In Linux systems, ensuring strong security measures is paramount, and periodically updating passwords is a crucial aspect of maintaining system integrity.
There are situations in Linux where it’s necessary to compel users to change their passwords. This can be vital for security reasons or to enforce regular password updates.
Two effective ways to achieve this are by utilizing the passwd command and the chage command. In this article, we will discuss about this.
Table of Contents
Method 1: Using passwd Command to force the user to change password at Next login
The passwd command allows administrators to reset passwords for user accounts in Linux.
By applying the -e option along with the specific username, we can immediately expire the user’s password, compelling them to update their password during their next login attempt.
For example:
sudo passwd -e username
Replace username with the actual username of the user whose password you want to expire.
Method 2: Employing chage Command to force the user to change password at Next login
Another effective method involves utilizing the chage command with the -d 0 option followed by the username.
This command modifies the last password change date to 0, effectively enforcing a password change requirement for the user at their next login.
Here’s how:
sudo chage -d 0 username
Executing this command sets the last password change date to 0, prompting the user to update their password upon the next login.
Check user account info in Linux with chage command
After we run the above command, we can use chage -l command to display the aging-related information of user accounts. It stands for “change age” and provides comprehensive details regarding password aging, expiration, and other account-related settings.
# chage -l howtouselinux
Last password change : password must be changed
Password expires : password must be changed
Password inactive : password must be changed
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 1
Number of days of warning before password expires : 7
Here we can see that “password must be changed“. It indicats that it has reached the expiration date and requires an update.
When the user attempts to log in, they’ll be prompted to set a new password before they can access their account.
You are required to change your password immediately (administrator enforced)
The above message displayed might vary slightly depending on the Linux distribution or configuration, but it generally indicates that the password must be changed immediately due to administrator enforcement.
How to make Linux user password never expire
Security Enhancements of Ubuntu 23.10: Limited Unprivileged User Namespaces
Book Review: Practical Linux System Administration
2 ways to check user password expiration date in Linux