Linux User Password and Chage Command
Managing Linux User Passwords
In Linux, user passwords are managed using the passwd command. This command allows you to set or change a user's password securely.
Example:
sudo passwd usernameThis command prompts you to enter and confirm the new password for the specified user.
Shadow file entry structure
The /etc/shadow file contains password information for users. Each line in this file corresponds to a user and contains the following fields:
username:password:last_change:min:max:warn:inactive:expire:reserved
Where:
- username: The name of the user.
- password: The hashed password (or a placeholder like 'x' or '*').
- last_change: The last date the password was changed (in days since Jan 1, 1970).
- min: The minimum number of days before a password can be changed.
- max: The maximum number of days a password is valid.
- warn: The number of days before expiration that a warning is given.
- inactive: The number of days after expiration until the account is disabled.
- expire: The date when the account will expire (in days since Jan 1, 1970).
- reserved: Reserved for future use.
passwd command Options
| Option | Description |
|---|---|
-d |
Delete the password for the specified user. |
-e |
Expire the password immediately, forcing the user to change it on next login. |
-i |
Set the number of days after password expiration until the account is disabled. |
-l |
Lock the user's password, preventing login. |
-u |
Unlock the user's password, allowing login. |
-n |
Set the minimum number of days before a password can be changed. |
-x |
Set the maximum number of days a password is valid. |
-w |
Set the number of days before expiration that a warning is given. |
-y |
Set the number of days after expiration until the account is disabled. |
-f |
Set the number of days after password expiration until the account is disabled. |
-h |
Display help information for the command. |
-r |
Change the password for a user in the shadow file. |
-s |
Set the password for a user in the shadow file. |
Chage Command
The chage command is used to manage password aging policies for a user. It allows you to set expiration dates, warning periods, and more.
Syntax
chage [options] usernameOptions
| Option | Description |
|---|---|
-l |
Display the current password aging settings for a user. |
-M |
Set the maximum number of days a password is valid. |
-m |
Set the minimum number of days before a password can be changed. |
-W |
Set the number of days before expiration that a warning is given. |
-I |
Set the number of days after expiration until the account is disabled. |
-E |
Set the date when the account will expire. |
-h |
Display help information for the command. |
-r |
Change the password for a user in the shadow file. |
-s |
Set the password for a user in the shadow file. |
Note: The chage command requires superuser privileges to modify password aging settings.
Example
To set a password to expire after 90 days and give a warning 7 days before expiration:
sudo chage -M 90 -W 7 usernameTo view the current password aging settings for a user:
sudo chage -l username