In this blog post, we will discuss three different ways to set the user account expiration date in Linux. The first way is to use the chage command, the second way is to use the usermod command and the third way is to use useradd command.
We will also discuss some of the benefits of using each method. Let’s get started!
Table of Contents
Difference between password expiration and account expiration
In Linux, password expiration and account expiration are two separate concepts.
Password expiration means that user needs to change the password on next login. The user still be able to login after resetting the password. This is a security measure to ensure that passwords are regularly updated and not compromised.
Here is the error message when your password is expired.
(test@howtouselinux) You are required to change your password immediately (password expired)
Current password:
(test@howtouselinux) New password:
In the case of account expiration, the user account will be locked. Hence it is not able to log in at all. This can be useful for temporary accounts that are only needed for a certain period of time.
Here is the error message when your account is expired.
Your account has expired; please contact your system administrator
change user password expiration date with chage command in Linux
To change the password expiration date for a user in Linux, you can use the chage command. Here are the steps:
1. Open the terminal and log in as root or a user with sudo privileges.
2. Run the following command to change the password expiration date for a user (replace username with the name of the user):
chage -M <max_days> <username>
The -M option specifies the maximum number of days between password changes.
That means that new password expiration date is = last password change date + max days.
For example, to set the maximum password age to 90 days for the user john, you can run the command:
chage -M 90 john
To view the current password aging settings for a user, you can run:
chage -l <username>
This will show you the current values for password aging options like maximum age, minimum age, warning period, and inactive period.
You can also set other password aging options with the chage command. For example, to set the minimum number of days required between password changes to 10, you can run:
chage -m 10 john
This will prevent the user from changing the password too frequently.
That’s it! You have successfully changed the password expiration date for a user in Linux using the chage command.
Let’s see an example.
[root@howtouselinux ~]# chage -l test1
Last password change : Mar 26, 2023
Password expires : May 25, 2023
Password inactive : Jun 24, 2023
Account expires : never
Minimum number of days between password change : 7
Maximum number of days between password change : 60
Number of days of warning before password expires : 7
[root@howtouselinux ~]# chage -M 90 test1
[root@howtouselinux ~]# chage -l test1
Last password change : Mar 26, 2023
Password expires : Jun 24, 2023
Password inactive : Jul 24, 2023
Account expires : never
Minimum number of days between password change : 7
Maximum number of days between password change : 90
Number of days of warning before password expires : 7
Here, we can see that the new password expiration date Jun 24, 2023 = Last password change date Mar 26, 2023 + Max days 90
You can use this command to remove a password expiration date. This can be useful if you want to set a user’s password to never expire.
To do this, you would run the following command:
chage -M -1 username
This will set the password expiration date to -1, which means that the password will never expire.
change user account expiration date with chage command in Linux
The easiest way to change the user account expiration date in Linux is using chage command. You need to be logged in as the root user and run the following command to change the account expiration date for a user:
chage -E YYYY-MM-DD USERNAME
Replace “YYYY-MM-DD” with the actual date you want the user’s account to expire on. Replace “USERNAME” with the actual username of the user you want to set the expiration date for.
Once you have run this command, the user’s account will expire on the date you specified.
sudo chage -E 2021-02-28 charlie
donnie@ubuntu-steemnode:~$ sudo chage -l charlie
Last password change : Oct 06, 2019
Password expires : Never
Password inactive : Jan 08, 2020
Account expires : Feb 28, 2021
Minimum number of days between password change : 3
Maximum number of days between password change : 90
Number of days of warning before password expires : 4
- The first row of the output reports the last date in which the password for the account was changed (Last_password_change).
- The second line reports the date in which the current password will expire (Password_expires). In this case the reported value is “never”, so the password expiration feature is disabled (the password will never expire).
- The third line show us the Password inactive date.
- On the fourth row we can check the account expiration date (Account expiration). As a value for this option we can provide a specific date or alternatively a number of days since “January 1, 1970”, after which the user account will be locked.
- On the next two lines we can see the minimum number of days which should pass between two password changes (Minimum number of days between password change), and the maximum number of days a password should be valid (Maximum number of days between password change).
- Finally, in the last row of the program output we can see how many days before the password expiration event a warning should be sent to the user. The current value is 4; it is irrelevant, however, since password expiration is disabled.
we can set a password expiration date using the -M option, in order to set the maximum number of days in which a password should be considered valid. For example to set the password validity to 30,
we would run:$ sudo chage -M 30 egdoc
The above command will set the password to expire 30 days from the last change.
change user account expiration date with usermod command in Linux
The usermod command is another way to set the account expiration date in Linux. To use the usermod command, you need to be logged in as the root user. usermod -e YYYY-MM-DD USERNAME
sudo usermod -e 2023-07-31 samson
sudo chage -l samson
change user account expiration date with useradd command in Linux
The third way to set the user account expiration date in Linux is to use the useradd command. To use the useradd command, you need to be logged in as the root user.
sudo useradd -e 2023-06-30 samson
sudo chage -l samson
To change the defaults in the useradd file, you can either hand-edit the file or use useradd -D with the appropriate option switch for the item that you want to change. For example, to set a default expiration date of December 31, 2023, the command would be as follows: sudo useradd -D -e 2023-12-31
To see the new configuration, you can either open the useradd file or just do sudo useradd -D:
[donnie@localhost ~]$ sudo useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=2023-12-31
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes
You’ve now set it so that any new user accounts that get created will have the same expiration date.
Each of these methods has its own benefits. The chage command is the most common way to set the user password expiration date in Linux because it is easy to use and it doesn’t require any additional packages to be installed.
The usermod command is a good choice if you are already using the usermod command for other tasks such as modifying the user’s home directory or shell. The useradd command is a good choice if you are already using the useradd command to create new users.
Which method do you prefer to use? Let us know in the comments below!