Lesson 8.2: Change passwords and adjust password aging for local user accounts

Change Password

Only root can change the password for another user using the command passwd

[root@sanjeeb ~]# passwd boss 
Changing password for user boss.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

Adjust password aging for local user accounts

Change user password expiry information chage

View the aging of user

[root@sanjeeb ~]# chage -l boss 
Last password change					: Sep 27, 2024
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7

Explanation of Each Field:

Last password change:

  • This field shows the date the user last changed their password.
  • If this is the first time the user account is created or if the password hasn't been changed since creation, this field will reflect the creation date of the account.

Password expires:

  • This value represents the date when the current password will expire, after which the user will need to change their password.
  • If this is set to "never," it means that the password does not expire.

Password inactive:

  • This field indicates the number of days after the password expires that the account becomes inactive (i.e., the user can no longer log in).
  • If set to "never," the account will not become inactive after password expiration.

Account expires:

  • This specifies the date when the account itself will expire, meaning the user will no longer be able to log in even with a valid password.
  • "Never" indicates the account doesn't have an expiration date.

Minimum number of days between password change:

  • This is the minimum number of days a user must wait before changing their password again after a change has been made.
  • For example, if this is set to 7, the user must wait at least 7 days before they can change their password again.

Maximum number of days between password change:

  • This field shows the maximum number of days a user can use a password before they are required to change it.
  • For example, if this is set to 90, the user will need to change their password after 90 days.

Number of days of warning before password expires:

  • This indicates the number of days before the password expires that the system will start warning the user about the upcoming password expiration.
  • For instance, if set to 7, the system will start notifying the user 7 days before the password expires.

Chage Options

  • -l : List all password aging information for the user.
  • -m : Set the minimum number of days between password changes.
  • -M : Set the maximum number of days the password is valid.
  • -W : Set the number of days to warn the user before password expiration.
  • -I : Set the number of inactive days after password expiration before the account is locked.
  • -E : Set the account expiration date.
# Force user to change password on next login 
[root@sanjeeb ~]# chage -d 0 boss
# After changing -d 0 then it shows
[root@sanjeeb ~]# chage -l boss
Last password change					: password must be changed
Password expires					: password must be changed
Password inactive					: password must be changed
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7
 
# After password is changed by logging in to boss 
[root@sanjeeb ~]# chage -l boss 
Last password change					: Sep 27, 2024      # password changed date
Password expires					: never                 
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7
 
# Set account to expire on December 31st 2024
[root@sanjeeb ~]# chage -E 2024-12-31 boss
[root@sanjeeb ~]# chage -l boss 
Last password change					: Sep 27, 2024
Password expires					: never
Password inactive					: never
Account expires						: Dec 31, 2024
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7
 
# Remove account expiration
[root@sanjeeb ~]# chage -E -1 boss
[root@sanjeeb ~]# chage -l boss 
Last password change					: Sep 27, 2024
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 99999
Number of days of warning before password expires	: 7
 
# Set the password to expire in 30 days
[root@sanjeeb ~]# chage -M 30 boss
[root@sanjeeb ~]# chage -l boss 
Last password change					: Sep 27, 2024
Password expires					: Oct 27, 2024
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: 30
Number of days of warning before password expires	: 7
 
# Remove password expiration
[root@sanjeeb ~]# chage -M -1 boss 
[root@sanjeeb ~]# chage -l boss 
Last password change					: Sep 27, 2024
Password expires					: never
Password inactive					: never
Account expires						: never
Minimum number of days between password change		: 0
Maximum number of days between password change		: -1
Number of days of warning before password expires	: 7

Make davis' password validity stopping in one month.

[root@serverB ~]# chage -E $(date -d +30days +%Y-%m-%d) david
[root@serverB ~]# chage -l david
Last password change					: Oct 31, 2024
Password expires					: Nov 20, 2024
Password inactive					: never
Account expires						: Nov 30, 2024
Minimum number of days between password change		: 0
Maximum number of days between password change		: 20
Number of days of warning before password expires	: 10

Configuring Defaults

Default password age and requirements configuration can be made in /etc/login.defs

Example of chown (ownership and permission)

[root@sanjeeb /]# ls -ld mkt sls prod 
drwxr-xr-x. 2 root root 6 Sep 26 21:31 mkt
drwxr-xr-x. 2 root root 6 Sep 26 21:31 prod
drwxr-xr-x. 2 root root 6 Sep 26 21:31 sls
 
# Chown <new owner>:<new group> <file/dir>
[root@sanjeeb /]# chown boss:marketing mkt 
[root@sanjeeb /]# chown boss:sales sls 
[root@sanjeeb /]# chown boss:production prod 
 
[root@sanjeeb /]# ls -ld mkt sls prod 
drwxr-xr-x. 2 boss marketing  6 Sep 26 21:31 mkt
drwxr-xr-x. 2 boss production 6 Sep 26 21:31 prod
drwxr-xr-x. 2 boss sales      6 Sep 26 21:31 sls
 
[root@sanjeeb /]# chmod 770 mkt prod sls 
[root@sanjeeb /]# ls -ld mkt sls prod 
drwxrwx---. 2 boss marketing  6 Sep 26 21:31 mkt
drwxrwx---. 2 boss production 6 Sep 26 21:31 prod
drwxrwx---. 2 boss sales      6 Sep 26 21:31 sls
All systems normal

© 2025 2023 Sanjeeb KC. All rights reserved.