there a way to list just the expiration date ? (or any of the other specific fields reported by chage ?)
Really? just grep it or awk with a pipe… easy enough
Is it possible to get the time in addition to the date. On AIX, the password expiration warning includes the date and time. My password will expire tomorrow. It would be helpful to know what time it will expire so that I can determine how much time I’ll have tomorrow before it expires? If it’s going to expire early in the day, I may want to change it today. If it expires late in the day I may wait until tomorrow morning.
Thanks.
Jerry
I have the same question as Jerry. Is it possible to know the last password change time in Linux?
chage -l root | grep “Last password change” | awk -F”:” ‘{print $2}’
Hi!, i need known the expiration date of the all user with one script, it´s possible?
for account in $(cut -f1 -d: /etc/passwd); do echo "ACCOUNT: $account , EXPIRES: `chage -l $account | grep 'Account expires' | awk '{print $4, $5, $6}'`, CHANGED: `chage -l $account | grep 'Last password change' | awk '{print $5, $6, $7}'`"; doneHow do we check the same info when the linux server is connected to Active Directory and there is no value in /etc/passwd?
Does chage has ldap support?
My user account information is set in LDAP only.
There is no user account in local files.
No