How to Set Password Expiry Rules Using chage

How to Set Password Expiry Rules Using chage

Hey there! 👋 Welcome to this tutorial where we explore how to set password expiry rules for users in Linux using a simple but powerful command — chage.

As a system administrator or even a curious Linux learner, it's important to ensure that users change their passwords regularly. That's where chage comes in handy!

🔧 What is chage?

The chage command lets you view and update the password aging information for a user. You can control things like how often a user must change their password, how long before it expires they get a warning, and more.

📦 Step 1: Check If chage Is Installed

Most Linux distros come with chage pre-installed. Just to be sure, run:

which chage
/usr/bin/chage

If it doesn't show a path, you may need to install the passwd or shadow-utils package depending on your distro.

👤 Step 2: View Current Expiry Settings for a User

Let’s say you want to check expiry details for a user named john:

sudo chage -l john
Last password change                                    : Jul 02, 2025
Password expires                                        : Sep 30, 2025
Password inactive                                       : never
Account expires                                         : never
Minimum number of days between password change          : 0
Maximum number of days between password change          : 90
Number of days of warning before password expires       : 7

This output tells you when the password was last changed, when it will expire, and more.

✏️ Step 3: Set Password Expiry Rules

Now let’s set some rules for our user john.

Set the maximum number of days a password remains valid (e.g., 60 days):

sudo chage -M 60 john

Set the minimum number of days before a user can change password again (e.g., 1 day):

sudo chage -m 1 john

Set the number of days before password expiry to warn the user (e.g., 5 days):

sudo chage -W 5 john

Set account expiration date (e.g., disable account after Oct 31, 2025):

sudo chage -E 2025-10-31 john

You can combine multiple options in one command too:

sudo chage -M 60 -m 1 -W 5 -E 2025-10-31 john

✅ Step 4: Confirm the Changes

After setting the rules, verify them again:

sudo chage -l john

This helps confirm your new password aging policy has taken effect.

🔒 Why This Matters

Regularly expiring passwords is a critical step in securing user accounts — especially on multi-user or production Linux servers. With chage, you’re in full control of password policies!

And that's it! You're now ready to enforce password aging rules using chage. 💪

See you in the next lesson!