One can easily check the user account password expiry information on Linux. The /etc/shadow files stores actual password in encrypted format for user’s account. You need to use the chage command. It can display password expiry information as well as changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.
Linux check user password expiration using chage
- Open the terminal application
- Type chage -l userName command to display password expiration information for Linux user account.
- The -l option passed to the change show account aging information.
- Check tom user’s password expiry time, run: sudo chage -l tom
Let us see some examples and usage information in details.
View account again information on Linux
To see account aging information such as expiry date and time, enter:
chage -l {userNameHere} chage -l userNameHere |
To see account aging info for usernamed vivek, enter:
$ chage -l vivek
Sample outputs:
Last password change : Jan 10, 2012 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
The above outputs indicates that password aging disabled.
Check the user account password expiry information on Linux
Let us try one more example:
$ sudo chage -l raj
Sample outputs:
Last password change : May 21, 2012 Password expires : Jun 20, 2012 Password inactive : never Account expires : Jan 01, 2013 Minimum number of days between password change : 7 Maximum number of days between password change : 30 Number of days of warning before password expires : 7
It seems that user account scheduled to expire on 01/Jan/2013. You can use the grep command to filter out info too:
$ sudo chage -l raj | grep 'Password expires'
Change password expiry date
You can set the maximum number of days during which a password is valid. For example, make sure password is valid for 90 days for user named jerry:
sudo chage -M 90 jerry
sudo chage -l jerry
Please note that passing the number -1 will remove checking a password’s validity:
sudo chage -M -1 tom
You can also set the minimum number of days between password changes:
sudo chage -m 30 jerry
However, a value of zero indicates that the user may change his/her password at any time:
sudo chage -m 0 marlena
Set expire date
The syntax is:
sudo chage -E EXPIRE_DATE userName
One can set the date or number of days since January 1, 1970 on which the user’s account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more mmonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.
sudo chage -E 2020-03-31 sai
Passing the number -1 as the EXPIRE_DATE will remove an account expiration date:
sudo chage -E -1 tristan
Set warning for the user before password expires
Try using the following syntax to set the number of days of warning before a password change is required:
sudo chage -W WARN_DAYS userName
sudo chage -W 30 raj
The WARN_DAYS option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire. Verify info with following command:
sudo chage -l raj
Conclusion
The chage command changes the number of days between password changes and the date of the last password change. The same command also check user password expiration date and time on Linux. See chage man page for more information here.
9 comment
Use the chage command.
chage -l root
Last password change : Oct 26, 2018
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7