1. Lock the password
# usermod -L testuser
# passwd -l testuser
2. Expire the user account
# chage -E0 testuser
3. Changing the shell
# usermod -s /sbin/nologin [username]
Verify if the account is locked or disabled.
1. Check if the user account is locked.Check for the flag *LK* in the below command output which indicates that the account is locked.
# passwd --status root root *LK* 2017-07-19 0 45 7 -1 (Password set, SHA512 crypt.)
Check for the lines Password expires and Account expires to check if the account password is expired.
# chage -l root Last password change : Jul 19, 2017 Password expires : Sep 02, 2017 Password inactive : never Account expires : Sep 02, 2017 Minimum number of days between password change : 0 Maximum number of days between password change : 45 Number of days of warning before password expires : 7
Check if the user shell has been changed to a non-interactive shell like /sbin/nologin.
# grep ^root /etc/passwd root:x:0:0:root:/root:/sbin/nologin
++++++++++++++++++++++++++++++++++++++++
Linux check user password expiration using chage
- Open the terminal application
- Type chage -l userName command to display password expiration information for Linux user account.
- The -l option passed to the change show account aging information.
- Check tom user’s password expiry time, run: sudo chage -l tom
View account again information on Linux
To see account aging information such as expiry date and time, enter:chage -l {userNameHere} chage -l userNameHere |
$ chage -l vivekSample outputs:
Last password change : Jan 10, 2012 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7The above outputs indicates that password aging disabled.
Check the user account password expiry information on Linux
Let us try one more example:$ sudo chage -l rajSample outputs:
Last password change : May 21, 2012 Password expires : Jun 20, 2012 Password inactive : never Account expires : Jan 01, 2013 Minimum number of days between password change : 7 Maximum number of days between password change : 30 Number of days of warning before password expires : 7It seems that user account scheduled to expire on 01/Jan/2013. You can use the grep command to filter out info too:
$ sudo chage -l raj | grep 'Password expires' Change password expiry date
You can set the maximum number of days during which a password is valid. For example, make sure password is valid for 90 days for user named jerry:sudo chage -M 90 jerry
sudo chage -l jerryPlease note that passing the number -1 will remove checking a password’s validity:
sudo chage -M -1 tomYou can also set the minimum number of days between password changes:
sudo chage -m 30 jerryHowever, a value of zero indicates that the user may change his/her password at any time:
sudo chage -m 0 marlenaSet expire date
The syntax is:sudo chage -E EXPIRE_DATE userNameOne can set the date or number of days since January 1, 1970 on which the user’s account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more mmonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again.
sudo chage -E 2020-03-31 saiPassing the number -1 as the EXPIRE_DATE will remove an account expiration date:
sudo chage -E -1 tristanSet warning for the user before password expires
Try using the following syntax to set the number of days of warning before a password change is required:sudo chage -W WARN_DAYS userName
sudo chage -W 30 rajThe WARN_DAYS option is the number of days prior to the password expiring that a user will be warned his/her password is about to expire. Verify info with following command:
sudo chage -l raj
No comments:
Post a Comment