Linux turn OFF password expiration / aging

Author: Vivek Gite Last updated: May 22, 2007 25 comments

/etc/shadow stores actual password in encrypted format for userâ€™s account with additional properties related to user password.

Category	List of Unix and Linux commands
File Management	cat
Firewall	Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Network Utilities	dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time
Searching	grep • whereis • which
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

ADVERTISEMENTS

25 comments… add one

meme Jun 1, 2007 @ 1:23

thanks a lot!! this really helped me!

Reply Link
- Chris Ashdown May 7, 2010 @ 8:51
  
  Great advice, thanks !!
  
  Reply Link
Ben Jul 11, 2007 @ 22:41

The simplest way to change the command-line version so that it actually works is as follows:
# chage -I -1 -m 0 -M 99999 -E -1 username

Most shells (certainly bash) require escaping ‘-‘ characters.

Reply Link
- makefu Jun 10, 2014 @ 12:10
  
  wow this is the most retarded thing i have read today.
  “-” does not need to be escaped in any shell as it has no special meaning, it is just a convention used in most unix programs to identify option parameters (it is a slash under most windows utils, e.g. “ipconfig /a”). characters you may need to escape are ” or ‘ or $ or ` and so on (see http://www.gnu.org/software/bash/manual/bashref.html#Quoting ).
  you ‘may’ need to tell a program to not read a for example a file name “rm -my_file_name.txt” as an option via “rm — -my_file_name.txt” but thats about it.
  
  the original code snippet /actually/ works without any escaping.
  
  Reply Link
Eason Apr 17, 2008 @ 3:49

thousand thanks

Reply Link
question Apr 25, 2008 @ 8:04

Any solution to set ACCOUNT EXPIRE after x days without login to the system instead of set a fix date?

Reply Link
James Jul 25, 2008 @ 14:17

Is there a way to do this to all user accounts at once? I’ve tried using “*”, but had no luck with that. Thanks.

Reply Link
🐧 nixCraft Jul 25, 2008 @ 15:20

James,

Try something as follows to list permission for all user (backup your /etc/passwd and /etc/shadow before you run following commands) :
awk -F':' '{ if ( $3 >= 1000 ) print $0 }' /etc/passwd | cut -d: -f1 | xargs -I {} chage -l {}

Replace chage -l with ‘chage -I -1 -m 0 -M 99999 -E -1’

awk -F':' '{ if ( $3 >= 1000 ) print $0 }' /etc/passwd | cut -d: -f1 | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}

Reply Link
Walter Sep 15, 2008 @ 16:30

Just to eliminate the unnecessary “cut”, make it:
awk -F':' '{ if ( $3 >= 1000 ) print $1 }' /etc/passwd | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}

Reply Link
- praveen yenegalla Apr 26, 2011 @ 4:55
  
  Thanks alot.
  
  Reply Link
Sureshkumar Jan 9, 2009 @ 11:16

Hi ,

thanx …

Reply Link
Laxman Mar 25, 2009 @ 6:08

awk -F’:’ ‘{ if ( $3 >= 1000 ) print $1 }’ /etc/passwd | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}

is helped me

Reply Link

Shankar Apr 7, 2009 @ 14:00

I get this error while executing the command,

[root@lnxtestsrv1 ~]# awk -F ':' '{ if ( $3 >= 1000 ) print $1 }' /etc/passwd | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}
xargs: invalid option -- I
Usage: xargs [-0prtx] [-E eof-str] [-e[eof-str]] [-I replace-str]
       [-i[replace-str]] [-L max-lines] [-l[max-lines]] [-n max-args]
       [-s max-chars] [-P max-procs] [--null] [--eof[=eof-str]]
       [--replace[=replace-str]] [--max-lines[=max-lines]] [--interactive]
       [--max-chars=max-chars] [--verbose] [--exit] [--max-procs=max-procs]
       [--max-args=max-args] [--no-run-if-empty] [--version] [--help]
       [command [initial-arguments]]

Report bugs to .

Reply Link

🐧 nixCraft Apr 7, 2009 @ 16:28

Can you tell me your UNIX / Linux distro version and xargs version?

Reply Link
Bindi Papadum Mar 6, 2011 @ 17:01

Very useful information. I used it immediately on some IT slobs I was outsourcing.

Reply Link
Mariano Apr 2, 2012 @ 15:18

Better to use ” -M -1 “: 99999 will expire after 99999 days, -1 tells no expiration needed!

Bye

Mariano

Reply Link
shaikmanazar@gmail.com Jun 4, 2012 @ 12:56

we can use ,below command as well for password agin

passwd -x -1 vivek

Reply Link
sayantan Mar 29, 2013 @ 6:29

awk -F’:’ ‘{ if ( $3 >= 1000 ) print $0 }’ /etc/passwd | cut -d: -f1 | xargs -I {} chage -l {}
Last password change : Aug 06, 2012
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

I am getting only this much output.how can I change the policy for all user?

Reply Link
Nfarrow Apr 24, 2013 @ 21:19

I just use this, “chage -E -1 -M -1 username”

Reply Link
TomD Nov 19, 2013 @ 21:31

This info is great! A bunch of us have been wracking our brains for a couple of days trying to figure out a problem and this was the fix.

Excellent!

Reply Link
cooldance84 Dec 27, 2013 @ 9:10

Best and shortest solution is: passwd -x 99999

Reply Link
kishore Sep 23, 2015 @ 5:11
```
$ chage -I -1 -m 0 -M 99999 -E -1 username
```
“PERFECTLY WORKED”
Reply Link
Cameron Nov 28, 2015 @ 6:19

Chage my password

Reply Link
Don Dec 10, 2015 @ 5:52

i got big list with no heading (user id)

awk -F':' '{ if ( $3 >= 1000 ) print $0 }' /etc/passwd | cut -d: -f1 | xargs -I {} chage -l {}

I need user heading, is that possible ?

Reply Link
Aneesh Dec 30, 2015 @ 11:21

How to revert this change to original value.

Reply Link