{ 27 comments… read them below or add one }

1 Gautam kashyap April 23, 2009 at 10:00 pm

Hi ramesh,
this information is very useful for me .Thanks for publishing this article.

2 Neal April 24, 2009 at 12:36 pm

Thanks for all the good posts Ramesh/Dhineshkumar!

Another useful tip is to force users to change their password on next logon:

Just run “chage -d 0 “. This will unset the date the password was last changed and the account will require a new password on next logon. The message is something like “you are required to change your password (root enforced)”.

Great for new users as they get to choose their password.

3 Neal April 24, 2009 at 4:00 pm

Sorry that should have been :
chage -d 0 username
I must remember not to put things in brackets as they often vanish when submitted…

4 Ramesh Natarajan April 24, 2009 at 5:23 pm

@Gautam,
 
Thanks for your comments. I'm glad you found this article helpful.
 
@Neal,
 
Thanks a lot for the wonderful tip. For those who are interested, I've copy/pasted the output of the command suggested by Neal. i.e Following is the easy way to force users to change their password when they login. Please note that the "Last password change" value is changed to "password much be changed" after the chage -d 0.

# chage -l jsmith
Last password change                                    : Apr 23, 2009
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7


# chage -d 0 jsmith


# chage -l jsmith
Last password change                                    : password must be changed
Password expires                                        : never
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 99999
Number of days of warning before password expires       : 7
5 reaky May 20, 2009 at 6:22 am

V Good explaination, But I have a question,
How Can I change the expiration warining message for chage command ???

6 rmarquez June 9, 2009 at 12:05 am

I have a question. When a user in Linux wants to change their password, it won’t let them use a word based on a dictionary reference. Yet, as root it complains, but changes. What can I look at to determine why it won’t let a user change their own password if it’s a “dictionary” word? How can I put it back to where a user can change their password to whatever they want?

7 Mattias July 20, 2009 at 2:30 am

What repository is it available in? I can’t find it in neither etch nor lenny, main contib non-free..

8 Umer Asghar May 26, 2010 at 12:53 am

Very nice explanation

9 Rafael Padilha September 28, 2010 at 2:35 pm

Hello I Post in my blog an article like this and put a refer to this site.
my post is in pt-br.
thanks for the post thats help me a lot!

10 KeyPatel April 22, 2011 at 1:09 pm

Thanks for a very well written blog. Would you please epxlain what should we do if root itself is gets locked and how to prevent to be happening again.

11 K.Santhosh May 10, 2011 at 8:45 am

Hi Ramesh,

I have been reading your articles from last few months, its great site for newbies as we all as for experienced ones. People can learn a lot from this site.

To force the user to change the password at next login we will use the command
# chage -d 0

but here my question is , i want to make this as a default setting, which means whenever i create a new users, those users should be prompted to change the password at their first login. Please let me know how to do it..Thanks in advance.

12 Usama December 15, 2011 at 11:57 pm

Can anybody tell me how to change the password of root once its expired for a server
i am into same situation and worried abt it…………..ma boss is a hitler :(

13 Alamgir December 23, 2011 at 12:00 am

Thanks
Good information.

14 Prasanth January 2, 2012 at 10:39 am

we can also reset password settings using :
#chage -d -(any number) user name…….

15 Meghna March 19, 2012 at 4:51 am

“chage -d 0 username” command does not seem to work in few conditions.
I run this command in a script and check the return value for password expiration.
It shows return value as 0 (success) but it has not modified the value in /etc/shadow file and hence the password has not been expired.
Has this issue been observed by anyone?
What might have caused the same?
Please can someone help with this…

16 Gaurav April 1, 2012 at 10:25 pm

Meghna would like to inform you that the command you are using “chage -d 0 username” is only for the password prompt once we have reset the password of the user afterwards run that command “chage -d 0 username” & it will prompt to user to change his password at first login apart from that this command doesn’t do anything.I hope i have clear your query ;-)

Thanks,

17 Meghna April 2, 2012 at 12:45 am

Thanks Gaurav for your response. But im facing this issue. After the command is run, the value has to be set to “0″ in /etc/shadow file. Only in some situations, this is not happening and hence it is not prompting for password change during first login. I am not able to figure out why this is happening. Is it related in any way to selinux contexts or something else?

18 chandan June 28, 2012 at 10:57 am

If you want to do it for multiple users

awk -F’:’ ‘{ if ( $3 >= 1000 ) print $1 }’ /etc/passwd | xargs -I {} chage -I -1 -m 0 -M -1 -E -1 {}

19 vimal August 21, 2012 at 12:07 pm

Non expiry password for an user account in Linux set the following:

-m 0 will set the minimum number of days between password change to 0
-M 99999 will set the maximum number of days between password change to 99999
-I -1 (number minus one) will set the “Password inactive” to never
-E -1 (number minus one) will set “Account expires” to never.
# chage -m 0 -M 99999 -I -1 -E -1 dhinesh

# chage –list vimal
Last password change : Apr 23, 2009
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

Non-expiry in AIX
lsuser vimal
chuser maxage=0 (non-expiry) vimal

20 Franklyn August 30, 2012 at 1:43 am

Well you can just use this
chage -d -1 -M -1 dhinesh

Last password change : never
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : -1
Number of days of warning before password expires : 7

21 kanhaiya kumar September 23, 2012 at 6:12 am

very good exploitation of chage

22 MarcinEF October 1, 2012 at 9:52 pm

Thanks! Very helpfull!

23 Ade April 23, 2013 at 12:20 am

I want to replace the words “your account has expired; please contact your system administrator”

how to change the writing?

24 Vishesh Joshi June 30, 2013 at 4:12 am

Nice Its really very helpfull, I liked it so much

very usefull.

Thank u for this page & info :-) )

25 Arun September 18, 2013 at 3:13 am

Hi,

Please let me know the steps to download chage source in Ubuntu.
I am not able to download using

http://www.thegeekstuff.com/2010/02/get-source-code-for-any-linux-command/

arun@arun:~$ sudo apt-get source chage
Reading package lists… Done
Building dependency tree
Reading state information… Done
E: Unable to find a source package for chage

26 User October 18, 2013 at 9:41 am

Arun, Try apt-get source passwd

27 wildan April 24, 2014 at 9:54 am

is it will be usefull for dropbear or for openSSH only ? thanks

Leave a Comment

Previous post:

Next post: