Hi, I'm Ataias Reis

Programmer, made in Brazil, Alma mater University of Brasilia

Administrating Linux users with the chage Command

When a system administrator wants see when a user last changed a password or wants to force a user to change it, there is a really nice command to come to the rescue: chage. I created a user called aluno and I started to check for its information:

$ sudo chage -l aluno
Last password change : Sep 16, 2016
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days
  between password change : 0
Maximum number of days
  between password change : 99999
Number of days of warning
  before password expires : 7

As we see, the user password was last changed on Sep 16, 2016 and it never expires nor gets inactive. This can be easily changed by using the command chage -M number_of_days and then checking the user info again:

$ sudo chage -M 10 aluno
$ sudo chage -l aluno
Last password change : Sep 16, 2016
Password expires : Sep 26, 2016
Password inactive : never
Account expires : never
Minimum number of days
  between password change : 0
Maximum number of days
  between password change : 10
Number of days of warning
  before password expires : 7

Now the user will have to change his password every 10 days, what doesn't sound like a very good idea. If you want to change it back to how it was before, just do sudo chage -M 99999 aluno.

If the administrator thinks the user should change the password immediatly, he just needs to do

$ sudo chage -d 0 aluno

When the user logs again, he will be asked to change its password. The following happens when I try to log again with aluno:

$ su aluno
Password:
You are required to change your
  password immediately (root enforced)
Changing password for aluno.
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:

You can set an expiration date for the user! Now I know how people at university set a date for my ssh account to expire! An example:

$ sudo chage -E 2016/12/31 aluno
$ sudo chage -l aluno
Last password change : Sep 16, 2016
Password expires : Sep 26, 2016
Password inactive : never
Account expires : Dec 31, 2016
Minimum number of days
  between password change : 0
Maximum number of days
  between password change : 10
Number of days of warning
  before password expires : 7

To cancel the expiration set, we can use chage -E -1 aluno.

That's all for this command for now =). Hope you enjoyed it, let me know if you spot anything wrong or have any suggestions!

Tags
comments powered by Disqus