To understand the chage command if might be best to make sure that you understand the /etc/shadow file, so lets look at a line from mine. Note that “:” is the field separator.
chris:$6$MZsU1MdDNVs50KaP$.sPNd90oOieOHAMwWt5rVB1:15188:0:99999:7:::
In the shadow file the fields are as follows:
- Username
- Password Hash
- Date of Last Password Change in days since the dawn of Unix Time
- Minimum Password Age
- Maximum Password Age
- Password Warning Period
- Password Inactive Period
- Account Expiration
The basic options of the chage command are as follows
- -M Max Days
- -m Min Days
- -I inactive
- -E Expiry Date
- -D 0 Force Password Change
So first lets take a look at the current settings for user “chris”. You will see that the entries below match the options listed above.
# chage -l chris
Last password change : Aug 02, 2011
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
So lets say that we want to force user chris to update his password on next login
#chage -d 0 chris
and then set a minimum number of days of 10 between password changes
#chage -m 10 chris
or set an expiration date of 10/10/2020
#chage -E 10/10/2020 chris
You get the idea…
Anyway the chage command can be run interactively as well if you do not pass any options to the command other than the username.
Additional Resources:
Managing Password Aging on AIX, Solaris, Linux
http://www.thegeekstuff.com/2009/04/chage-linux-password-expiration-and-aging/