Lesson 8.2: Change passwords and adjust password aging for local user accounts
Change Password
Only root can change the password for another user using the command passwd
[root@sanjeeb ~]# passwd boss Changing password for user boss. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully.
Adjust password aging for local user accounts
Change user password expiry information chage
View the aging of user
[root@sanjeeb ~]# chage -l boss Last password change : Sep 27, 2024 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Explanation of Each Field:
Last password change:
- This field shows the date the user last changed their password.
- If this is the first time the user account is created or if the password hasn't been changed since creation, this field will reflect the creation date of the account.
Password expires:
- This value represents the date when the current password will expire, after which the user will need to change their password.
- If this is set to "never," it means that the password does not expire.
Password inactive:
- This field indicates the number of days after the password expires that the account becomes inactive (i.e., the user can no longer log in).
- If set to "never," the account will not become inactive after password expiration.
Account expires:
- This specifies the date when the account itself will expire, meaning the user will no longer be able to log in even with a valid password.
- "Never" indicates the account doesn't have an expiration date.
Minimum number of days between password change:
- This is the minimum number of days a user must wait before changing their password again after a change has been made.
- For example, if this is set to 7, the user must wait at least 7 days before they can change their password again.
Maximum number of days between password change:
- This field shows the maximum number of days a user can use a password before they are required to change it.
- For example, if this is set to 90, the user will need to change their password after 90 days.
Number of days of warning before password expires:
- This indicates the number of days before the password expires that the system will start warning the user about the upcoming password expiration.
- For instance, if set to 7, the system will start notifying the user 7 days before the password expires.
Chage Options
- -l : List all password aging information for the user.
- -m : Set the minimum number of days between password changes.
- -M : Set the maximum number of days the password is valid.
- -W : Set the number of days to warn the user before password expiration.
- -I : Set the number of inactive days after password expiration before the account is locked.
- -E : Set the account expiration date.
# Force user to change password on next login [root@sanjeeb ~]# chage -d 0 boss # After changing -d 0 then it shows [root@sanjeeb ~]# chage -l boss Last password change : password must be changed Password expires : password must be changed Password inactive : password must be changed Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 # After password is changed by logging in to boss [root@sanjeeb ~]# chage -l boss Last password change : Sep 27, 2024 # password changed date Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 # Set account to expire on December 31st 2024 [root@sanjeeb ~]# chage -E 2024-12-31 boss [root@sanjeeb ~]# chage -l boss Last password change : Sep 27, 2024 Password expires : never Password inactive : never Account expires : Dec 31, 2024 Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 # Remove account expiration [root@sanjeeb ~]# chage -E -1 boss [root@sanjeeb ~]# chage -l boss Last password change : Sep 27, 2024 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 # Set the password to expire in 30 days [root@sanjeeb ~]# chage -M 30 boss [root@sanjeeb ~]# chage -l boss Last password change : Sep 27, 2024 Password expires : Oct 27, 2024 Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 30 Number of days of warning before password expires : 7 # Remove password expiration [root@sanjeeb ~]# chage -M -1 boss [root@sanjeeb ~]# chage -l boss Last password change : Sep 27, 2024 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : -1 Number of days of warning before password expires : 7
Make davis' password validity stopping in one month.
[root@serverB ~]# chage -E $(date -d +30days +%Y-%m-%d) david [root@serverB ~]# chage -l david Last password change : Oct 31, 2024 Password expires : Nov 20, 2024 Password inactive : never Account expires : Nov 30, 2024 Minimum number of days between password change : 0 Maximum number of days between password change : 20 Number of days of warning before password expires : 10
Configuring Defaults
Default password age and requirements configuration can be made in /etc/login.defs
Example of chown (ownership and permission)
[root@sanjeeb /]# ls -ld mkt sls prod drwxr-xr-x. 2 root root 6 Sep 26 21:31 mkt drwxr-xr-x. 2 root root 6 Sep 26 21:31 prod drwxr-xr-x. 2 root root 6 Sep 26 21:31 sls # Chown <new owner>:<new group> <file/dir> [root@sanjeeb /]# chown boss:marketing mkt [root@sanjeeb /]# chown boss:sales sls [root@sanjeeb /]# chown boss:production prod [root@sanjeeb /]# ls -ld mkt sls prod drwxr-xr-x. 2 boss marketing 6 Sep 26 21:31 mkt drwxr-xr-x. 2 boss production 6 Sep 26 21:31 prod drwxr-xr-x. 2 boss sales 6 Sep 26 21:31 sls [root@sanjeeb /]# chmod 770 mkt prod sls [root@sanjeeb /]# ls -ld mkt sls prod drwxrwx---. 2 boss marketing 6 Sep 26 21:31 mkt drwxrwx---. 2 boss production 6 Sep 26 21:31 prod drwxrwx---. 2 boss sales 6 Sep 26 21:31 sls