🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

Home » Learn » Linux Commands » chage

chage Command

Intermediate User Management man(1)

Change user password expiry information

👁 9 views 📅 Updated: Mar 15, 2026
SYNTAX
chage [OPTION]... USERNAME

What Does chage Do?

chage changes user password aging information. It manages password expiration policies including maximum age, minimum age, warning days, and account expiration.

chage is essential for enforcing password policies, meeting compliance requirements (PCI-DSS, HIPAA), and managing contractor/temporary accounts with automatic expiration.

chage interacts with the shadow password file (/etc/shadow) and requires root privileges to modify other users' settings. Users can view their own aging info with chage -l.

Options & Flags

OptionDescriptionExample
-l List password aging info for user chage -l jdoe
-M Maximum days between password changes sudo chage -M 90 jdoe
-m Minimum days between password changes sudo chage -m 7 jdoe
-W Warning days before password expires sudo chage -W 14 jdoe
-E Set account expiration date sudo chage -E 2025-12-31 contractor
-d Set date of last password change sudo chage -d 0 jdoe
-I Days of inactivity after password expires before account locks sudo chage -I 30 jdoe

Practical Examples

#1 View password info

Shows all password aging information for a user.
$ sudo chage -l jdoe
Output: Last password change: Jan 01, 2024 Password expires: Apr 01, 2024 Account expires: never

#2 Set 90-day password policy

Password expires after 90 days, cannot change within 7 days, warns 14 days before.
$ sudo chage -M 90 -m 7 -W 14 jdoe

#3 Force password change

Sets last change date to epoch 0, forcing password change on next login.
$ sudo chage -d 0 jdoe

#4 Set account expiration

Sets the account to expire on June 30, 2025.
$ sudo chage -E 2025-06-30 contractor

#5 Remove expiration

Removes account expiration date (account never expires).
$ sudo chage -E -1 jdoe

#6 Interactive mode

Interactively prompts for all aging parameters.
$ sudo chage jdoe

Tips & Best Practices

Compliance policies: For PCI-DSS: chage -M 90 -m 1 -W 14 -I 30 user. This sets 90-day expiry, 1-day minimum, 14-day warning, 30-day inactive lock.
Force change vs expire account: chage -d 0 forces password change at next login. chage -E date expires the entire account.
Users can view their own info: Users can run chage -l username to see their own password aging info. This is by design for self-service.

Frequently Asked Questions

How do I force a user to change password?
Use sudo chage -d 0 username. This sets the last password change to the epoch, forcing an immediate change on next login.
How do I set account expiration?
Use sudo chage -E YYYY-MM-DD username. Use -E -1 to remove expiration.
How do I set a password policy?
Use chage -M days for max age, -m days for min age, -W days for warning. Example: sudo chage -M 90 -m 7 -W 14 user.

Related Commands

passwd

Change user password

 useradd

Create a new user account

 usermod

Modify a user account

More User Management Commands

adduser

Add a user to the system (interactive, Debian-based)

 groupadd

Create a new group

 groups

Print group memberships for a user

 id

Print user and group IDs

 last

Show listing of last logged in users

 passwd

Change user password

 su

Switch user or become superuser

 sudo

Execute a command as another user (typically root)

 useradd

Create a new user account

 userdel

Delete a user account

 usermod

Modify a user account

 visudo

Safely edit the sudoers file
certbot Command 📋 All Commands chgrp Command →

Master Linux with Professional eBooks

Curated IT eBooks covering Linux, DevOps, Cloud, and more

Browse Books →