Linux turn OFF password expiration / aging

/etc/shadow stores actual password in encrypted format for user’s account with additional properties related to user password.

ADVERTISEMENTS

The password expiration information for a user is contained in the last 6 fields. Password expiration for a select user can be disabled by editing the /etc/shadow file

However I recommend using chage command. The chage command changes the number of days between password changes and the date of the last password change. This information is used by the system to determine when a user must change his/her password.

To list current aging type chage command as follows:
# chage -l vivek
Output:

Last password change                                    : May 22, 2007
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7

To disable password aging / expiration for user foo, type command as follows and set:
Minimum Password Age to 0
Maximum Password Age to 99999
Password Inactive to -1
Account Expiration Date to -1
Interactive mode command:
# chage username
OR
# chage -I -1 -m 0 -M 99999 -E -1 username

Updated for accuracy.

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
25 comments… add one
  • meme Jun 1, 2007 @ 1:23

    thanks a lot!! this really helped me!

    • Chris Ashdown May 7, 2010 @ 8:51

      Great advice, thanks !!

  • Ben Jul 11, 2007 @ 22:41

    The simplest way to change the command-line version so that it actually works is as follows:
    # chage -I -1 -m 0 -M 99999 -E -1 username

    Most shells (certainly bash) require escaping ‘-‘ characters.

    • makefu Jun 10, 2014 @ 12:10

      wow this is the most retarded thing i have read today.
      “-” does not need to be escaped in any shell as it has no special meaning, it is just a convention used in most unix programs to identify option parameters (it is a slash under most windows utils, e.g. “ipconfig /a”). characters you may need to escape are ” or ‘ or $ or ` and so on (see http://www.gnu.org/software/bash/manual/bashref.html#Quoting ).
      you ‘may’ need to tell a program to not read a for example a file name “rm -my_file_name.txt” as an option via “rm — -my_file_name.txt” but thats about it.

      the original code snippet /actually/ works without any escaping.

  • Eason Apr 17, 2008 @ 3:49

    thousand thanks

  • question Apr 25, 2008 @ 8:04

    Any solution to set ACCOUNT EXPIRE after x days without login to the system instead of set a fix date?

  • James Jul 25, 2008 @ 14:17

    Is there a way to do this to all user accounts at once? I’ve tried using “*”, but had no luck with that. Thanks.

  • 🐧 nixCraft Jul 25, 2008 @ 15:20

    James,

    Try something as follows to list permission for all user (backup your /etc/passwd and /etc/shadow before you run following commands) :
    awk -F':' '{ if ( $3 >= 1000 ) print $0 }' /etc/passwd | cut -d: -f1 | xargs -I {} chage -l {}

    Replace chage -l with ‘chage -I -1 -m 0 -M 99999 -E -1’

    awk -F':' '{ if ( $3 >= 1000 ) print $0 }' /etc/passwd | cut -d: -f1 | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}

  • Walter Sep 15, 2008 @ 16:30

    Just to eliminate the unnecessary “cut”, make it:
    awk -F':' '{ if ( $3 >= 1000 ) print $1 }' /etc/passwd | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}

    • praveen yenegalla Apr 26, 2011 @ 4:55

      Thanks alot.

  • Sureshkumar Jan 9, 2009 @ 11:16

    Hi ,

    thanx …

  • Laxman Mar 25, 2009 @ 6:08

    awk -F’:’ ‘{ if ( $3 >= 1000 ) print $1 }’ /etc/passwd | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}

    is helped me

  • Shankar Apr 7, 2009 @ 14:00

    I get this error while executing the command,

    [root@lnxtestsrv1 ~]# awk -F ':' '{ if ( $3 >= 1000 ) print $1 }' /etc/passwd | xargs -I {} chage -I -1 -m 0 -M 99999 -E -1 {}
    xargs: invalid option -- I
    Usage: xargs [-0prtx] [-E eof-str] [-e[eof-str]] [-I replace-str]
           [-i[replace-str]] [-L max-lines] [-l[max-lines]] [-n max-args]
           [-s max-chars] [-P max-procs] [--null] [--eof[=eof-str]]
           [--replace[=replace-str]] [--max-lines[=max-lines]] [--interactive]
           [--max-chars=max-chars] [--verbose] [--exit] [--max-procs=max-procs]
           [--max-args=max-args] [--no-run-if-empty] [--version] [--help]
           [command [initial-arguments]]
    
    Report bugs to .
  • 🐧 nixCraft Apr 7, 2009 @ 16:28

    Can you tell me your UNIX / Linux distro version and xargs version?

  • Bindi Papadum Mar 6, 2011 @ 17:01

    Very useful information. I used it immediately on some IT slobs I was outsourcing.

  • Mariano Apr 2, 2012 @ 15:18

    Better to use ” -M -1 “: 99999 will expire after 99999 days, -1 tells no expiration needed!

    Bye

    Mariano

  • shaikmanazar@gmail.com Jun 4, 2012 @ 12:56

    we can use ,below command as well for password agin

    passwd -x -1 vivek

  • sayantan Mar 29, 2013 @ 6:29

    awk -F’:’ ‘{ if ( $3 >= 1000 ) print $0 }’ /etc/passwd | cut -d: -f1 | xargs -I {} chage -l {}
    Last password change : Aug 06, 2012
    Password expires : never
    Password inactive : never
    Account expires : never
    Minimum number of days between password change : 0
    Maximum number of days between password change : 99999
    Number of days of warning before password expires : 7

    I am getting only this much output.how can I change the policy for all user?

  • Nfarrow Apr 24, 2013 @ 21:19

    I just use this, “chage -E -1 -M -1 username”

  • TomD Nov 19, 2013 @ 21:31

    This info is great! A bunch of us have been wracking our brains for a couple of days trying to figure out a problem and this was the fix.

    Excellent!

  • cooldance84 Dec 27, 2013 @ 9:10

    Best and shortest solution is: passwd -x 99999

  • kishore Sep 23, 2015 @ 5:11
    $ chage -I -1 -m 0 -M 99999 -E -1 username

    “PERFECTLY WORKED”

  • Cameron Nov 28, 2015 @ 6:19

    Chage my password

  • Don Dec 10, 2015 @ 5:52

    i got big list with no heading (user id)

    awk -F':' '{ if ( $3 >= 1000 ) print $0 }' /etc/passwd | cut -d: -f1 | xargs -I {} chage -l {}

    I need user heading, is that possible ?

  • Aneesh Dec 30, 2015 @ 11:21

    How to revert this change to original value.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.